NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14276	A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This...	2025-12-08	5.6	NETWORK	MEDIUM	NVD
CVE-2025-12832	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attac...	2025-12-08	4.6	ADJACENT_NETWORK	MEDIUM	NVD
CVE-2025-12635	IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting...	2025-12-08	5.4	NETWORK	MEDIUM	NVD
CVE-2025-65228	A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1....	2025-12-08	3.5	NETWORK	LOW	NVD
CVE-2025-65230	Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.	2025-12-08	5.4	NETWORK	MEDIUM	NVD
CVE-2025-65229	A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server <= 9.0.3. An authenticated user with access to Se...	2025-12-08	4.6	NETWORK	MEDIUM	NVD
CVE-2025-65849	A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce i...	2025-12-08	9.1	NETWORK	CRITICAL	NVD
CVE-2025-65548	NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage wh...	2025-12-08	9.1	NETWORK	CRITICAL	NVD
CVE-2025-65271	Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of ...	2025-12-08	8.8	NETWORK	HIGH	NVD
CVE-2025-65231	Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS cl...	2025-12-08	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14261	The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, whi...	2025-12-08	7.1	NETWORK	HIGH	NVD
CVE-2025-65804	Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code e...	2025-12-08	6.5	ADJACENT_NETWORK	MEDIUM	NVD
CVE-2025-64081	SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to ex...	2025-12-08	9.8	NETWORK	CRITICAL	NVD
CVE-2025-48625	In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition...	2025-12-08	7.0	LOCAL	HIGH	NVD
CVE-2025-48608	In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local inf...	2025-12-08	5.5	LOCAL	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.