7

CVSS4.0

CVE-2025-10991 - Root Access via UART

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.

πŸ“… Published: Sept. 30, 2025, 12:08 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-55017 -

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.8

CVSS3.1

CVE-2025-28016 -

A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 7, 2025, 1:42 p.m.

7.5

CVSS3.1

CVE-2025-56571 -

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 8, 2025, 2:34 p.m.

9.8

CVSS3.1

CVE-2025-56513 -

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resul…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 15, 2025, 6:39 p.m.

8.1

CVSS3.1

CVE-2025-56392 -

An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 15, 2025, 6:38 p.m.

6.5

CVSS3.1

CVE-2025-56207 -

A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721 …

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2025-56200 -

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 18, 2025, 1:48 a.m.

6.5

CVSS3.1

CVE-2025-55797 -

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 7, 2025, 1:37 p.m.

5.3

CVSS3.1

CVE-2025-56520 -

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 7, 2025, 1:20 p.m.
Total resulsts: 349182
Page 3635 of 34,919
Β« previous page Β» next page
Filters