6.5

CVSS3.1

CVE-2025-67074 -

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 7:44 p.m.

7.2

CVSS3.1

CVE-2025-66923 -

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 7:52 p.m.

7.8

CVSS3.1

CVE-2025-67792 -

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:16 p.m.

9.8

CVSS3.1

CVE-2025-67165 -

An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 5:47 p.m.

6.8

CVSS3.1

CVE-2025-67173 -

A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 7:18 p.m.

4.3

CVSS3.1

CVE-2025-43535 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: April 2, 2026, 6:23 p.m.

8.8

CVSS3.1

CVE-2025-14766 - chromium-browser: Google Chrome V8: Out-of-bounds read and write leads to heap corruption

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 16, 2025, 10:54 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

8.8

CVSS3.1

CVE-2025-14765 - chromium-browser: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruptโ€ฆ

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 16, 2025, 10:54 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

8.6

CVSS4.0

CVE-2025-34288 - Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 areย vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A userโ€‘accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a loweโ€ฆ

๐Ÿ“… Published: Dec. 16, 2025, 10:17 p.m. ๐Ÿ”„ Last Modified: March 5, 2026, 12:03 p.m.

8.7

CVSS4.0

CVE-2025-68274 - SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote aโ€ฆ

๐Ÿ“… Published: Dec. 16, 2025, 10:02 p.m. ๐Ÿ”„ Last Modified: March 5, 2026, 7:52 p.m.
Total resulsts: 345165
Page 2161 of 34,517
ยซ previous page ยป next page
Filters