7.8

CVSS3.1

CVE-2025-13662 -

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.

๐Ÿ“… Published: Dec. 9, 2025, 4:05 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

7.1

CVSS3.1

CVE-2025-13661 -

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

๐Ÿ“… Published: Dec. 9, 2025, 4:01 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

8.8

CVSS3.1

CVE-2025-13659 -

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

๐Ÿ“… Published: Dec. 9, 2025, 3:59 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

4.8

CVSS4.0

CVE-2025-9638 - i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

๐Ÿ“… Published: Dec. 9, 2025, 3:59 p.m. ๐Ÿ”„ Last Modified: Dec. 11, 2025, 5:56 p.m.

7.3

CVSS4.0

CVE-2025-5469 - Dylib Hijacking in Yandex Messenger

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245

๐Ÿ“… Published: Dec. 9, 2025, 3:55 p.m. ๐Ÿ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

9.6

CVSS3.1

CVE-2025-10573 -

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

๐Ÿ“… Published: Dec. 9, 2025, 3:55 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

7.3

CVSS4.0

CVE-2025-5471 - Dylib Hijacking in Yandex Telemost

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.

๐Ÿ“… Published: Dec. 9, 2025, 3:53 p.m. ๐Ÿ”„ Last Modified: Feb. 19, 2026, 5:03 p.m.

7.3

CVSS4.0

CVE-2025-5470 - Dylib Hijacking in Yandex Disk

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.

๐Ÿ“… Published: Dec. 9, 2025, 3:50 p.m. ๐Ÿ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

5.4

CVSS3.1

CVE-2025-13642 - ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content โ€“ ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the `type` parameter iโ€ฆ

๐Ÿ“… Published: Dec. 9, 2025, 3:23 p.m. ๐Ÿ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

4.5

CVSS3.1

CVE-2025-67467 - WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.

๐Ÿ“… Published: Dec. 9, 2025, 3:03 p.m. ๐Ÿ”„ Last Modified: April 1, 2026, 2:10 p.m.
Total resulsts: 342316
Page 2031 of 34,232
ยซ previous page ยป next page
Filters