Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-63292 | N/A | Freebox v5 HD (firmware = 1.7.20), Freebox v5 Cry… |
n/a |
n/a |
2025-11-17T00:00:00.000Z | 2025-11-18T16:23:31.441Z |
| cve-2021-4470 | 9.3 (v4.0) | TG8 Firewall Unauthenticated RCE via runphpcmd.php |
TG8 |
TG8 Firewall |
2025-11-14T22:50:45.716Z | 2025-11-18T16:20:30.649Z |
| cve-2016-15056 | 8.7 (v4.0) | Ubee EVW3226 Unauthenticated Backup File Disclosure |
Ubee Interactive |
Ubee EVW3226 |
2025-11-14T22:49:58.179Z | 2025-11-18T16:19:32.158Z |
| cve-2022-4985 | 8.7 (v4.0) | Vodafone H500s WiFi Password Disclosure via activation.json |
Vodacom |
Vodafone H500s |
2025-11-14T22:49:13.629Z | 2025-11-18T16:17:58.154Z |
| cve-2025-7623 | 5.4 (v3.1) | Supermicro BMC SMASH services has a Stack-based buffer… |
SMCI |
MBD-X13SEDW-F |
2025-11-18T07:05:21.640Z | 2025-11-18T16:15:33.824Z |
| cve-2025-8076 | 7.2 (v3.1) | A stack buffer overflow vulnerability exists in the Su… |
SMCI |
MBD-X13SEDW-F |
2025-11-18T07:16:57.968Z | 2025-11-18T16:15:11.475Z |
| cve-2025-11620 | Multiple Roles per User <= 1.0 - Missing Authorization… |
jemoreto |
Multiple Roles per User |
2025-11-18T08:27:30.802Z | 2025-11-18T16:14:35.718Z | |
| cve-2025-12528 | Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary Fi… |
genetechproducts |
Pie Forms — Drag & Drop Form Builder |
2025-11-18T08:27:31.375Z | 2025-11-18T16:03:31.200Z | |
| cve-2025-59117 | 4.8 (v4.0) | Multiple Stored XSS in Windu CMS |
JCD |
Windu CMS |
2025-11-18T13:26:33.240Z | 2025-11-18T15:47:59.801Z |
| cve-2025-9977 | 5.3 (v4.0) | Improper neutralization of input in Times Software E-PAYROLL |
Times Software |
E-Payroll |
2025-11-18T15:46:21.408Z | 2025-11-18T15:46:21.408Z |
| cve-2025-9625 | Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery |
interledger |
Coil Web Monetization |
2025-11-18T08:27:31.753Z | 2025-11-18T15:42:27.177Z | |
| cve-2025-59111 | 6.9 (v4.0) | Broken Access Control in Windu CMS |
JCD |
Windu CMS |
2025-11-18T13:26:39.486Z | 2025-11-18T15:32:08.259Z |
| cve-2025-55074 | 3 (v3.1) | Channel member objects leak read status |
Mattermost |
Mattermost |
2025-11-18T15:23:29.642Z | 2025-11-18T15:25:53.686Z |
| cve-2025-12823 | CSV to SortTable <= 4.2 - Authenticated (Contributor+)… |
sscovil |
CSV to SortTable |
2025-11-18T08:27:32.143Z | 2025-11-18T15:25:27.633Z | |
| cve-2025-12383 | 9.4 (v4.0) | Race Condition allows Bypass of Trust Restrictions |
Eclipse Foundation |
Jersey |
2025-11-18T15:14:37.765Z | 2025-11-18T15:14:37.765Z |
| cve-2025-59116 | 6.9 (v4.0) | User enumeration in Windu CMS |
JCD |
Windu CMS |
2025-11-18T13:26:56.775Z | 2025-11-18T15:13:05.365Z |
| cve-2025-58121 | Insufficient permission validation on multiple REST AP… |
Checkmk GmbH |
Checkmk |
2025-11-18T15:11:35.167Z | 2025-11-18T15:11:35.167Z | |
| cve-2025-58122 | Insufficient permission validation when configuring no… |
Checkmk GmbH |
Checkmk |
2025-11-18T15:11:17.244Z | 2025-11-18T15:11:17.244Z | |
| cve-2025-64996 | Overly broad file permissions in the mk_inotify plugin… |
Checkmk GmbH |
Checkmk |
2025-11-18T15:10:53.398Z | 2025-11-18T15:10:53.398Z | |
| cve-2025-63892 | N/A | A vulnerability was determined in SourceCodester … |
n/a |
n/a |
2025-11-18T00:00:00.000Z | 2025-11-18T15:02:34.379Z |
| cve-2025-63883 | N/A | A DOM-based cross-site scripting vulnerability ex… |
n/a |
n/a |
2025-11-18T00:00:00.000Z | 2025-11-18T15:00:49.066Z |
| cve-2025-12404 | Like-it <= 2.2 - Cross-Site Request Forgery to Stored … |
nikolayyordanov |
Like-it |
2025-11-18T08:27:32.530Z | 2025-11-18T14:59:31.952Z | |
| cve-2025-64446 | 9.4 (v3.1) | A relative path traversal vulnerability in Fortin… |
Fortinet |
FortiWeb |
2025-11-14T15:50:52.778Z | 2025-11-18T14:54:43.893Z |
| cve-2025-12962 | Local Syndication <= 1.5a - Authenticated (Contributor… |
willbontrager |
Local Syndication |
2025-11-18T08:27:32.912Z | 2025-11-18T14:48:42.850Z | |
| cve-2025-10158 | 4.3 (v3.1) | Rsync: Out of bounds array access via negative index |
rsync |
rsync |
2025-11-18T14:24:19.210Z | 2025-11-18T14:45:58.065Z |
| cve-2025-4945 | 3.7 (v3.1) | Libsoup: integer overflow in cookie expiration date ha… |
|
|
2025-05-19T17:03:09.472Z | 2025-11-18T14:43:17.564Z |
| cve-2025-13305 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M fo… |
D-Link |
DWR-M920 |
2025-11-17T23:02:06.147Z | 2025-11-18T14:41:07.089Z | |
