7.1

CVSS3.1

CVE-2025-14701 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Contโ€ฆ

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

๐Ÿ“… Published: Dec. 17, 2025, 12:04 a.m. ๐Ÿ”„ Last Modified: Dec. 23, 2025, 9:22 p.m.

8.4

CVSS3.1

CVE-2025-67794 -

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:16 p.m.

7.2

CVSS3.1

CVE-2025-67172 -

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 7:18 p.m.

7.3

CVSS3.1

CVE-2025-67285 -

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaninโ€ฆ

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 5:46 p.m.

9.6

CVSS3.1

CVE-2025-67787 -

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 3:55 p.m.

7.8

CVSS3.1

CVE-2025-53919 -

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevationโ€ฆ

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 2:55 p.m.

9.8

CVSS3.1

CVE-2025-67791 -

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:16 p.m.

9.8

CVSS3.1

CVE-2022-23851 -

Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 5, 2026, 3:17 p.m.

7.8

CVSS3.1

CVE-2025-53398 -

The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 2:58 p.m.

5.3

CVSS3.1

CVE-2024-29370 - python-jose: python-jose: Denial-of-Service via malicious JSON Web Encryption (JWE) token decompresโ€ฆ

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significanโ€ฆ

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 5, 2026, 3:14 p.m.
Total resulsts: 345149
Page 2156 of 34,515
ยซ previous page ยป next page
Filters