Total
324312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14959 | 1 Code-projects | 1 Simple Stock System | 2025-12-23 | 7.3 High |
| A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2023-53954 | 1 Actfax | 1 Actfax | 2025-12-23 | 6.2 Medium |
| ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts. | ||||
| CVE-2025-12874 | 1 Quest | 1 Coexistence Manager For Notes | 2025-12-23 | N/A |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected. | ||||
| CVE-2023-53959 | 1 Filezilla-project | 1 Filezilla Client | 2025-12-23 | 9.8 Critical |
| FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. | ||||
| CVE-2023-53958 | 1 Ltb-project | 1 Ldap Tool Box Self Service Password | 2025-12-23 | 7.5 High |
| LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens. | ||||
| CVE-2025-68613 | 1 N8n | 1 N8n | 2025-12-23 | 10 Critical |
| n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures. | ||||
| CVE-2025-68481 | 1 Fastapi-users | 1 Fastapi-users | 2025-12-23 | 5.9 Medium |
| FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. `generate_state_token()` is always called with an empty `state_data` dict, so the resulting JWT only contains the fixed audience claim plus an expiration timestamp. On callback, the library merely checks that the JWT verifies under `state_secret` and is unexpired; there is no attempt to match the state value to the browser that initiated the OAuth request, no correlation cookie, and no server-side cache. Any attacker can hit `/authorize`, capture the server-generated state, finish the upstream OAuth flow with their own provider account, and then trick a victim into loading `.../callback?code=<attacker_code>&state=<attacker_state>`. Because the state JWT is valid for any client for \~1 hour, the victim’s browser will complete the flow. This leads to login CSRF. Depending on the app’s logic, the login CSRF can lead to an account takeover of the victim account or to the victim user getting logged in to the attacker's account. Version 15.0.2 contains a patch for the issue. | ||||
| CVE-2025-13183 | 2025-12-23 | 7.3 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from 2.4.0 before 2.4.4. | ||||
| CVE-2025-68343 | 1 Linux | 1 Linux Kernel | 2025-12-23 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short. | ||||
| CVE-2025-7733 | 2 Wordpress, Wp-jobhunt Project | 2 Wordpress, Wp-jobhunt | 2025-12-23 | 4.3 Medium |
| The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user. | ||||
| CVE-2025-14299 | 1 Tp-link | 3 Tapo, Tapo C200, Tapo C200 V3 | 2025-12-23 | N/A |
| The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). | ||||
| CVE-2025-8065 | 1 Tp-link | 3 Tapo, Tapo C200, Tapo C200 V3 | 2025-12-23 | N/A |
| A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS). | ||||
| CVE-2023-25446 | 1 Wordpress | 1 Wordpress | 2025-12-23 | 7.7 High |
| Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1. | ||||
| CVE-2025-68644 | 2025-12-23 | 7.4 High | ||
| Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances. | ||||
| CVE-2025-12820 | 1 Wordpress | 1 Wordpress | 2025-12-23 | 5.3 Medium |
| The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them. | ||||
| CVE-2025-14994 | 1 Tenda | 2 Fh1201, Fh1206 | 2025-12-23 | 8.8 High |
| A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-62955 | 1 Wordpress | 1 Wordpress | 2025-12-23 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1. | ||||
| CVE-2025-15015 | 1 Ragic | 1 Enterprise Cloud Database | 2025-12-23 | 7.5 High |
| Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||||
| CVE-2023-53957 | 1 Kimai | 1 Kimai | 2025-12-23 | 9.8 Critical |
| Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking. | ||||
| CVE-2025-14735 | 1 Wordpress | 1 Wordpress | 2025-12-23 | 4.4 Medium |
| The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||