CVE-2025-66324 - Apache App Data Integrity Verification Flaw
CVE ID : CVE-2025-66324
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66324
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66326 - Cisco Audio Race Condition Vulnerability
CVE ID : CVE-2025-66326
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66326
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12956 - Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE ID : CVE-2025-12956
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12956
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14224 - Yottamaster DM2/DM3/DM200 File Upload path traversal
CVE ID : CVE-2025-14224
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14224
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26487 - Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9
CVE ID : CVE-2025-26487
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26487
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26488 - Improper input validation in XML Management service in Infinera MTC-9
CVE ID : CVE-2025-26488
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26488
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26489 - Improper input validation in Netconf service in Infinera MTC-9
CVE ID : CVE-2025-26489
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26489
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58279 - Apache Media Library Path Traversal Vulnerability
CVE ID : CVE-2025-58279
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58279
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66325 - Apache Package Manager Weak Permission Control
CVE ID : CVE-2025-66325
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66325
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66327 - Cisco Network Module Information Disclosure
CVE ID : CVE-2025-66327
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66327
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66328 - Cisco Network Management Module Race Condition Vulnerability
CVE ID : CVE-2025-66328
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66328
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66329 - Windows Window Management Module Permission Control Vulnerability
CVE ID : CVE-2025-66329
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66329
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66330 - "File Management App Lock Verification Bypass Vulnerability"
CVE ID : CVE-2025-66330
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66330
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66331 - Microsoft Office Service Denial of Service Vulnerability
CVE ID : CVE-2025-66331
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66331
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66332 - "Microsoft Office Service DoS Vulnerability"
CVE ID : CVE-2025-66332
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66332
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66333 - Microsoft Office DoS Vulnerability
CVE ID : CVE-2025-66333
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66333
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66334 - Microsoft Office Service Denial of Service Vulnerability
CVE ID : CVE-2025-66334
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66334
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14225 - D-Link DCS-930L alphapd setSystemAdmin command injection
CVE ID : CVE-2025-14225
Published : Dec. 8, 2025, 10:15 a.m. | 34 minutes ago
Description : A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14225
Published : Dec. 8, 2025, 10:15 a.m. | 34 minutes ago
Description : A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14226 - itsourcecode Student Management System edit_user.php sql injection
CVE ID : CVE-2025-14226
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14226
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14227 - Philipinho Simple-PHP-Blog edit.php sql injection
CVE ID : CVE-2025-14227
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14227
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14262 - Jobs can be saved as workflows with wrong permissions on KNIME Business Hub
CVE ID : CVE-2025-14262
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14262
Published : Dec. 8, 2025, 10:16 a.m. | 34 minutes ago
Description : A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...