7.5

CVSS3.1

CVE-2025-55184 - next: React Server Components: Denial of Service via unsafe HTTP deserialization

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafelyโ€ฆ

๐Ÿ“… Published: Dec. 11, 2025, 8:05 p.m. ๐Ÿ”„ Last Modified: Dec. 15, 2025, 5:15 p.m.

5.3

CVSS3.1

CVE-2025-55183 - next: React Server Components: Source code exposure through crafted HTTP request

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically craftโ€ฆ

๐Ÿ“… Published: Dec. 11, 2025, 8:04 p.m. ๐Ÿ”„ Last Modified: Jan. 7, 2026, 4:26 p.m.

6.9

CVSS4.0

CVE-2025-14536 - code-projects Class and Exam Timetable Management Login index.php sql injection

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be launโ€ฆ

๐Ÿ“… Published: Dec. 11, 2025, 8:02 p.m. ๐Ÿ”„ Last Modified: Dec. 16, 2025, 7:02 p.m.

7.6

CVSS3.1

CVE-2025-13214 - IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQLย statements, which could allow the attacker to view, add, modify, or delete information in the back-endย database.

๐Ÿ“… Published: Dec. 11, 2025, 7:49 p.m. ๐Ÿ”„ Last Modified: Dec. 15, 2025, 7:03 p.m.

8.1

CVSS3.1

CVE-2025-13148 - IBM Aspera Orchestrator Unverified Password Change

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.

๐Ÿ“… Published: Dec. 11, 2025, 7:48 p.m. ๐Ÿ”„ Last Modified: Dec. 15, 2025, 7:06 p.m.

8.8

CVSS3.1

CVE-2025-13481 - IBM Aspera Orchestrator Command Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

๐Ÿ“… Published: Dec. 11, 2025, 7:47 p.m. ๐Ÿ”„ Last Modified: Dec. 15, 2025, 7:02 p.m.

5.3

CVSS3.1

CVE-2025-13211 - IBM Aspera Orchestrator Denial of Service

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

๐Ÿ“… Published: Dec. 11, 2025, 7:45 p.m. ๐Ÿ”„ Last Modified: Dec. 15, 2025, 7:04 p.m.

5.5

CVSS3.1

CVE-2024-42197 - HCL Workload Scheduler is vulnerable to plain text storage of a password

HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.

๐Ÿ“… Published: Dec. 11, 2025, 7:40 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS3.1

CVE-2025-36938 -

In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

๐Ÿ“… Published: Dec. 11, 2025, 7:35 p.m. ๐Ÿ”„ Last Modified: March 11, 2026, 4:16 p.m.

9.8

CVSS3.1

CVE-2025-36937 -

In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

๐Ÿ“… Published: Dec. 11, 2025, 7:35 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.
Total resulsts: 346544
Page 2392 of 34,655
ยซ previous page ยป next page
Filters