9.3

CVSS4.0

CVE-2025-14733 - WatchGuard Firebox iked Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability a…

πŸ“… Published: Dec. 19, 2025, 12:01 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:07 p.m.

7.6

CVSS3.1

CVE-2025-67442 -

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:57 p.m.

6.4

CVSS3.1

CVE-2025-67845 -

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 3:52 p.m.

8.3

CVSS3.1

CVE-2025-67843 -

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:07 p.m.

4.9

CVSS3.1

CVE-2025-67846 -

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contain…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 3:46 p.m.

9.8

CVSS3.1

CVE-2025-63665 -

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:58 p.m.

7.5

CVSS3.1

CVE-2025-66905 -

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 6, 2026, 3:52 p.m.

6.1

CVSS3.1

CVE-2025-66906 -

Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 7:57 p.m.

7.5

CVSS3.1

CVE-2025-50681 -

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type c…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:45 p.m.

4.3

CVSS3.1

CVE-2025-14969 - Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http clien…

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhaust…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 2501 of 34,919
Β« previous page Β» next page
Filters