Latest CVE Feed
-
5.9
MEDIUMCVE-2025-41739
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Race Condition
-
5.4
MEDIUMCVE-2025-13296
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-66421
Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
9.4
CRITICALCVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in th... Read more
Affected Products : cerebrate- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-12143
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-13806
A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the c... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-13805
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the comp... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-13770
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-13771
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-13769
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection