CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2025-64052
MediumEPSS 83%

An issue was discovered in Fanvil x210 V2 version 2.12.20 that allows unauthenticated attackers on the local network to execute arbitrary system commands.

CVE-2025-40251
Medium

W jądrze systemu Linux zidentyfikowano podatność w funkcji devl_rate_nodes_destroy, która nie ustawia wskaźnika rodzica na NULL dla obiektów rate, co prowadzi do pozostawienia wskaźnika w stanie wiszącym. To może powodować błędy związane z licznikiem odniesień w komponentach netdevsim i mlx5.

CVE-2025-63402
Medium

A vulnerability in HCLTech GRAGON before version 7.6.0 allows a remote attacker to execute arbitrary code via APIs that do not enforce limits on the number or size of requests.

CVE-2025-63401
Medium

A Cross Site Scripting (XSS) vulnerability was found in HCLTech DRAGON prior to version 7.6.0. Missing security directives allow a remote attacker to execute arbitrary code in the victim's browser context.

CVE-2025-65841
Medium

A vulnerability in Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local file using a weak obfuscation scheme. The password is 'encrypted' through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value.

CVE-2025-57202
Medium

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH DGM1104 allows attackers to inject malicious JavaScript or HTML into the username field. Successful exploitation enables arbitrary script execution in the victim's browser context.

CVE-2025-57200
MediumEPSS 76%

An authenticated command injection vulnerability was discovered in the test_mail function of AVTECH SECURITY DGM1104 (firmware version FullImg-1015-1004-1006-1003). This flaw allows an attacker to execute arbitrary system commands via crafted input.

CVE-2025-65955
Medium

In ImageMagick, prior to versions 7.1.2-9 and 6.9.13-34, there is a vulnerability in the Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. This leads to memory being freed while leaving a pointer to freed memory, which can result in crashes or heap corruption.

CVE-2025-13505
Medium

Podatność CVE-2025-13505 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych, co prowadzi do ataków typu Cross-site Scripting (XSS). Dotyczy to wersji Datactive od 2.13.34 do przed 2.14.0.6, umożliwiając przechowywane XSS.

CVE-2025-66412
Medium

W Angularze, przed wersjami 21.0.2, 20.3.15 i 19.2.17, zidentyfikowano podatność typu Stored Cross-Site Scripting (XSS) w kompilatorze szablonów. Problem wynika z niekompletności wewnętrznego schematu zabezpieczeń kompilatora, co pozwala atakującym na obejście wbudowanej sanitizacji bezpieczeństwa Angulara.

CVE-2025-65622
Medium

Snipe-IT before version 8.3.4 is vulnerable to stored XSS via the Locations "Country" field. A low-privileged authenticated user can inject JavaScript that executes in another user's session.

CVE-2025-65621
Medium

A stored XSS vulnerability in Snipe-IT before version 8.3.4 allows a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.

CVE-2025-13129
Medium

Podatność w Seneka Software dotycząca niewłaściwego egzekwowania workflow behawioralnego pozwala na niewłaściwe wykorzystanie funkcjonalności. Problem dotyczy wersji Onaylarım od 25.09.26.01 do 18112025.

CVE-2025-13296
Medium

W podatności CVE-2025-13296 występuje luka typu Cross-Site Request Forgery (CSRF) w oprogramowaniu T-Soft E-Commerce firmy Tekrom Technology Inc. Umożliwia ona przeprowadzenie ataku CSRF.

CVE-2025-65670
Medium

An IDOR vulnerability in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in temporary unauthorized disclosure of sensitive course, admin, and student data before the system reverts to normal access restrictions.

CVE-2025-65676
Medium

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

CVE-2025-65675
Medium

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

CVE-2025-61167
Medium

Multiple SQL injection vulnerabilities were discovered in SIGB PMB version 8.0.1.14 in the /opac_css/ajax_selector.php component. The flaws exist in the id and datas parameters.

CVE-2025-63674
Medium

A vulnerability in Blurams Lumi Security Camera (A31C) firmware v23.1227.472.2926 allows a local physical attacker to execute arbitrary code by overwriting the bootloader on the SD card.

CVE-2025-64048
Medium

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The issue is in the add() and getPost() functions within ArticleAction.class.php due to improper neutralization of user input in the article title field.

PreviousPage 304 of 605Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS