4.1

CVSS3.1

CVE-2025-63420 -

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Feb. 5, 2026, 4:24 p.m.

6.1

CVSS3.1

CVE-2025-63543 -

TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter.

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 4:27 p.m.

6.5

CVSS3.1

CVE-2025-57697 -

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legit…

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Dec. 5, 2025, 8:42 p.m.

6.1

CVSS3.1

CVE-2025-63713 -

Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test …

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Nov. 18, 2025, 7:33 p.m.

6.5

CVSS3.1

CVE-2025-63687 -

An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts.

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Jan. 21, 2026, 9:05 p.m.

5.4

CVSS3.1

CVE-2025-61261 -

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Dec. 11, 2025, 11:42 p.m.

9.6

CVSS3.1

CVE-2025-63691 -

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-token/page) has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who …

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Dec. 8, 2025, 4:08 p.m.

10

CVSS3.1

CVE-2025-63689 -

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Feb. 5, 2026, 4:25 p.m.

6.1

CVSS3.1

CVE-2025-63544 -

TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter.

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 4:19 p.m.

7.5

CVSS3.1

CVE-2025-12863 - libxml2: Namespace Use-After-Free in xmlSetTreeDoc() function of libxml2

This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283

πŸ“… Published: Nov. 7, 2025, midnight πŸ”„ Last Modified: Nov. 20, 2025, 3:17 p.m.
Total resulsts: 349182
Page 3112 of 34,919
Β« previous page Β» next page
Filters