9.8

CVSS3.1

CVE-2025-59693 -

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the …

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:41 p.m.

9.8

CVSS3.1

CVE-2025-59695 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:35 p.m.

6.8

CVSS3.1

CVE-2025-59698 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:42 p.m.

9.8

CVSS3.1

CVE-2025-60736 -

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:56 p.m.

5.4

CVSS3.1

CVE-2025-64070 -

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 8:13 p.m.

7.2

CVSS3.1

CVE-2025-59702 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:39 p.m.

6.1

CVSS3.1

CVE-2025-65881 -

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:57 p.m.

7.5

CVSS3.1

CVE-2025-65877 -

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:20 p.m.

6.5

CVSS3.1

CVE-2025-65657 -

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or executi…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:18 p.m.

6.5

CVSS3.1

CVE-2025-65380 -

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 7:01 p.m.
Total resulsts: 345234
Page 2466 of 34,524
Β« previous page Β» next page
Filters