6.9

CVSS4.0

CVE-2025-13434 - jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER['HOST'] causes improper neutralization of http headers for scripti…

πŸ“… Published: Nov. 20, 2025, 1:02 a.m. πŸ”„ Last Modified: Nov. 24, 2025, 9:10 a.m.

7.3

CVSS4.0

CVE-2025-13433 - Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. …

πŸ“… Published: Nov. 20, 2025, 12:32 a.m. πŸ”„ Last Modified: Nov. 24, 2025, 9:11 a.m.

5.1

CVSS4.0

CVE-2025-13424 - Campcodes Supplier Management System add_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t…

πŸ“… Published: Nov. 20, 2025, 12:02 a.m. πŸ”„ Last Modified: Nov. 21, 2025, 8:20 p.m.

4.3

CVSS3.1

CVE-2025-65222 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:25 p.m.

9.8

CVSS3.1

CVE-2025-60738 -

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 4:16 p.m.

4.3

CVSS3.1

CVE-2025-65226 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:24 p.m.

4.3

CVSS3.1

CVE-2025-65221 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:25 p.m.

6.1

CVSS3.1

CVE-2025-60799 -

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access …

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 24, 2025, 9:10 a.m.

5.5

CVSS3.1

CVE-2025-13467 - org.keycloak.storage.ldap: Keycloak: Deserialization of Untrusted Data in LDAP User Federation

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 20, 2025, midnight

6.1

CVSS3.1

CVE-2025-63848 -

Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 24, 2025, 9:10 a.m.
Total resulsts: 319261
Page 38 of 31,927
Β« previous page Β» next page
Filters