8.8

CVSS3.1

CVE-2025-57201 -

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 23, 2025, 12:32 a.m.

9.8

CVSS3.1

CVE-2025-64055 -

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 9, 2026, 2:18 a.m.

5.5

CVSS3.1

CVE-2025-63401 -

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:31 p.m.

9

CVSS3.1

CVE-2025-65267 -

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting (XSS). Successful exploiโ€ฆ

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 5, 2025, 6:35 p.m.

6.1

CVSS3.1

CVE-2025-57202 -

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 9:04 p.m.

9.1

CVSS3.1

CVE-2025-65868 -

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 16, 2025, 7:13 p.m.

7.5

CVSS3.1

CVE-2025-65320 -

Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt.

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 9:02 p.m.

5.5

CVSS3.1

CVE-2025-63402 -

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:29 p.m.

6.2

CVSS3.1

CVE-2025-62686 -

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment vโ€ฆ

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:53 p.m.

6.2

CVSS3.1

CVE-2025-65841 -

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate โ€ฆ

๐Ÿ“… Published: Dec. 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 18, 2025, 8:52 p.m.
Total resulsts: 343970
Page 2323 of 34,397
ยซ previous page ยป next page
Filters