4.3

CVSS3.1

CVE-2025-43541 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: April 2, 2026, 6:09 p.m.

2.8

CVSS3.1

CVE-2025-65185 -

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 3:06 p.m.

6.1

CVSS3.1

CVE-2025-65233 -

Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 2:26 p.m.

6.5

CVSS3.1

CVE-2025-67074 -

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 7:44 p.m.

9.8

CVSS3.1

CVE-2025-67165 -

An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 5:47 p.m.

7.2

CVSS3.1

CVE-2025-66923 -

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 7:52 p.m.

7.8

CVSS3.1

CVE-2025-67792 -

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 8:16 p.m.

6.8

CVSS3.1

CVE-2025-67173 -

A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 7:18 p.m.

8.8

CVSS3.1

CVE-2025-14766 - chromium-browser: Google Chrome V8: Out-of-bounds read and write leads to heap corruption

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: Dec. 16, 2025, 10:54 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

8.8

CVSS3.1

CVE-2025-14765 - chromium-browser: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corrupt…

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: Dec. 16, 2025, 10:54 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.
Total resulsts: 345187
Page 2163 of 34,519
Β« previous page Β» next page
Filters