Total 319108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-10571 2025-11-21 9.6 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
CVE-2025-64770 2025-11-21 6.8 Medium
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-64684 1 Jetbrains 1 Youtrack 2025-11-21 4.5 Medium
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-64685 1 Jetbrains 1 Youtrack 2025-11-21 8.1 High
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVE-2025-64686 1 Jetbrains 1 Youtrack 2025-11-21 3.1 Low
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context
CVE-2025-62674 2025-11-21 6.8 Medium
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-13087 2025-11-21 6.2 Medium
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
CVE-2025-64687 1 Jetbrains 1 Youtrack 2025-11-21 5.4 Medium
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
CVE-2025-64688 1 Jetbrains 1 Youtrack 2025-11-21 7.4 High
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget
CVE-2025-36072 1 Ibm 1 Webmethods Integration 2025-11-21 8.8 High
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
CVE-2025-64689 1 Jetbrains 1 Youtrack 2025-11-21 9.6 Critical
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token
CVE-2021-4464 1 Fiberhome 4 An5506-04-fa, An5506-04-fa Firmware, Hg6245d and 1 more 2025-11-21 N/A
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.
CVE-2025-12862 1 Projectworlds 1 Online Notes Sharing Platform 2025-11-21 6.3 Medium
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-12923 1 1000mz 1 Chestnutcms 2025-11-21 2.7 Low
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2015-10142 1 Sitecore 3 Cms, Experience Platform, Sitecore 2025-11-21 N/A
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.
CVE-2025-66059 2025-11-21 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66057 2025-11-21 6.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2.
CVE-2025-66056 2025-11-21 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
CVE-2025-66055 2025-11-21 7.2 High
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.
CVE-2025-66053 2025-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2.