9.8

CVSS3.1

CVE-2025-63888 -

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 25, 2025, 3:40 p.m.

6.1

CVSS3.1

CVE-2025-60737 -

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Dec. 12, 2025, 3:32 p.m.

0.0

CVE-2025-63700 -

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 6:15 p.m.

4.3

CVSS3.1

CVE-2025-65226 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:24 p.m.

6.1

CVSS3.1

CVE-2025-64027 -

Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify th…

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 26, 2025, 4:15 p.m.

9.8

CVSS3.1

CVE-2025-60738 -

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Jan. 15, 2026, 6:57 p.m.

4.3

CVSS3.1

CVE-2025-65223 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:25 p.m.

6.5

CVSS3.1

CVE-2025-60794 -

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques…

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Dec. 12, 2025, 3:34 p.m.

5.1

CVSS4.0

CVE-2025-13423 - Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has …

πŸ“… Published: Nov. 19, 2025, 11:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 7:16 a.m.

6.9

CVSS4.0

CVE-2025-13422 - freeprojectscodes Sports Club Management System change_s_pwd.php sql injection

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploi…

πŸ“… Published: Nov. 19, 2025, 11:32 p.m. πŸ”„ Last Modified: Nov. 24, 2025, 2:49 p.m.
Total resulsts: 342301
Page 2269 of 34,231
Β« previous page Β» next page
Filters