CVE-2025-12202 - A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack ca... read CVE-2025-12202
Published: October 26, 2025; 10:15:46 PM -0400

CVE-2025-12201 - A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of... read CVE-2025-12201
Published: October 26, 2025; 10:15:45 PM -0400

V3.1: 7.2 HIGH

CVE-2026-22245 - Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP address... read CVE-2026-22245
Published: January 08, 2026; 11:16:02 AM -0500

V3.1: 7.5 HIGH

CVE-2025-15458 - A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to laun... read CVE-2025-15458
Published: January 05, 2026; 12:15:55 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-11543 - Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
Published: December 22, 2025; 12:16:18 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-11540 - Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.
Published: December 22, 2025; 12:16:06 AM -0500

V3.1: 7.5 HIGH

CVE-2025-11541 - Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Published: December 22, 2025; 12:16:16 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-11542 - Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
Published: December 22, 2025; 12:16:17 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-15457 - A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It... read CVE-2025-15457
Published: January 05, 2026; 12:15:54 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-25613 - FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and ... read CVE-2025-25613
Published: November 20, 2025; 4:16:02 PM -0500

CVE-2025-12049 - Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform o... read CVE-2025-12049
Published: December 22, 2025; 12:16:19 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-63210 - The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecti... read CVE-2025-63210
Published: November 19, 2025; 1:15:49 PM -0500

CVE-2025-63207 - The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to chang... read CVE-2025-63207
Published: November 19, 2025; 1:15:48 PM -0500

CVE-2025-1798 - The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks.
Published: March 25, 2025; 2:15:40 AM -0400

CVE-2025-63205 - An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive infor... read CVE-2025-63205
Published: November 19, 2025; 1:15:48 PM -0500

CVE-2025-63224 - The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any o... read CVE-2025-63224
Published: November 19, 2025; 11:15:48 AM -0500

CVE-2026-20976 - Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
Published: January 09, 2026; 2:16:04 AM -0500

V3.1: 7.8 HIGH

CVE-2026-20975 - Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
Published: January 09, 2026; 2:16:04 AM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20969 - Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Published: January 09, 2026; 2:16:03 AM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20972 - Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
Published: January 09, 2026; 2:16:03 AM -0500

V3.1: 3.3 LOW