) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-15120 - A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried... read CVE-2025-15120
Published: December 28, 2025; 12:15:56 AM -0500V3.1: 3.1 LOW
-
CVE-2025-15121 - A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The v... read CVE-2025-15121
Published: December 28, 2025; 12:16:04 AM -0500V3.1: 4.9 MEDIUM
-
CVE-2025-15122 - A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possib... read CVE-2025-15122
Published: December 28, 2025; 12:16:05 AM -0500V3.1: 3.1 LOW
-
CVE-2025-15123 - A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The ... read CVE-2025-15123
Published: December 28, 2025; 2:15:52 AM -0500V3.1: 3.1 LOW
-
CVE-2025-15124 - A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated re... read CVE-2025-15124
Published: December 28, 2025; 2:15:53 AM -0500V3.1: 3.1 LOW
-
CVE-2025-15125 - A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack... read CVE-2025-15125
Published: December 28, 2025; 2:15:53 AM -0500V3.1: 3.1 LOW
-
CVE-2025-15154 - A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to u... read CVE-2025-15154
Published: December 28, 2025; 4:15:54 PM -0500V3.1: 5.3 MEDIUM
-
CVE-2025-15153 - A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch t... read CVE-2025-15153
Published: December 28, 2025; 4:15:54 PM -0500V3.1: 5.9 MEDIUM
-
CVE-2025-65828 - An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Cle... read CVE-2025-65828
Published: December 10, 2025; 4:16:08 PM -0500 -
CVE-2025-65829 - The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust ... read CVE-2025-65829
Published: December 10, 2025; 4:16:08 PM -0500 -
CVE-2023-53871 - Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and ... read CVE-2023-53871
Published: December 15, 2025; 4:15:49 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-65830 - Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may resul... read CVE-2025-65830
Published: December 10, 2025; 4:16:08 PM -0500 -
CVE-2023-53895 - PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malic... read CVE-2023-53895
Published: December 16, 2025; 12:16:01 PM -0500 -
CVE-2023-53899 - PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary end... read CVE-2023-53899
Published: December 16, 2025; 12:16:02 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2023-53901 - WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password cha... read CVE-2023-53901
Published: December 16, 2025; 12:16:02 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2025-65831 - The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through ... read CVE-2025-65831
Published: December 10, 2025; 4:16:08 PM -0500 -
CVE-2025-14958 - A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer o... read CVE-2025-14958
Published: December 19, 2025; 1:15:48 PM -0500V3.1: 7.8 HIGH
-
CVE-2025-67460 - Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
Published: December 10, 2025; 4:16:09 PM -0500 -
CVE-2025-14957 - A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulat... read CVE-2025-14957
Published: December 19, 2025; 12:15:51 PM -0500V3.1: 5.5 MEDIUM
-
CVE-2025-14956 - A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to laun... read CVE-2025-14956
Published: December 19, 2025; 12:15:51 PM -0500V3.1: 7.1 HIGH