Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-56423 An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages | 5.3 | MEDIUM | — | 0 |
| CVE-2025-60632 An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60633 An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60638 An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API. | 7.5 | HIGH | — | 0 |
| CVE-2025-60914 Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint. | 4.6 | MEDIUM | — | 0 |
| CVE-2025-60915 An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request. | 8.1 | HIGH | — | 0 |
| CVE-2025-60916 A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-60917 A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the ... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-13511 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2025-13594 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2025-63432 Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker ... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-63433 Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. A... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-63434 The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing ... | 8.8 | HIGH | — | 0 |
| CVE-2025-63435 Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not requi... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13466 body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of para... | N/A | NONE | — | 0 |
| CVE-2025-36112 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-0005 Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. | 7.3 | HIGH | — | 0 |
| CVE-2025-64048 YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.cla... | 6.1 | MEDIUM | — | 0 |
| CVE-2018-25126 Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) contains hardcoded API credentials and an OS command injection flaw in its configuration ... | N/A | NONE | — | 0 |
| CVE-2023-7330 Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir paramet... | N/A | NONE | — | 0 |
| CVE-2024-14007 Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protoco... | N/A | NONE | — | 0 |
| CVE-2025-0003 Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability | 7.3 | HIGH | — | 0 |
| CVE-2025-0007 Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/o... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-29933 Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48510 Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | 7.1 | HIGH | — | 0 |
| CVE-2025-48511 Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-52538 Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. | 8.0 | HIGH | — | 0 |
| CVE-2025-54338 An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes. | 7.5 | HIGH | — | 0 |
| CVE-2025-54341 A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-54347 A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain condition... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-54563 An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Informatio... | 7.5 | HIGH | — | 0 |
| CVE-2025-10144 The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the `brands` attribute of the `products` shortcode in all versions up to, and including, 3.6.2 due... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-62155 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can... | 8.5 | HIGH | — | 0 |
| CVE-2025-64505 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerabili... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-64506 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-64720 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read v... | 7.1 | HIGH | — | 0 |
| CVE-2025-65018 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer ... | 7.1 | HIGH | — | 0 |
| CVE-2025-64761 OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group,... | 7.2 | HIGH | — | 0 |
| CVE-2025-65944 Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvert... | N/A | NONE | — | 0 |
| CVE-2025-65951 Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting op... | 8.7 | HIGH | — | 0 |
| CVE-2025-59373 A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation ... | N/A | NONE | — | 0 |
| CVE-2025-6389 The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the fu... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-10646 The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-66179 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66180 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66181 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66182 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66183 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66184 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-66185 Rejected reason: Not used | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.