7.5

CVSS3.1

CVE-2025-13886 - LT Unleashed <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the `book` shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and a…

πŸ“… Published: Dec. 12, 2025, 2:20 a.m. πŸ”„ Last Modified: April 21, 2026, 1 a.m.

6.4

CVSS3.1

CVE-2025-13839 - LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode At…

The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'ljuser' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…

πŸ“… Published: Dec. 12, 2025, 2:20 a.m. πŸ”„ Last Modified: April 22, 2026, 12:30 a.m.

5.4

CVSS4.0

CVE-2025-13665 - Quartus Prime Standard Security Advisory

The System Console Utility for Windows is vulnerable to a DLL planting vulnerability

πŸ“… Published: Dec. 12, 2025, 2:18 a.m. πŸ”„ Last Modified: Jan. 12, 2026, 3:08 p.m.

8.2

CVSS3.1

CVE-2025-10451 - H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.

πŸ“… Published: Dec. 12, 2025, 12:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.6

CVSS3.1

CVE-2025-67344 -

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 8:15 p.m.

9.8

CVSS3.1

CVE-2025-65854 -

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 8:02 p.m.

7.2

CVSS3.1

CVE-2025-67818 -

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or o…

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 3:43 p.m.

8.8

CVSS3.1

CVE-2025-65530 -

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 8 p.m.

4.9

CVSS3.1

CVE-2025-67819 -

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files access…

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 3:38 p.m.

4.6

CVSS3.1

CVE-2025-67341 -

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users.

πŸ“… Published: Dec. 12, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 8:15 p.m.
Total resulsts: 346449
Page 2376 of 34,645
Β« previous page Β» next page
Filters