Total
320020 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20754 | 1 Mediatek | 60 Mt2735, Mt2737, Mt6813 and 57 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840. | ||||
| CVE-2025-20755 | 1 Mediatek | 25 Mt2735, Mt6833, Mt6833p and 22 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775. | ||||
| CVE-2025-13295 | 2025-12-02 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9. | ||||
| CVE-2025-11786 | 1 Sge-plc1000 Sge-plc50 | 1 Circutor | 2025-12-02 | N/A |
| Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application. | ||||
| CVE-2025-20757 | 1 Mediatek | 26 Modem, Mt2735, Mt6833 and 23 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644. | ||||
| CVE-2025-41012 | 1 Tcman | 1 Gim | 2025-12-02 | N/A |
| Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'. | ||||
| CVE-2025-13000 | 2025-12-02 | 7.7 High | ||
| The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks | ||||
| CVE-2025-41013 | 1 Tcman | 1 Gim | 2025-12-02 | N/A |
| SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'. | ||||
| CVE-2025-59695 | 2025-12-02 | N/A | ||
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04. | ||||
| CVE-2025-20756 | 2025-12-02 | 5.3 Medium | ||
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643. | ||||
| CVE-2025-20758 | 1 Mediatek | 60 Mt2735, Mt2737, Mt6813 and 57 more | 2025-12-02 | 4.9 Medium |
| In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647. | ||||
| CVE-2025-59699 | 2025-12-02 | N/A | ||
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader. | ||||
| CVE-2025-20765 | 1 Mediatek | 50 Mt2718, Mt2737, Mt6739 and 47 more | 2025-12-02 | 4.7 Medium |
| In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833. | ||||
| CVE-2025-66296 | 1 Getgrav | 1 Grav | 2025-12-02 | 8.8 High |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-20790 | 1 Mediatk | 25 Mt2735, Mt6833, Mt6833p and 22 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01677581; Issue ID: MSV-4701. | ||||
| CVE-2025-20791 | 1 Mediatek | 25 Mt2735, Mt6833, Mt6833p and 22 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298. | ||||
| CVE-2025-20792 | 1 Mediatek | 21 Mt2735, Mt6833, Mt6833p and 18 more | 2025-12-02 | 5.3 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01717526; Issue ID: MSV-5591. | ||||
| CVE-2025-40700 | 1 Idi Eikon | 1 Governalia | 2025-12-02 | N/A |
| Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim. | ||||
| CVE-2025-41014 | 1 Tcman | 1 Gim | 2025-12-02 | N/A |
| User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'. | ||||
| CVE-2025-65676 | 1 Classroomio | 1 Classroomio | 2025-12-02 | 5.4 Medium |
| Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. | ||||