Aggregator
CVE-2025-22131
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 42 - PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
CVE-2025-52665
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 34
CVE-2025-22167
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 11 - This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to ...
CVE-2025-61932
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 11 - Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-62641
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 1 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox ...
CVE-2025-59287
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 72 - Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-61882
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 3 - Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to ...
CVE-2025-54236
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 19 - Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity ...
CVE-2025-2777
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 22 - SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
CVE-2025-2775
1 hour 6 minutes ago
Currently trending CVE - Hype Score: 22 - SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
CVE-2025-12214 | Tenda O3 1.0.0.10(2478) /goform/sysAutoReboot SetValue/GetValue enable stack-based overflow
2 hours 19 minutes ago
A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing manipulation of the argument enable results in stack-based buffer overflow.
This vulnerability was named CVE-2025-12214. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2025-12213 | Tenda O3 1.0.0.10(2478) /goform/setVlanConfig SetValue/GetValue lan stack-based overflow
2 hours 19 minutes ago
A vulnerability classified as critical was found in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow.
This vulnerability is uniquely identified as CVE-2025-12213. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2025-12212 | Tenda O3 1.0.0.10(2478) setNetworkService SetValue/GetValue upnpEn stack-based overflow
2 hours 19 minutes ago
A vulnerability classified as critical has been found in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow.
This vulnerability is handled as CVE-2025-12212. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
CVE-2025-12211 | Tenda O3 1.0.0.10(2478) /goform/setDmzInfo SetValue/GetValue dmzIP stack-based overflow
2 hours 19 minutes ago
A vulnerability described as critical has been identified in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow.
This vulnerability is known as CVE-2025-12211. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2025-12210 | Tenda O3 1.0.0.10(2478) /goform/AdvSetLanip SetValue/GetValue lanIp stack-based overflow
2 hours 19 minutes ago
A vulnerability marked as critical has been reported in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2025-12210. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-12209 | Tenda O3 1.0.0.10(2478) /goform/setDhcpConfig SetValue/GetValue dhcpEn stack-based overflow
2 hours 19 minutes ago
A vulnerability labeled as critical has been found in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing manipulation of the argument dhcpEn can lead to stack-based buffer overflow.
This vulnerability appears as CVE-2025-12209. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2025-12208 | SourceCodester Best House Rental Management System 1.0 /admin_class.php login2 Username sql injection
2 hours 24 minutes ago
A vulnerability identified as critical has been detected in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection.
This vulnerability is reported as CVE-2025-12208. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2025-12207 | Kamailio 5.5 Grammar Rule src/core/cfg.y yyerror_at null pointer dereference
2 hours 25 minutes ago
A vulnerability categorized as problematic has been discovered in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference.
This vulnerability is documented as CVE-2025-12207. The attack needs to be performed locally. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-12206 | Kamailio 5.5 src/core/rvalue.c rve_is_constant null pointer dereference
2 hours 25 minutes ago
A vulnerability was found in Kamailio 5.5. It has been rated as problematic. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference.
This vulnerability is registered as CVE-2025-12206. The attack needs to be launched locally. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com