7.5

CVSS3.1

CVE-2025-65857 -

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 6:20 p.m.

9.8

CVSS3.1

CVE-2025-65856 -

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical e…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 6:28 p.m.

8.8

CVSS3.1

CVE-2025-65817 -

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 6, 2026, 3:32 p.m.

6.1

CVSS3.1

CVE-2025-65790 -

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser …

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 4:26 p.m.

6.1

CVSS3.1

CVE-2025-65270 -

Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:51 p.m.

7.5

CVSS3.1

CVE-2025-63663 -

Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:44 p.m.

6.1

CVSS3.1

CVE-2024-25814 -

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:29 p.m.

6.1

CVSS3.1

CVE-2024-25812 -

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:29 p.m.

5.1

CVSS4.0

CVE-2025-15003 - SeaCMS admin_video.php sql injection

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

πŸ“… Published: Dec. 21, 2025, 11:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:16 a.m.

6.9

CVSS4.0

CVE-2025-15002 - SeaCMS mysqli.class.php sql injection

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to th…

πŸ“… Published: Dec. 21, 2025, 11:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6 a.m.
Total resulsts: 345229
Page 2091 of 34,523
Β« previous page Β» next page
Filters