CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.15)

CVE-2025-63401
Medium

A Cross Site Scripting (XSS) vulnerability was found in HCLTech DRAGON prior to version 7.6.0. Missing security directives allow a remote attacker to execute arbitrary code in the victim's browser context.

CVE-2025-65841
Medium

A vulnerability in Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local file using a weak obfuscation scheme. The password is 'encrypted' through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value.

CVE-2025-57202
Medium

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH DGM1104 allows attackers to inject malicious JavaScript or HTML into the username field. Successful exploitation enables arbitrary script execution in the victim's browser context.

CVE-2025-57200
MediumEPSS 76%

An authenticated command injection vulnerability was discovered in the test_mail function of AVTECH SECURITY DGM1104 (firmware version FullImg-1015-1004-1006-1003). This flaw allows an attacker to execute arbitrary system commands via crafted input.

CVE-2025-65955
Medium

In ImageMagick, prior to versions 7.1.2-9 and 6.9.13-34, there is a vulnerability in the Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. This leads to memory being freed while leaving a pointer to freed memory, which can result in crashes or heap corruption.

CVE-2025-13505
Medium

Podatność CVE-2025-13505 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych, co prowadzi do ataków typu Cross-site Scripting (XSS). Dotyczy to wersji Datactive od 2.13.34 do przed 2.14.0.6, umożliwiając przechowywane XSS.

CVE-2025-66412
Medium

W Angularze, przed wersjami 21.0.2, 20.3.15 i 19.2.17, zidentyfikowano podatność typu Stored Cross-Site Scripting (XSS) w kompilatorze szablonów. Problem wynika z niekompletności wewnętrznego schematu zabezpieczeń kompilatora, co pozwala atakującym na obejście wbudowanej sanitizacji bezpieczeństwa Angulara.

CVE-2025-65622
Medium

Snipe-IT before version 8.3.4 is vulnerable to stored XSS via the Locations "Country" field. A low-privileged authenticated user can inject JavaScript that executes in another user's session.

CVE-2025-65621
Medium

A stored XSS vulnerability in Snipe-IT before version 8.3.4 allows a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.

CVE-2025-13129
Medium

Podatność w Seneka Software dotycząca niewłaściwego egzekwowania workflow behawioralnego pozwala na niewłaściwe wykorzystanie funkcjonalności. Problem dotyczy wersji Onaylarım od 25.09.26.01 do 18112025.

CVE-2025-13296
Medium

W podatności CVE-2025-13296 występuje luka typu Cross-Site Request Forgery (CSRF) w oprogramowaniu T-Soft E-Commerce firmy Tekrom Technology Inc. Umożliwia ona przeprowadzenie ataku CSRF.

CVE-2025-65670
Medium

An IDOR vulnerability in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in temporary unauthorized disclosure of sensitive course, admin, and student data before the system reverts to normal access restrictions.

CVE-2025-65676
Medium

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

CVE-2025-65675
Medium

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

CVE-2025-61167
Medium

Multiple SQL injection vulnerabilities were discovered in SIGB PMB version 8.0.1.14 in the /opac_css/ajax_selector.php component. The flaws exist in the id and datas parameters.

CVE-2025-63674
Medium

A vulnerability in Blurams Lumi Security Camera (A31C) firmware v23.1227.472.2926 allows a local physical attacker to execute arbitrary code by overwriting the bootloader on the SD card.

CVE-2025-64048
Medium

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The issue is in the add() and getPost() functions within ArticleAction.class.php due to improper neutralization of user input in the article title field.

CVE-2025-64047
Medium

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. This allows an attacker to inject malicious scripts into the page, which can be executed in the victim's browser.

CVE-2025-11963
Medium

Podatność CVE-2025-11963 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w StarCities, co pozwala na ataki typu Reflected XSS. Problem ten występuje w wersjach przed 1.1.61.

CVE-2025-0421
Medium

Podatność CVE-2025-0421 dotyczy niewłaściwego ograniczenia renderowanych warstw interfejsu użytkownika lub ramek w oprogramowaniu Shopside firmy Shopside Software Technologies Inc. Problem ten występuje w wersji Shopside do 05022025, umożliwiając wykorzystanie nakładek iFrame.

PreviousPage 256 of 550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS