Skip to main content
CVE-2025-59695 CRITICAL POC Act Now

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

Authentication Bypass Nshield Connect Xc Base Firmware Nshield Connect Xc Mid Firmware Nshield 5c Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65656 CRITICAL POC Act Now

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

PHP LFI Information Disclosure Dcat Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59693 CRITICAL POC Act Now

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

Privilege Escalation Nshield Connect Xc Base Firmware Nshield 5c Firmware Nshield Connect Xc Mid Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65358 CRITICAL POC Act Now

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

PHP SQLi Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-60736 CRITICAL POC Act Now

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

PHP SQLi Online Medicine Guide
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-59703 CRITICAL POC Act Now

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

Authentication Bypass Nshield Connect Xc Base Firmware Nshield Hsmi Firmware Nshield 5c Firmware Nshield Connect Xc High Firmware +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-11779 CRITICAL Act Now

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

Command Injection Stack Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2025-11783 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.

Stack Overflow Buffer Overflow RCE Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-60854 CRITICAL Act Now

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Command Injection R15 Firmware D-Link
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-41742 CRITICAL Act Now

CVE-2025-41742 is a security vulnerability (CVSS 9.8) that allows the attacker. Critical severity with potential for significant impact on affected systems.

Authentication Bypass Sprecon E C Firmware Sprecon E T3 Firmware Sprecon E P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13542 CRITICAL Act Now

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Privilege Escalation WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11786 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Stack Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11785 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11784 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11782 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-58386 CRITICAL Act Now

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.

Authentication Bypass Terminalfour
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11778 CRITICAL Act Now

Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.

Heap Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11788 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Heap Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11780 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.

Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-41013 CRITICAL PATCH Act Now

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

SQLi Gim
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-65896 CRITICAL GHSA Act Now

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.

SQLi Asyncmy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-13510 CRITICAL Act Now

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-13658 CRITICAL Act Now

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

RCE Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-66409 CRITICAL PATCH Act Now

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Information Disclosure Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-41744 CRITICAL Act Now

CVE-2025-41744 is a security vulnerability (CVSS 9.1) that allows an unprivileged remote attacker. Critical severity with potential for significant impact on affected systems.

Information Disclosure Sprecon E T3 Firmware Sprecon E P Firmware Sprecon E C Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-13872 CRITICAL Act Now

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

SSRF Opinio
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-13828 CRITICAL PATCH Act Now

CVE-2025-13828 is a security vulnerability (CVSS 9.0). Critical severity with potential for significant impact on affected systems.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy