Latest CVE Feed
-
5.9
MEDIUMCVE-2025-11156
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This tri... Read more
Affected Products : netskope- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-13615
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system r... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-66421
Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-41739
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Race Condition
-
2.0
LOWCVE-2025-6666
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physi... Read more
Affected Products :- Published: Nov. 29, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cryptography
-
9.4
CRITICALCVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in th... Read more
Affected Products : cerebrate- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-12143
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-13770
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-13771
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-13769
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection