Latest CVE Feed
-
7.5
HIGHCVE-2025-63387
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement prope... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-14955
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to lau... Read more
Affected Products : open5gs- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-41697
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-41696
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-41695
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilit... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-41694
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-41693
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
6.8
MEDIUMCVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-55181
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads ... Read more
Affected Products : proxygen- Published: Dec. 02, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2025-64468
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to ... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68325
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cak... Read more
Affected Products : linux_kernel- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68323
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates... Read more
Affected Products : linux_kernel- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Race Condition
-
8.5
HIGHCVE-2025-64467
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attack... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-64466
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-65009
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about t... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-64464
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to ... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-63757
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-7358
Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-7047
Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization