7.3

CVSS3.1

CVE-2025-55948 -

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests…

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 12:19 a.m.

9.8

CVSS3.1

CVE-2025-54303 -

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credential…

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Dec. 16, 2025, 9 p.m.

9.8

CVSS3.1

CVE-2025-29269 -

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Dec. 16, 2025, 3:57 p.m.

6.6

CVSS3.1

CVE-2025-40261 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to complete before returning, and an error can cause ->ioerr_work to be queued after cancel_work_sync() ha…

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: March 25, 2026, 11:16 a.m.

7.5

CVSS3.1

CVE-2025-57213 -

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 10:15 p.m.

5.5

CVSS3.1

CVE-2025-14010 - Ansible-collection-community-general: ansible-collection-community-general: keycloak user module le…

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and pote…

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 8:41 p.m.

4.3

CVSS3.1

CVE-2025-63681 -

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

πŸ“… Published: Dec. 4, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 8:15 p.m.

8.6

CVSS4.0

CVE-2025-62173 - Authenticated SQL Injection in Endpoint Module Rest API

## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API

πŸ“… Published: Dec. 3, 2025, 11:14 p.m. πŸ”„ Last Modified: Feb. 13, 2026, 10:07 p.m.

6.4

CVSS3.1

CVE-2025-66404 - mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string fo…

πŸ“… Published: Dec. 3, 2025, 8:40 p.m. πŸ”„ Last Modified: Dec. 16, 2025, 7:07 p.m.

7.1

CVSS3.1

CVE-2025-66293 - LIBPNG has an out-of-bounds read in png_image_read_composite

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when proces…

πŸ“… Published: Dec. 3, 2025, 8:33 p.m. πŸ”„ Last Modified: Dec. 16, 2025, 7:12 p.m.
Total resulsts: 343968
Page 2314 of 34,397
Β« previous page Β» next page
Filters