5.3

CVSS4.0

CVE-2025-15004 - DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

πŸ“… Published: Dec. 22, 2025, 12:02 a.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:01 a.m.

6.1

CVSS3.1

CVE-2025-67291 -

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 5:41 p.m.

9.6

CVSS3.1

CVE-2025-67289 -

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 5:45 p.m.

4.3

CVSS3.1

CVE-2024-35321 -

MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:50 p.m.

4.7

CVSS3.1

CVE-2025-26787 -

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certifi…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:48 p.m.

5.5

CVSS3.1

CVE-2025-68334 - platform/x86/amd/pmc: Add support for Van Gogh SoC

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally (non-X) SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 (s2idle causes a crash), this support was dropped by the Xbox Al…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: March 25, 2026, 11:16 a.m.

9.6

CVSS3.1

CVE-2024-27708 -

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:28 p.m.

5.5

CVSS3.1

CVE-2025-68333 - sched_ext: Fix possible deadlock in the deferred_irq_workfn()

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq, if the rq returned by container_of() is cur…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Feb. 26, 2026, 3:53 p.m.

5.5

CVSS3.1

CVE-2025-68326 - drm/xe/guc: Fix stack_depot usage

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stack_depot usage Add missing stack_depot_init() call when CONFIG_DRM_XE_DEBUG_GUC is enabled to fix the following call stack: [] BUG: kernel NULL pointer dereference, address: 0000000000000000 [] Workqueue: d…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 2:51 p.m.

0.0

CVE-2025-68327 - usb: renesas_usbhs: Fix synchronous external abort on unbind

In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f_ecm modprobe libco…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 2:51 p.m.
Total resulsts: 343968
Page 1962 of 34,397
Β« previous page Β» next page
Filters