| cve-2025-12827 | Top Friends <= 0.3 - Cross-Site Request Forgery to Set… |
denishua |
Top Friends |
2025-11-18T08:27:33.413Z | 2025-11-18T14:40:27.921Z | |
| cve-2025-64195 | N/A | WordPress Eduma theme <= 5.7.6 - Local File Inclusion … |
ThimPress |
Eduma |
2025-10-29T08:38:04.034Z | 2025-11-18T14:39:19.435Z |
| cve-2025-64197 | N/A | WordPress Rehub theme < 19.9.9.1 - Cross Site Scriptin… |
sizam |
Rehub |
2025-10-29T08:38:04.636Z | 2025-11-18T14:38:59.542Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-000008 | Multiple vulnerabilities in Defense Platform Home Edition | 2025-02-05T14:06+09:00 | 2025-02-05T14:06+09:00 |
| jvndb-2025-000009 | WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery | 2025-02-04T13:58+09:00 | 2025-02-04T13:58+09:00 |
| jvndb-2025-001244 | Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager | 2025-01-30T18:19+09:00 | 2025-01-30T18:19+09:00 |
| jvndb-2025-000007 | SXF Common Library vulnerable to improper input data handling | 2025-01-29T14:57+09:00 | 2025-01-29T14:57+09:00 |
| jvndb-2025-000006 | WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting | 2025-01-28T13:44+09:00 | 2025-01-28T13:44+09:00 |
| jvndb-2025-000005 | EXIF Viewer Classic vulnerable to cross-site scripting | 2025-01-27T14:25+09:00 | 2025-01-27T14:25+09:00 |
| jvndb-2025-000003 | FortiWeb vulnerable to SQL injection | 2025-01-21T15:59+09:00 | 2025-01-21T15:59+09:00 |
| jvndb-2025-001027 | Linux Ratfor vulnerable to stack-based buffer overflow | 2025-01-16T13:27+09:00 | 2025-01-16T13:27+09:00 |
| jvndb-2025-000001 | PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting | 2025-01-08T17:08+09:00 | 2025-01-08T17:08+09:00 |
| jvndb-2024-015471 | Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element | 2024-12-25T11:28+09:00 | 2024-12-25T11:28+09:00 |
| jvndb-2024-015393 | Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024) | 2024-12-23T12:52+09:00 | 2024-12-23T12:52+09:00 |
| jvndb-2024-000125 | Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX | 2024-12-04T15:22+09:00 | 2024-12-18T15:20+09:00 |
| jvndb-2024-014918 | Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2024-12-17T15:23+09:00 | 2024-12-17T15:23+09:00 |
| jvndb-2024-000128 | Multiple vulnerabilities in SHARP routers | 2024-12-17T07:54+09:00 | 2024-12-17T07:54+09:00 |
| jvndb-2024-000127 | "Shonen Jump+" App for Android fails to restrict custom URL schemes properly | 2024-12-16T15:07+09:00 | 2024-12-16T15:07+09:00 |
| jvndb-2024-014825 | WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting | 2024-12-16T13:57+09:00 | 2024-12-16T13:57+09:00 |
| jvndb-2024-014793 | Multiple vulnerabilities in FXC AE1021 and AE1021PE | 2024-12-16T11:51+09:00 | 2024-12-16T11:51+09:00 |
| jvndb-2024-014079 | Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection | 2024-12-06T12:11+09:00 | 2024-12-06T12:11+09:00 |
| jvndb-2023-000085 | "Skylark" App fails to restrict custom URL schemes properly | 2023-08-24T13:34+09:00 | 2024-12-03T15:51+09:00 |
| jvndb-2024-000124 | Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers | 2024-12-02T16:38+09:00 | 2024-12-02T16:38+09:00 |
| jvndb-2024-000123 | Multiple FCNT Android devices vulnerable to authentication bypass | 2024-11-29T15:30+09:00 | 2024-11-29T15:30+09:00 |
| jvndb-2024-013702 | Multiple vulnerabilities in FUJI ELECTRIC products | 2024-11-29T14:42+09:00 | 2024-11-29T14:42+09:00 |
| jvndb-2024-002831 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-02-22T08:15+09:00 | 2024-11-27T14:45+09:00 |
| jvndb-2024-000122 | HAProxy vulnerable to HTTP request/response smuggling | 2024-11-27T14:36+09:00 | 2024-11-27T14:36+09:00 |
| jvndb-2024-003025 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2024-03-27T14:26+09:00 | 2024-11-27T14:34+09:00 |
| jvndb-2024-012461 | Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B | 2024-11-13T14:26+09:00 | 2024-11-26T16:11+09:00 |
| jvndb-2024-000020 | Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater | 2024-02-20T14:14+09:00 | 2024-11-26T15:26+09:00 |
| jvndb-2024-000088 | Multiple vulnerabilities in ELECOM wireless LAN routers and access points | 2024-08-27T14:40+09:00 | 2024-11-26T15:17+09:00 |
| jvndb-2024-000121 | WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting | 2024-11-26T13:57+09:00 | 2024-11-26T13:57+09:00 |
| jvndb-2024-000106 | Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software | 2024-10-21T11:58+09:00 | 2024-11-21T11:37+09:00 |