Total
319996 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13129 | 1 Seneka | 1 Onaylarım | 2025-12-02 | 4.3 Medium |
| Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025. | ||||
| CVE-2025-63095 | 1 Tempus-ex | 1 Hello-video-codec | 2025-12-02 | 6.5 Medium |
| Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-63534 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2025-12-02 | 8.5 High |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed. | ||||
| CVE-2025-61229 | 1 Shirt Pocket | 1 Superduper | 2025-12-02 | N/A |
| An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls. | ||||
| CVE-2025-63531 | 2 Blood Bank Management System Project, Shridharshukl | 2 Blood Bank Management System, Blood Bank Management System | 2025-12-02 | 10 Critical |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system. | ||||
| CVE-2025-63525 | 2 Blood Bank Management System Project, Shridharshukl | 2 Blood Bank Management System, Blood Bank Management System | 2025-12-02 | 9.6 Critical |
| An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php. | ||||
| CVE-2025-63365 | 1 Softsea | 1 Epub File Reader | 2025-12-02 | 7.1 High |
| SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents. | ||||
| CVE-2025-63528 | 2 Blood Bank Management System Project, Shridharshukl | 2 Blood Bank Management System, Blood Bank Management System | 2025-12-02 | 8.5 High |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed. | ||||
| CVE-2025-63527 | 2 Blood Bank Management System Project, Shridharshukl | 2 Blood Bank Management System, Blood Bank Management System | 2025-12-02 | 8.5 High |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed. | ||||
| CVE-2025-34297 | 1 Kissfft Project | 1 Kissfft | 2025-12-02 | N/A |
| KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures. | ||||
| CVE-2025-51683 | 1 Mjob | 1 Mjobtime | 2025-12-02 | N/A |
| A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint . | ||||
| CVE-2024-53684 | 1 Socomec | 1 Diris M-70 | 2025-12-02 | 7.5 High |
| A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability. | ||||
| CVE-2025-10101 | 2 Apple, Avast | 2 Macos, Antivirus | 2025-12-02 | 8.1 High |
| Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025. | ||||
| CVE-2025-63520 | 1 Feehi | 2 Feehi Cms, Feehicms | 2025-12-02 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). | ||||
| CVE-2025-54851 | 1 Socomec | 1 Diris M-70 | 2025-12-02 | 7.5 High |
| A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state. | ||||
| CVE-2025-13835 | 2 Tychesoftwares, Wordpress | 2 Arconix Shortcodes, Wordpress | 2025-12-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19. | ||||
| CVE-2025-58044 | 1 Jumpserver | 1 Jumpserver | 2025-12-02 | N/A |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5. | ||||
| CVE-2025-65403 | 1 Lightftp Project | 1 Lightftp | 2025-12-02 | 6.5 Medium |
| A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-12756 | 1 Mattermost | 2 Mattermost, Mattermost Boards | 2025-12-02 | 4.3 Medium |
| Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users. | ||||
| CVE-2025-66302 | 1 Getgrav | 1 Grav | 2025-12-02 | 6.8 Medium |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27. | ||||