7.5

CVSS3.1

CVE-2025-65844 -

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary c…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 6, 2025, 4:15 a.m.

9.8

CVSS3.1

CVE-2025-59693 -

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the …

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:41 p.m.

9.8

CVSS3.1

CVE-2025-59695 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:35 p.m.

6.8

CVSS3.1

CVE-2025-59698 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:42 p.m.

9.8

CVSS3.1

CVE-2025-60736 -

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:56 p.m.

5.4

CVSS3.1

CVE-2025-64070 -

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 8:13 p.m.

7.2

CVSS3.1

CVE-2025-59702 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:39 p.m.

6.1

CVSS3.1

CVE-2025-65881 -

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:57 p.m.

7.5

CVSS3.1

CVE-2025-65877 -

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:20 p.m.

6.5

CVSS3.1

CVE-2025-65657 -

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or executi…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:18 p.m.
Total resulsts: 343924
Page 2335 of 34,393
Β« previous page Β» next page
Filters