Latest CVE Feed
-
5.8
MEDIUMCVE-2025-49919
Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit ... Read more
Affected Products : seacms- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2025-33192
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.... Read more
- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-33193
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.... Read more
- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2025-21072
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-33191
NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.... Read more
- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded with... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
5.7
MEDIUMCVE-2025-67716
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query paramet... Read more
Affected Products : nextjs-auth0- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2025-63361
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext.... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2025-66004
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Path Traversal
-
5.7
MEDIUMCVE-2025-14738
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
5.6
MEDIUMCVE-2025-62631
An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not ter... Read more
Affected Products : fortios- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
5.6
MEDIUMCVE-2025-14087
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input ... Read more
Affected Products : glib- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-64897
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potential... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.6
MEDIUMCVE-2025-14267
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7... Read more
Affected Products : m-files_server- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-58475
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-68919
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Misconfiguration
-
5.6
MEDIUMCVE-2025-8074
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-48569
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-14197
A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information dis... Read more
Affected Products : verysync- Published: Dec. 07, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure