CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2025-65828
Medium

An unauthenticated attacker within BLE range can send shutdown, restart, or clear config commands to Meatmeet devices, causing denial of service. The device loses cloud connectivity until manually reconfigured or restarted.

CVE-2025-34430
Medium

CSRF vulnerability in 1Panel versions 1.10.33 through 2.0.15 in the panel name management functionality. Lack of CSRF defenses (tokens, Origin/Referer validation) allows an attacker to change the victim's panel name without consent via a crafted webpage.

CVE-2025-13125
Medium

Podatność CVE-2025-13125 dotyczy DijiDemi i polega na obejściu autoryzacji poprzez klucz kontrolowany przez użytkownika, co umożliwia wykorzystanie zaufanych identyfikatorów. Problem ten będzie aktualny do 28.11.2025.

CVE-2025-14087
MediumEPSS 51%

A flaw in GLib (Gnome Lib) allows a remote attacker to cause heap corruption via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings, leading to denial of service or potential code execution.

CVE-2025-64898
Medium

A vulnerability in ColdFusion allows an attacker to gain limited unauthorized write access due to insufficiently protected credentials. The flaw stems from improper storage or transmission of authentication data. Exploitation does not require user interaction.

CVE-2025-61821
Medium

An XXE vulnerability in ColdFusion allows unauthorized file system reads on the server. Affected versions include 2025.4, 2023.16, 2021.22 and earlier. An attacker can exploit this to access sensitive files, though exploitation depends on conditions beyond the attacker's control.

CVE-2025-64667
MediumEPSS 52%

A flaw in the user interface of Microsoft Exchange Server leads to misrepresentation of critical information, allowing an unauthorized attacker to perform spoofing over a network.

CVE-2025-61078
Medium

A cross-site scripting (XSS) vulnerability was found in phpIPAM v1.7.3 in the Request IP form. It allows remote attackers to inject arbitrary web script or HTML via the instructions parameter at the /app/admin/instructions/edit-result.php endpoint.

CVE-2025-6924
Medium

Podatność CVE-2025-6924 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co pozwala na wystąpienie ataków typu Reflected XSS.

CVE-2025-6923
Medium

Podatność CVE-2025-6923 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software UNIS, co pozwala na ataki typu Reflected XSS.

CVE-2025-10876
Medium

Podatność CVE-2025-10876 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co umożliwia ataki typu Cross-Site Scripting (XSS). Problem ten dotyczy wersji e-BAP Automation od 1.8.96 do przed v.41815.

CVE-2025-65799
Medium

In the Attachment service of usememos memos v0.25.2, a lack of file name validation allows attackers to perform a path traversal. This vulnerability enables access to files outside the intended directory.

CVE-2025-65797
Medium

An incorrect access control vulnerability in the Identity Provider service of usememos memos v0.25.2 allows low-privileged attackers to arbitrarily modify or delete registered identity providers. This can lead to account takeover or Denial of Service (DoS).

CVE-2025-48600
Medium

W wielu plikach istnieje możliwość ujawnienia informacji między użytkownikami z powodu braku sprawdzenia uprawnień. Może to prowadzić do lokalnego ujawnienia informacji bez potrzeby dodatkowych uprawnień wykonawczych.

CVE-2025-65798
Medium

In usememos memos version 0.25.2, incorrect access control allows attackers with low-level privileges to arbitrarily modify or delete attachments created by other users.

CVE-2025-65796
Medium

In usememos memos version 0.25.2, an incorrect access control allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

CVE-2025-66329
Medium

A permission control vulnerability in the window management module. Exploitation may impact system availability.

CVE-2025-14104
Medium

A flaw was found in util-linux that allows a heap buffer overread when processing 256-byte usernames in the `setpwnam()` function. This affects SUID login-utils utilities that write to the password database.

CVE-2025-64056
Medium

A file upload vulnerability in Fanvil x210 V2 version 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

CVE-2025-64052
MediumEPSS 83%

An issue was discovered in Fanvil x210 V2 version 2.12.20 that allows unauthenticated attackers on the local network to execute arbitrary system commands.

PreviousPage 296 of 597Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS