8.5

CVSS3.1

CVE-2025-63534 -

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and e…

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 10 p.m.

9.6

CVSS3.1

CVE-2025-63525 -

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Jan. 6, 2026, 9:15 p.m.

9.6

CVSS3.1

CVE-2025-63532 -

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass au…

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 6:08 p.m.

9.6

CVSS3.1

CVE-2025-63535 -

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authen…

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 10 p.m.

8.1

CVSS3.1

CVE-2024-39148 -

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called β€˜magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 1:55 p.m.

5.3

CVSS3.1

CVE-2024-32388 -

Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 1:57 p.m.

6.5

CVSS3.1

CVE-2025-65403 -

A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 9:50 p.m.

8.8

CVSS3.1

CVE-2025-65840 -

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 6:58 p.m.

8.4

CVSS3.1

CVE-2025-61229 -

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 4:15 p.m.

7.8

CVSS3.1

CVE-2025-61228 -

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

πŸ“… Published: Dec. 1, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 7:45 p.m.
Total resulsts: 343887
Page 2347 of 34,389
Β« previous page Β» next page
Filters