CVE-2025-15010 - Tenda WH450 SafeUrlFilter stack-based overflow
CVE ID : CVE-2025-15010
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15010
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15011 - code-projects Simple Stock System logout.php sql injection
CVE ID : CVE-2025-15011
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15011
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15015 - Ragic|Enterprise Cloud Database - Arbitrary File Read
CVE ID : CVE-2025-15015
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15015
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15016 - Ragic|Enterprise Cloud Database - Hard-coded Cryptographic Key
CVE ID : CVE-2025-15016
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15016
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59301 - Modbus/TCP Dos Vulnerability in DVP15MC11T
CVE ID : CVE-2025-59301
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59301
Published : Dec. 22, 2025, 4:16 a.m. | 2 hours, 32 minutes ago
Description : Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11540 - Sharp Display Solutions Projector Path Traversal Vulnerability
CVE ID : CVE-2025-11540
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11540
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11541 - Sharp Display Solutions Projector Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-11541
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11541
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11542 - Sharp Display Solutions Projector Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-11542
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11542
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11543 - Sharp Display Solutions Projector Firmware Tampering Vulnerability
CVE ID : CVE-2025-11543
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11543
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12049 - Sharp Display Solutions Media Player MP-01 Authentication Bypass
CVE ID : CVE-2025-12049
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12049
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15012 - code-projects Refugee Food Management System home.php sql injection
CVE ID : CVE-2025-15012
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15012
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15013 - floooh sokol sokol_gfx.h _sg_validate_pipeline_desc stack-based overflow
CVE ID : CVE-2025-15013
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15013
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15014 - loganhong php loganSite Article article_detail.php sql injection
CVE ID : CVE-2025-15014
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/article_detail.php of the component Article Handler. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15014
Published : Dec. 22, 2025, 5:16 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/article_detail.php of the component Article Handler. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11544 - Sharp Display Solutions Projector Firmware Tampering Vulnerability
CVE ID : CVE-2025-11544
Published : Dec. 22, 2025, 6:15 a.m. | 33 minutes ago
Description : Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11544
Published : Dec. 22, 2025, 6:15 a.m. | 33 minutes ago
Description : Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11545 - Sharp Display Solutions Unauthenticated Remote Code Execution
CVE ID : CVE-2025-11545
Published : Dec. 22, 2025, 6:15 a.m. | 33 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11545
Published : Dec. 22, 2025, 6:15 a.m. | 33 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8304 - Information Disclosure in Identity Agent Registry Keys
CVE ID : CVE-2025-8304
Published : Dec. 22, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8304
Published : Dec. 22, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8305 - Information Disclosure in Identity Agent Debug Files
CVE ID : CVE-2025-8305
Published : Dec. 22, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8305
Published : Dec. 22, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61738 - Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information
CVE ID : CVE-2025-61738
Published : Dec. 22, 2025, 10:07 a.m. | 43 minutes ago
Description : Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61738
Published : Dec. 22, 2025, 10:07 a.m. | 43 minutes ago
Description : Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62094 - WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-62094
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Voidthemes Void Elementor WHMCS Elements For Elementor Page Builder.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a through 2.0.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62094
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Voidthemes Void Elementor WHMCS Elements For Elementor Page Builder.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a through 2.0.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62107 - WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-62107
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through 1.1.7.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62107
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through 1.1.7.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62880 - WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-62880
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Kunal Nagar Custom 404 Pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through 3.12.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62880
Published : Dec. 22, 2025, 10:16 a.m. | 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Kunal Nagar Custom 404 Pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through 3.12.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...