6.8

CVSS3.1

CVE-2025-67173 -

A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 7:18 p.m.

5.3

CVSS3.1

CVE-2025-67168 -

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 7:18 p.m.

6.6

CVSS3.1

CVE-2025-65855 -

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate Oโ€ฆ

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 6, 2026, 3:09 p.m.

2.8

CVSS3.1

CVE-2025-65185 -

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 5, 2026, 3:06 p.m.

9.8

CVSS3.1

CVE-2025-67165 -

An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 2, 2026, 5:47 p.m.

4.3

CVSS3.1

CVE-2025-43536 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

๐Ÿ“… Published: Dec. 17, 2025, midnight ๐Ÿ”„ Last Modified: April 2, 2026, 7:21 p.m.

8.8

CVSS3.1

CVE-2025-14766 - chromium-browser: Google Chrome V8: Out-of-bounds read and write leads to heap corruption

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 16, 2025, 10:54 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

8.8

CVSS3.1

CVE-2025-14765 - chromium-browser: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruptโ€ฆ

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 16, 2025, 10:54 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

8.6

CVSS4.0

CVE-2025-34288 - Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 areย vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A userโ€‘accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a loweโ€ฆ

๐Ÿ“… Published: Dec. 16, 2025, 10:17 p.m. ๐Ÿ”„ Last Modified: March 5, 2026, 12:03 p.m.

8.7

CVSS4.0

CVE-2025-68274 - SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote aโ€ฆ

๐Ÿ“… Published: Dec. 16, 2025, 10:02 p.m. ๐Ÿ”„ Last Modified: March 5, 2026, 7:52 p.m.
Total resulsts: 345275
Page 2172 of 34,528
ยซ previous page ยป next page
Filters