9.8

CVSS3.1

CVE-2025-58386 -

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lo…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:27 p.m.

6.5

CVSS3.1

CVE-2025-65379 -

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 7:13 p.m.

6.1

CVSS3.1

CVE-2025-65215 -

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:59 p.m.

9.8

CVSS3.1

CVE-2025-65358 -

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 4:48 p.m.

6.1

CVSS3.1

CVE-2025-63872 -

DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Jan. 14, 2026, 7:21 p.m.

9.1

CVSS3.1

CVE-2025-59703 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:39 p.m.

7.2

CVSS3.1

CVE-2025-59697 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:31 p.m.

6.8

CVSS3.1

CVE-2025-59694 -

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the f…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:39 p.m.

7.1

CVSS3.1

CVE-2025-66448 - vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with ge…

πŸ“… Published: Dec. 1, 2025, 10:45 p.m. πŸ”„ Last Modified: Dec. 3, 2025, 5:52 p.m.

9.8

CVSS3.1

CVE-2025-66401 - MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via mali…

MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via …

πŸ“… Published: Dec. 1, 2025, 10:43 p.m. πŸ”„ Last Modified: Feb. 6, 2026, 4:34 p.m.
Total resulsts: 343923
Page 2337 of 34,393
Β« previous page Β» next page
Filters