7.5

CVSS3.1

CVE-2025-65857 -

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 6:20 p.m.

9.8

CVSS3.1

CVE-2025-65856 -

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical e…

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 6:28 p.m.

6.1

CVSS3.1

CVE-2025-65270 -

Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:51 p.m.

6.1

CVSS3.1

CVE-2024-25814 -

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:29 p.m.

6.1

CVSS3.1

CVE-2024-25812 -

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:29 p.m.

7.0

CVSS3.1

CVE-2025-68331 - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to …

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-67436 -

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:58 p.m.

7.5

CVSS3.1

CVE-2025-66735 -

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

πŸ“… Published: Dec. 22, 2025, midnight πŸ”„ Last Modified: Jan. 6, 2026, 3:18 p.m.

5.1

CVSS4.0

CVE-2025-15003 - SeaCMS admin_video.php sql injection

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

πŸ“… Published: Dec. 21, 2025, 11:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:16 a.m.

6.9

CVSS4.0

CVE-2025-15002 - SeaCMS mysqli.class.php sql injection

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to th…

πŸ“… Published: Dec. 21, 2025, 11:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6 a.m.
Total resulsts: 346661
Page 2233 of 34,667
Β« previous page Β» next page
Filters