Total
324658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53469 | 1 Linux | 1 Linux Kernel | 2025-12-29 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-15169 | 2025-12-29 | 4.7 Medium | ||
| A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67743 | 1 Learningcircuit | 1 Local Deep Research | 2025-12-29 | 6.3 Medium |
| Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9. | ||||
| CVE-2025-15140 | 2025-12-29 | 7.3 High | ||
| A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-65713 | 1 Home-assistant | 1 Home-assistant | 2025-12-29 | 4 Medium |
| Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability. | ||||
| CVE-2021-47720 | 1 Orangescrum | 1 Orangescrum | 2025-12-29 | 7.1 High |
| Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information. | ||||
| CVE-2021-47722 | 1 Zucchetti | 1 Axess Cloki Access Control | 2025-12-29 | 3.5 Low |
| Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page. | ||||
| CVE-2021-47733 | 1 Cmsimple | 1 Cmsimple | 2025-12-29 | 6.1 Medium |
| CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons. | ||||
| CVE-2025-33223 | 1 Nvidia | 1 Isaac Launchable | 2025-12-29 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-33224 | 1 Nvidia | 1 Isaac Launchable | 2025-12-29 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-45493 | 1 Netgear | 1 Ex8000 | 2025-12-29 | 6.5 Medium |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function. | ||||
| CVE-2025-25364 | 1 Speedify | 1 Vpn | 2025-12-29 | 8.4 High |
| A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges. | ||||
| CVE-2025-67109 | 1 Eclipse | 1 Cyclonedds | 2025-12-29 | 10 Critical |
| Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. | ||||
| CVE-2024-9684 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2025-12-29 | 7.5 High |
| FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences. | ||||
| CVE-2021-47721 | 1 Orangescrum | 1 Orangescrum | 2025-12-29 | 8.8 High |
| Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account. | ||||
| CVE-2025-50526 | 1 Netgear | 1 Ex8000 | 2025-12-29 | 9.8 Critical |
| Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function. | ||||
| CVE-2025-65865 | 1 Eprosima | 1 Fast Dds | 2025-12-29 | 7.5 High |
| An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-67111 | 2025-12-29 | 7.5 High | ||
| An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message. | ||||
| CVE-2025-67108 | 1 Eprosima | 1 Fast Dds | 2025-12-29 | 10 Critical |
| eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. | ||||
| CVE-2025-29228 | 1 Linksys | 1 E5600 | 2025-12-29 | 9.8 Critical |
| Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. | ||||