9

CVSS3.1

CVE-2025-63729 -

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 30, 2025, 5:17 p.m.

4.8

CVSS3.1

CVE-2025-64049 -

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the comp…

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 3, 2025, 5:06 p.m.

6.5

CVSS3.1

CVE-2025-61167 -

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 1, 2025, 2:20 p.m.

8.8

CVSS3.1

CVE-2025-64064 -

Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP_SECURIT…

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 1, 2025, 2:22 p.m.

4.3

CVSS3.1

CVE-2025-64061 -

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a c…

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 1, 2025, 2:43 p.m.

9.8

CVSS3.1

CVE-2025-51742 -

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 2, 2025, 3:38 p.m.

9.8

CVSS3.1

CVE-2025-51743 -

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 2, 2025, 3:13 p.m.

6.1

CVSS3.1

CVE-2025-63735 -

A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Jan. 9, 2026, 2:22 a.m.

9.8

CVSS3.1

CVE-2025-61168 -

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 1, 2025, 2:21 p.m.

9.8

CVSS3.1

CVE-2025-51745 -

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.

πŸ“… Published: Nov. 25, 2025, midnight πŸ”„ Last Modified: Dec. 2, 2025, 2:56 p.m.
Total resulsts: 349182
Page 2913 of 34,919
Β« previous page Β» next page
Filters