4.3

CVSS3.1

CVE-2025-11369 - Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and get_siteinfo functions in …

πŸ“… Published: Dec. 17, 2025, 1:48 a.m. πŸ”„ Last Modified: Dec. 18, 2025, 3:08 p.m.

5.1

CVSS3.1

CVE-2025-11009 - Information Disclosure Vulnerability in GT Designer3

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Desi…

πŸ“… Published: Dec. 17, 2025, 12:55 a.m. πŸ”„ Last Modified: Dec. 18, 2025, 3:08 p.m.

8.4

CVSS4.0

CVE-2025-53524 - Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.

πŸ“… Published: Dec. 17, 2025, 12:19 a.m. πŸ”„ Last Modified: Dec. 18, 2025, 3:08 p.m.

9.9

CVSS3.1

CVE-2025-14700 - Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

πŸ“… Published: Dec. 17, 2025, 12:04 a.m. πŸ”„ Last Modified: Dec. 17, 2025, 9:25 p.m.

7.1

CVSS3.1

CVE-2025-14701 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Cont…

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

πŸ“… Published: Dec. 17, 2025, 12:04 a.m. πŸ”„ Last Modified: Dec. 17, 2025, 9:20 p.m.

0.0

CVE-2024-46062 -

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary…

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 9:56 a.m.

9.8

CVSS3.1

CVE-2022-23851 -

Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 18, 2025, 9:57 a.m.

6.1

CVSS3.1

CVE-2025-66924 -

A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 9:18 p.m.

7.2

CVSS3.1

CVE-2025-66923 -

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 9:18 p.m.

7.5

CVSS3.1

CVE-2024-29371 -

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during …

πŸ“… Published: Dec. 17, 2025, midnight πŸ”„ Last Modified: Dec. 17, 2025, 7:15 p.m.
Total resulsts: 323661
Page 84 of 32,367
Β« previous page Β» next page
Filters