Latest CVE Feed
-
4.9
MEDIUMCVE-2025-12630
The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13875
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation o... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-26155
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-61619
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61618
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61617
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61610
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61609
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61608
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61607
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-3012
In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11133
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11132
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-51742
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC p... Read more
Affected Products : jsherp- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-51743
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks.... Read more
Affected Products : jsherp- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-51744
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.... Read more
Affected Products : jsherp- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-51745
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.... Read more
Affected Products : jsherp- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-51746
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.... Read more
Affected Products : jsherp- Published: Nov. 25, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
4.0
MEDIUMCVE-2025-8045
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issu... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption