6.1

CVSS3.1

CVE-2025-67025 -

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 30, 2026, 7:42 p.m.

6.1

CVSS3.1

CVE-2025-70891 -

A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attac…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 22, 2026, 4:01 p.m.

8.8

CVSS3.1

CVE-2025-67077 -

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 21, 2026, 2:45 p.m.

7.3

CVSS3.1

CVE-2025-67246 - Local Driver Vulnerability Allows Unprivileged Physical Memory Read and Privilege Escalation

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses.…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: April 20, 2026, 4 p.m.

7.5

CVSS3.1

CVE-2025-70304 -

A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 23, 2026, 5:36 p.m.

6.5

CVSS3.1

CVE-2025-70299 -

A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 30, 2026, 5:58 p.m.

6.1

CVSS3.1

CVE-2025-65368 -

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 22, 2026, 3:42 p.m.

8.8

CVSS3.1

CVE-2025-70893 -

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL e…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 22, 2026, 4 p.m.

9.4

CVSS3.1

CVE-2025-67822 -

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to g…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 21, 2026, 9:06 p.m.

4.9

CVSS3.1

CVE-2025-67081 -

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 23, 2026, 6:35 p.m.
Total resulsts: 349182
Page 2122 of 34,919
Β« previous page Β» next page
Filters