8.6

CVSS3.1

CVE-2025-55221 -

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vโ€ฆ

๐Ÿ“… Published: Dec. 1, 2025, 3:25 p.m. ๐Ÿ”„ Last Modified: Dec. 5, 2025, 8:47 p.m.

7.1

CVSS3.1

CVE-2025-11699 - CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijackingโ€ฆ

๐Ÿ“… Published: Dec. 1, 2025, 3:17 p.m. ๐Ÿ”„ Last Modified: Dec. 19, 2025, 5:02 p.m.

4.3

CVSS3.1

CVE-2025-13129 - Business Logic Error in Seneka Software's Onaylarฤฑm

Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarฤฑm allows Functionality Misuse.This issue affects Onaylarฤฑm: from 25.09.26.01 through 18112025.

๐Ÿ“… Published: Dec. 1, 2025, 2:32 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6

CVSS4.0

CVE-2025-49643 - Frontend DoS vulnerability due to asymmetric resource consumption

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.

๐Ÿ“… Published: Dec. 1, 2025, 1:05 p.m. ๐Ÿ”„ Last Modified: Feb. 6, 2026, 3:28 p.m.

5.8

CVSS4.0

CVE-2025-49642 - Agent builds for AIX vulnerable to library loading hijacking

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

๐Ÿ“… Published: Dec. 1, 2025, 1:03 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS4.0

CVE-2025-27232 - Frontend arbitrary file read in oauth.authorize action

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

๐Ÿ“… Published: Dec. 1, 2025, 12:55 p.m. ๐Ÿ”„ Last Modified: Feb. 6, 2026, 3:23 p.m.

9.1

CVSS3.1

CVE-2025-12106 -

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

๐Ÿ“… Published: Dec. 1, 2025, 12:43 p.m. ๐Ÿ”„ Last Modified: Dec. 30, 2025, 2:52 p.m.

5.4

CVSS3.1

CVE-2025-13296 - CSRF in Tekrom Technology's T-Soft E-Commerce

Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.

๐Ÿ“… Published: Dec. 1, 2025, 11:51 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2025-58408 - GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in whicโ€ฆ

๐Ÿ“… Published: Dec. 1, 2025, 11:16 a.m. ๐Ÿ”„ Last Modified: Dec. 29, 2025, 3:04 p.m.

4.8

CVSS4.0

CVE-2025-41070 - Reflected Cross-site Scripting (XSS) in Sanoma's Clickedu

Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetes_varies.php'. This vulnerability can be exploited to steal sensitive user data, sucโ€ฆ

๐Ÿ“… Published: Dec. 1, 2025, 10:40 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 2868 of 34,919
ยซ previous page ยป next page
Filters