9.8

CVSS3.1

CVE-2025-59695 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 1:35 p.m.

6.8

CVSS3.1

CVE-2025-59698 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:42 p.m.

9.8

CVSS3.1

CVE-2025-60736 -

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:56 p.m.

5.4

CVSS3.1

CVE-2025-64070 -

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 8:13 p.m.

7.2

CVSS3.1

CVE-2025-59702 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:39 p.m.

6.1

CVSS3.1

CVE-2025-65881 -

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 6:57 p.m.

7.5

CVSS3.1

CVE-2025-65877 -

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:20 p.m.

6.5

CVSS3.1

CVE-2025-65657 -

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or executi…

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 6:18 p.m.

6.5

CVSS3.1

CVE-2025-65380 -

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 4, 2025, 7:01 p.m.

6.8

CVSS3.1

CVE-2025-59705 -

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.

πŸ“… Published: Dec. 2, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 7:39 p.m.
Total resulsts: 345253
Page 2468 of 34,526
Β« previous page Β» next page
Filters