Latest CVE Feed
-
9.3
CRITICALCVE-2025-13510
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2020-36877
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader pa... Read more
Affected Products : serious_play_pro- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-13658
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-14307
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute ar... Read more
Affected Products : robocode- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Race Condition
-
9.3
CRITICALCVE-2021-47728
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain ww... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-64539
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web p... Read more
Affected Products : experience_manager- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-64538
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web p... Read more
Affected Products : experience_manager- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2024-58307
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially exec... Read more
Affected Products : csz_cms- Published: Dec. 11, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-66571
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inj... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-64314
Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.... Read more
Affected Products : harmonyos- Published: Nov. 28, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-34414
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The ... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
9.3
CRITICALCVE-2023-53967
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted P... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2023-53969
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to th... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The installation timestamp is exposed via a public endpoint, and a derived has... Read more
Affected Products : avideo- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-10910
A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s ... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-33187
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, ... Read more
- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-12140
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated atta... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-8890
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by ... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-14310
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, ... Read more
Affected Products : freepbx- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication