Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,411
Quick preset (or use dates below)
Clear Filters
Showing 14,301 - 14,320 of 14,425 CVEs
CVE-2025-15133 HIGH - 8.8

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit ...

Vendor: zspace
Product: z4pro\+_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15132 HIGH - 8.8

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has be...

Vendor: zspace
Product: z4pro\+_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15131 HIGH - 8.8

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publi...

Vendor: zspace
Product: z4pro\+_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15127 HIGH - 7.3

A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be laun...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15126 HIGH - 7.5

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity ...

Vendor: jeecg
Product: jeecg_boot
Published: Dec 28, 2025
Source: NVD
CVE-2025-15110 HIGH - 7.2

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is possibl...

Vendor: jackq
Product: xcms
Published: Dec 27, 2025
Source: NVD
CVE-2025-14180 HIGH - 7.5

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting fu...

Vendor: php
Product: php
Published: Dec 27, 2025
Source: NVD
CVE-2025-14178 HIGH - 8.2

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation ...

Vendor: php
Product: php
Published: Dec 27, 2025
Source: NVD
CVE-2025-14177 HIGH - 7.5

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs d...

Vendor: php
Product: php
Published: Dec 27, 2025
Source: NVD
CVE-2025-15109 HIGH - 7.3

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has ...

Published: Dec 27, 2025
Source: NVD
CVE-2025-15107 HIGH - 8.1

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is pos...

Vendor: actionsky
Product: sqle
Published: Dec 27, 2025
Source: NVD
CVE-2025-68948 HIGH - 8.1

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is ...

Vendor: b3log
Product: siyuan
Published: Dec 27, 2025
Source: NVD
CVE-2025-59946 HIGH - 7.5

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Published: Dec 27, 2025
Source: NVD
CVE-2025-68474 HIGH - 7.6

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual ...

Vendor: espressif
Product: esp-idf
Published: Dec 27, 2025
Source: NVD
CVE-2025-68473 HIGH - 8.6

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUID...

Vendor: espressif
Product: esp-idf
Published: Dec 27, 2025
Source: NVD
CVE-2025-68148 HIGH - 7.5

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in version...

Vendor: freshrss
Product: freshrss
Published: Dec 27, 2025
Source: NVD
CVE-2025-67729 HIGH - 8.8

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbit...

Vendor: internlm
Product: lmdeploy
Published: Dec 26, 2025
Source: NVD
CVE-2025-67015 HIGH - 7.5

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.

Vendor: comtech
Product: cdm-625_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-67014 HIGH - 7.5

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.

Vendor: axing
Product: dev7113_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-66738 HIGH - 8.8

An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

Vendor: yealink
Product: sip-t21\(p\)e2_firmware
Published: Dec 26, 2025
Source: NVD