CVE-2025-63534 - Blood Bank Management System XSS
CVE ID : CVE-2025-63534
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63534
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63535 - "Blood Bank Management System SQL Injection Vulnerability"
CVE ID : CVE-2025-63535
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63535
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64775 - Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)
CVE ID : CVE-2025-64775
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64775
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65403 - LightFTP Buffer Overflow Vulnerability
CVE ID : CVE-2025-65403
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65403
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65404 - Live555 Streaming Media Buffer Overflow DoS
CVE ID : CVE-2025-65404
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65404
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65405 - Live555 Streaming Media Use-After-Free Denial of Service Vulnerability
CVE ID : CVE-2025-65405
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65405
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8351 - Scanning a malformed file in Avast Antivirus 8.3.70.94 on MacOS may result in remote code execution
CVE ID : CVE-2025-8351
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8351
Published : Dec. 1, 2025, 4:15 p.m. | 1 hour, 17 minutes ago
Description : Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65406 - Live555 Streaming Media MKV Heap Overflow Denial of Service
CVE ID : CVE-2025-65406
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65406
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65408 - Live555 Streaming Media NULL Pointer Dereference Denial of Service
CVE ID : CVE-2025-65408
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65408
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65793 - Apache Non-Vulnerability
CVE ID : CVE-2025-65793
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65793
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65794 - Apache None
CVE ID : CVE-2025-65794
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65794
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7007 - Null pointer dereference in Avast Antivirus on macOS (16.0.0) or Linux (3.0.3)
CVE ID : CVE-2025-7007
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7007
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13837 - Out-of-memory when loading Plist
CVE ID : CVE-2025-13837
Published : Dec. 1, 2025, 6:16 p.m. | 3 hours, 17 minutes ago
Description : When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13837
Published : Dec. 1, 2025, 6:16 p.m. | 3 hours, 17 minutes ago
Description : When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11772 - Co-Installer Privilege Escalation
CVE ID : CVE-2025-11772
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11772
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34297 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
CVE ID : CVE-2025-34297
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34297
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63365 - SoftSea EPUB File Reader Directory Traversal Vulnerability
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65407 - Live555 Streaming Media MPEG1or2Demux Use-After-Free Denial of Service
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12756 - Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51682 - mJobtime Client-Side Authorization Bypass
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51683 - mJobtime Blind SQL Injection Vulnerability
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63317 - Todoist SVG XSS
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...