5.1

CVSS4.0

CVE-2025-14011 - JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. Th…

πŸ“… Published: Dec. 4, 2025, 5:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:16 a.m.

8.4

CVSS3.1

CVE-2025-66516 - Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to e…

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as inΒ CVE-2025-549…

πŸ“… Published: Dec. 4, 2025, 4:17 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

5.6

CVSS3.1

CVE-2025-8074 -

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.

πŸ“… Published: Dec. 4, 2025, 3:17 p.m. πŸ”„ Last Modified: Feb. 4, 2026, 4:26 p.m.

7.8

CVSS3.1

CVE-2025-54160 -

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

πŸ“… Published: Dec. 4, 2025, 3:14 p.m. πŸ”„ Last Modified: Feb. 4, 2026, 4:26 p.m.

7.5

CVSS3.1

CVE-2025-54159 -

Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.

πŸ“… Published: Dec. 4, 2025, 3:13 p.m. πŸ”„ Last Modified: Feb. 4, 2026, 4:26 p.m.

7.8

CVSS3.1

CVE-2025-54158 -

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

πŸ“… Published: Dec. 4, 2025, 3:13 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:27 p.m.

6.3

CVSS3.1

CVE-2025-2848 -

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

πŸ“… Published: Dec. 4, 2025, 3:05 p.m. πŸ”„ Last Modified: Feb. 9, 2026, 9:38 p.m.

5.1

CVSS4.0

CVE-2025-14008 - dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate t…

πŸ“… Published: Dec. 4, 2025, 3:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 5:39 a.m.

7.2

CVSS3.1

CVE-2025-29846 -

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

πŸ“… Published: Dec. 4, 2025, 3:01 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

4.3

CVSS3.1

CVE-2025-29845 -

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

πŸ“… Published: Dec. 4, 2025, 3:01 p.m. πŸ”„ Last Modified: Dec. 5, 2025, 9:43 p.m.
Total resulsts: 344064
Page 2312 of 34,407
Β« previous page Β» next page
Filters