Lucene search
K

3869 matches found

EUVD
EUVD
added 2025/12/08 6:30 p.m.4 views

EUVD-2025-201752

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS6.4AI score0.00095EPSS
Exploits0References3
NVD
NVD
added 2025/12/08 5:16 p.m.7 views

CVE-2025-48612

In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS0.00095EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 4:57 p.m.18 views

CVE-2025-48612

CVE-2025-48612 affects Android work-profile contexts where an app can alter the main user's NFC payment default due to improper input validation at multiple locations. The root cause is input validation issues that enable a local escalation of privilege without additional execution privileges or ...

7.8CVSS5.9AI score0.00095EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48612

In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

0.00095EPSS
Exploits0References1
CVE
CVE
added 2025/12/07 12:2 p.m.13 views

CVE-2025-14190

Chanjet TPlus is affected by CVE-2025-14190 through a SQL injection in the parameter currentAccId used by the Load path: /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. The flaw, exploitable remotely, stems from the unknown/undocumented functionality a...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/07 12:2 p.m.3 views

CVE-2025-14190 Chanjet TPlus sql injection

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

7.5CVSS6.4AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/07 12:2 p.m.16 views

CVE-2025-14190 Chanjet TPlus sql injection

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

7.5CVSS0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.4 views

PT-2025-49403

Name of the Vulnerable Software and Affected Versions Chanjet TPlus versions prior to 20251121 Description A flaw exists in Chanjet TPlus that allows for SQL injection. The issue is related to the manipulation of the currentAccId argument within the file...

7.5CVSS7.4AI score0.00259EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/05 1:33 p.m.6 views

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

9.8CVSS4.7AI score0.00362EPSS
Exploits1References1
NVD
NVD
added 2025/12/05 6:16 a.m.2 views

CVE-2025-12165

The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcakesaveconfig' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 6:7 a.m.4 views

EUVD-2025-201359

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS4.7AI score0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 6:7 a.m.23 views

CVE-2025-12354 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS0.0019EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/04 3:31 p.m.2 views

CVE-2025-40245

In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.currentlimit is set when setting pfn limits On nios2, with CONFIGFLATMEM set, the kernel relies on memblockgetcurrentlimit to determine the limits of memmap, in particular for maxlowpfn. Unfortunately,...

5.2AI score0.00173EPSS
Exploits0
NVD
NVD
added 2025/12/04 2:16 p.m.8 views

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

9.8CVSS0.00362EPSS
Exploits1References4
OSV
OSV
added 2025/12/04 2:16 p.m.2 views

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

9.8CVSS5.3AI score0.00362EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/04 1:32 p.m.2 views

CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

5.8CVSS4.7AI score0.00362EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/04 1:32 p.m.4 views

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

9.8CVSS5AI score0.00362EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/04 1:32 p.m.30 views

CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

5.8CVSS0.00362EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/04 1:32 p.m.6 views

EUVD-2025-201162

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery. Remote exploitation of the attack is...

5.8CVSS4.6AI score0.00362EPSS
Exploits1References5
CVE
CVE
added 2025/12/04 1:32 p.m.8 views

CVE-2025-14004

Dayrui XunRuiCMS is affected up to version 4.7.1. The vulnerability lies in the Email Setting Handler component, specifically the file /admind45f74adbd95.php?c=email&m=add, where manipulation enables server-side request forgery. Remote exploitation is possible and exploits have been released publ...

9.8CVSS4.7AI score0.00362EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder