3.5

CVSS3.1

CVE-2025-56675 -

The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-52050 -

In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expiry_date parameter.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 3, 2025, 4:19 p.m.

5.4

CVSS3.1

CVE-2025-56676 -

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorize…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 18, 2025, 1:49 a.m.

6.1

CVSS3.1

CVE-2025-56018 -

SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 9, 2026, 7:50 p.m.

6.5

CVSS3.1

CVE-2025-52047 -

In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 3, 2025, 4:20 p.m.

6.5

CVSS3.1

CVE-2025-52043 -

In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 3, 2025, 4:20 p.m.

9.1

CVSS3.1

CVE-2025-7493 - Freeipa: idm: privilege escalation from host to domain admin in freeipa

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA stil…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2025-61792 -

Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicate…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-57254 -

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL q…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2025-56301 -

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an …

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 17, 2025, 8:45 p.m.
Total resulsts: 349182
Page 3636 of 34,919
Β« previous page Β» next page
Filters