7.8
CVE-2025-66476 - Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves eβ¦
8.7
CVE-2025-62575 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
8.4
CVE-2025-64778 - Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
8.7
CVE-2025-61940 - Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest versiβ¦
8.6
CVE-2025-64298 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configurβ¦
7.1
CVE-2025-64642 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
0.0
CVE-2025-13923 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.3
CVE-2025-13658 - Industrial Video & Control Longwatch has a Code Injection vulnerability
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
9.3
CVE-2025-13510 - Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
9.8
CVE-2025-13542 - DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to β¦