7.1
CVE-2025-64642 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
0.0
CVE-2025-13923 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.3
CVE-2025-13658 - Industrial Video & Control Longwatch has a Code Injection vulnerability
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
9.3
CVE-2025-13510 - Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
9.8
CVE-2025-13542 - DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to โฆ
8.8
CVE-2025-13633 - chromium-browser: Use after free in Digital Credentials
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2025-13720 - chromium-browser: Bad cast in Loader
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
7.5
CVE-2025-13721 - chromium-browser: Race in v8
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
3.5
CVE-2025-13640 - chromium-browser: Inappropriate implementation in Passwords
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
8.1
CVE-2025-13639 - chromium-browser: Inappropriate implementation in WebRTC
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)