5.5

CVSS3.1

CVE-2025-66963 -

An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 6:05 p.m.

9.8

CVSS3.1

CVE-2025-65213 -

MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code executi…

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Jan. 7, 2026, 8:51 p.m.

5.3

CVSS3.1

CVE-2023-36338 -

Inventory Management System 1 was discovered to contain a SQL injection vulnerability.

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 10:32 p.m.

5.4

CVSS3.1

CVE-2025-66843 -

grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later exe…

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 3:39 p.m.

5.4

CVSS3.1

CVE-2025-65430 -

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Jan. 20, 2026, 7:02 p.m.

4.3

CVSS3.1

CVE-2025-66436 -

An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom …

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 5:54 p.m.

7.5

CVSS3.1

CVE-2025-65176 -

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUS_LOGON_FAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the netwo…

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Jan. 7, 2026, 8:46 p.m.

4.3

CVSS3.1

CVE-2025-66435 -

An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (contract_terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a c…

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 23, 2025, 5:56 p.m.

6.5

CVSS3.1

CVE-2025-55901 -

TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 7:20 p.m.

6.5

CVSS3.1

CVE-2025-55893 -

TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName.

πŸ“… Published: Dec. 15, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 7:20 p.m.
Total resulsts: 349182
Page 2613 of 34,919
Β« previous page Β» next page
Filters