Latest CVE Feed
-
5.9
MEDIUMCVE-2025-68972
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (alth... Read more
Affected Products : gnupg- Published: Dec. 27, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2023-32120
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.... Read more
Affected Products : hostel- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-66491
Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certifica... Read more
Affected Products : traefik- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-1721
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products : concert- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-66378
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-58408
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale d... Read more
Affected Products : ddk- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-58483
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.... Read more
Affected Products : galaxy_store- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-13489
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.... Read more
- Published: Dec. 15, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-41739
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Race Condition
-
5.9
MEDIUMCVE-2025-49088
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invit... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Denial of Service
-
5.8
MEDIUMCVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is po... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-15148
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-8075
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an att... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit ... Read more
Affected Products : seacms- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-14116
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Server-Side Request Forgery
-
5.8
MEDIUMCVE-2025-15130
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manip... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content result... Read more
Affected Products : eyoucms- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-15169
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from re... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Authorization
-
5.8
MEDIUMCVE-2025-49642
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.... Read more
Affected Products : zabbix- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Misconfiguration