Search
Search Results (322436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26866 | 1 Apache | 1 Hugegraph-server | 2025-12-14 | 8.8 High |
| A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | ||||
| CVE-2025-10583 | 2 Emrevona, Wordpress | 2 Wp Fastest Cache, Wordpress | 2025-12-14 | 3.5 Low |
| The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-36743 | 1 Solaredge | 1 Se3680h | 2025-12-14 | N/A |
| SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands. | ||||
| CVE-2025-36744 | 1 Solaredge | 1 Se3680h | 2025-12-14 | N/A |
| SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information. | ||||
| CVE-2025-36746 | 1 Solaredge | 1 Monitoring Platform | 2025-12-14 | N/A |
| SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. | ||||
| CVE-2025-36745 | 1 Solaredge | 1 Se3680h | 2025-12-14 | N/A |
| SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information. | ||||
| CVE-2025-36755 | 1 Cleverdisplay | 1 Blueone | 2025-12-14 | N/A |
| The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations. | ||||
| CVE-2025-13506 | 1 Nebim | 1 Nebim V3 Erp | 2025-12-14 | 8.8 High |
| Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1. | ||||
| CVE-2025-58770 | 1 Ami | 1 Aptio V | 2025-12-14 | N/A |
| APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability. | ||||
| CVE-2025-9900 | 1 Redhat | 9 Ai Inference Server, Discovery, Enterprise Linux and 6 more | 2025-12-14 | 8.8 High |
| A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. | ||||
| CVE-2025-13832 | 2025-12-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-67871 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67870 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67869 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67868 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67867 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67866 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67865 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67864 | 2025-12-13 | N/A | ||
| Not used | ||||
| CVE-2025-67863 | 2025-12-13 | N/A | ||
| Not used | ||||