Latest CVE Feed
-
3.9
LOWCVE-2025-59700
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-48612
In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileg... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
4.1
MEDIUMCVE-2025-59701
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-59702
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-59705
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivatio... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-59703
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-59704
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-66208
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection)... Read more
Affected Products : online- Published: Dec. 03, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more
Affected Products : http_server- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-66334
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.2
HIGHCVE-2025-59697
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is cal... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
3.2
LOWCVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-64331
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased th... Read more
Affected Products : suricata- Published: Nov. 26, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54848
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54849
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.4
HIGHCVE-2025-10285
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-13373
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.... Read more
Affected Products : iview- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-13494
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-de... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-12153
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level acce... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-13312
The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated att... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization