Skip to main content
CVE-2025-59700 LOW POC Monitor

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).

Information Disclosure
NVD GitHub
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-65858 LOW POC Monitor

A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.

XSS Debian
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-59696 LOW POC Monitor

CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-13875 LOW POC Monitor

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13876 LOW POC Monitor

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Google Path Traversal
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-13640 LOW PATCH Monitor

Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-13870 LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

Authentication Bypass Debian
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-13877 LOW PATCH Monitor

A security vulnerability in nocobase (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-13879 LOW Monitor

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.

PHP Path Traversal
NVD
CVSS 3.1
2.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy