Latest CVE Feed
-
5.1
MEDIUMCVE-2025-34265
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-66553
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerabil... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2020-36879
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerabi... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-34263
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values ar... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2020-36878
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to di... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-34266
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34264
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored proc... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34262
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint. When an authenticated user renames a device, the new_name value is stored and later rendered in... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2020-36877
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader pa... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-34258
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34259
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in t... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-66552
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
5.7
MEDIUMCVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded with... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
3.3
LOWCVE-2025-66546
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-66511
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cryptography
-
4.5
MEDIUMCVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other use... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
8.9
HIGHCVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by r... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-65879
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Path Traversal