Latest CVE Feed
-
10.0
CRITICALCVE-2025-64127
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attac... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-64126
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an un... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-55471
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-55469
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
3.7
LOWCVE-2025-2486
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2025-20373
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
7.6
HIGHCVE-2025-13084
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.... Read more
- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.... Read more
Affected Products : frappe_crm- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-65237
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-63938
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-46175
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-62354
Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution.... Read more
Affected Products : cursor- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-56396
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-50402
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-50399
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-46174
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization