CVE-2025-65793 - Apache Non-Vulnerability
CVE ID : CVE-2025-65793
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65793
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65794 - Apache None
CVE ID : CVE-2025-65794
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65794
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7007 - Null pointer dereference in Avast Antivirus on macOS (16.0.0) or Linux (3.0.3)
CVE ID : CVE-2025-7007
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7007
Published : Dec. 1, 2025, 5:15 p.m. | 17 minutes ago
Description : NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13837 - Out-of-memory when loading Plist
CVE ID : CVE-2025-13837
Published : Dec. 1, 2025, 6:16 p.m. | 3 hours, 17 minutes ago
Description : When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13837
Published : Dec. 1, 2025, 6:16 p.m. | 3 hours, 17 minutes ago
Description : When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11772 - Co-Installer Privilege Escalation
CVE ID : CVE-2025-11772
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11772
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34297 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
CVE ID : CVE-2025-34297
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34297
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63365 - SoftSea EPUB File Reader Directory Traversal Vulnerability
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65407 - Live555 Streaming Media MPEG1or2Demux Use-After-Free Denial of Service
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12756 - Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51682 - mJobtime Client-Side Authorization Bypass
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51683 - mJobtime Blind SQL Injection Vulnerability
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63317 - Todoist SVG XSS
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65836 - PublicCMS SimpleAiAdminController SSRF
CVE ID : CVE-2025-65836
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65836
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65838 - PublicCMS File Upload Path Traversal
CVE ID : CVE-2025-65838
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65838
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66298 - Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
CVE ID : CVE-2025-66298
Published : Dec. 1, 2025, 9:10 p.m. | 23 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66298
Published : Dec. 1, 2025, 9:10 p.m. | 23 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66299 - Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
CVE ID : CVE-2025-66299
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66299
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51999 - express improperly controls modification of query properties
CVE ID : CVE-2024-51999
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51999
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55749 - The XWiki Jetty package (XJetty) allows accessing any application file through URL
CVE ID : CVE-2025-55749
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55749
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58044 - JumpServer has an Open Redirect Vulnerability
CVE ID : CVE-2025-58044
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58044
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65621 - Snipe-IT Stored XSS Vulnerability
CVE ID : CVE-2025-65621
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65621
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65840 - PublicCMS CkEditorAdminController CSRF
CVE ID : CVE-2025-65840
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65840
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...