5.1

CVSS4.0

CVE-2025-13424 - Campcodes Supplier Management System add_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t…

πŸ“… Published: Nov. 20, 2025, 12:02 a.m. πŸ”„ Last Modified: Nov. 21, 2025, 8:20 p.m.

4.3

CVSS3.1

CVE-2025-65222 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:25 p.m.

9.8

CVSS3.1

CVE-2025-60738 -

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 4:16 p.m.

4.3

CVSS3.1

CVE-2025-65226 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:24 p.m.

4.3

CVSS3.1

CVE-2025-65221 -

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 5:25 p.m.

6.1

CVSS3.1

CVE-2025-60799 -

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access …

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 24, 2025, 9:10 a.m.

5.5

CVSS3.1

CVE-2025-13467 - org.keycloak.storage.ldap: Keycloak: Deserialization of Untrusted Data in LDAP User Federation

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 20, 2025, midnight

6.1

CVSS3.1

CVE-2025-63848 -

Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook.

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 24, 2025, 9:10 a.m.

9.8

CVSS3.1

CVE-2025-63807 -

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authen…

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 3:15 p.m.

9.8

CVSS3.1

CVE-2025-63685 -

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's s…

πŸ“… Published: Nov. 20, 2025, midnight πŸ”„ Last Modified: Nov. 21, 2025, 3:15 p.m.
Total resulsts: 319279
Page 40 of 31,928
Β« previous page Β» next page
Filters