4.3

CVSS3.1

CVE-2025-58477 -

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

๐Ÿ“… Published: Dec. 2, 2025, 1:24 a.m. ๐Ÿ”„ Last Modified: Dec. 5, 2025, 7:12 p.m.

4.2

CVSS3.1

CVE-2025-58476 -

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

๐Ÿ“… Published: Dec. 2, 2025, 1:24 a.m. ๐Ÿ”„ Last Modified: Dec. 5, 2025, 7:13 p.m.

5.6

CVSS3.1

CVE-2025-58475 -

Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

๐Ÿ“… Published: Dec. 2, 2025, 1:24 a.m. ๐Ÿ”„ Last Modified: Dec. 5, 2025, 7:14 p.m.

6.2

CVSS3.1

CVE-2025-21080 -

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.

๐Ÿ“… Published: Dec. 2, 2025, 1:23 a.m. ๐Ÿ”„ Last Modified: Dec. 5, 2025, 8:10 p.m.

5.7

CVSS3.1

CVE-2025-21072 -

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

๐Ÿ“… Published: Dec. 2, 2025, 1:23 a.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

9.8

CVSS3.1

CVE-2025-60854 -

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

๐Ÿ“… Published: Dec. 2, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 6, 2025, midnight

3.5

CVSS3.1

CVE-2025-65858 -

A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.

๐Ÿ“… Published: Dec. 2, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 23, 2025, 1:08 p.m.

7.5

CVSS3.1

CVE-2025-65844 -

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary cโ€ฆ

๐Ÿ“… Published: Dec. 2, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 6, 2025, 4:15 a.m.

9.8

CVSS3.1

CVE-2025-59693 -

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the โ€ฆ

๐Ÿ“… Published: Dec. 2, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 15, 2025, 1:41 p.m.

9.8

CVSS3.1

CVE-2025-59695 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

๐Ÿ“… Published: Dec. 2, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 15, 2025, 1:35 p.m.
Total resulsts: 345192
Page 2461 of 34,520
ยซ previous page ยป next page
Filters