Latest Critical CVEs

• CVE-2025-64983 - Ring Video Doorbell Debug Code Remote Code Execution

  CVE ID :CVE-2025-64983
  Published : Nov. 26, 2025, 5:16 a.m. | 7 hours, 43 minutes ago
  Description :Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device.
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66022 - FACTION Unauthenticated Custom Extension Upload leads to RCE

  CVE ID :CVE-2025-66022
  Published : Nov. 26, 2025, 3:15 a.m. | 9 hours, 44 minutes ago
  Description :FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
  Severity: 9.6 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66266 - Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

  CVE ID :CVE-2025-66266
  Published : Nov. 26, 2025, 2:15 a.m. | 10 hours, 44 minutes ago
  Description :The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66021 - OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

  CVE ID :CVE-2025-66021
  Published : Nov. 26, 2025, 2:15 a.m. | 10 hours, 44 minutes ago
  Description :OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available.
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66263 - Unauthenticated Arbitrary File Read via Null Byte Injection

  CVE ID :CVE-2025-66263
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_setting.php allows reading arbitrary files. The `/var/tdf/download_setting.php` endpoint constructs file paths by concatenating user-controlled `$_GET['filename']` with a forced `.tgz` extension. Running on PHP 5.3.2 (pre-5.3.4), the application is vulnerable to null byte injection (%00), allowing attackers to bypass the extension restriction and traverse paths. By requesting `filename=../../../../etc/passwd%00`, the underlying C functions treat the null byte as a string terminator, ignoring the appended `.tgz` and enabling unauthenticated arbitrary file disclosure of any file readable by the web server user.
  Severity: 8.9 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66262 - Arbitrary File Overwrite via Tar Extraction Path Traversal

  CVE ID :CVE-2025-66262
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive. The `restore_mozzi_memories.sh` script extracts user-controlled tar archives with `-C /` flag, depositing contents to the filesystem root without path validation. When combined with the unauthenticated file upload vulnerabilities (CVE-01, CVE-06, CVE-07), attackers can craft malicious .tgz archives containing path-traversed filenames (e.g., `etc/shadow`, `var/www/index.php`) to overwrite critical system files in writable directories, achieving full system compromise.
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66261 - Unauthenticated OS Command Injection (restore_settings.php)

  CVE ID :CVE-2025-66261
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution. The `/var/tdf/restore_settings.php` endpoint passes user-controlled `$_GET["name"]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, `&&`, etc.) to achieve unauthenticated remote code execution as the web server user.
  Severity: 9.9 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66259 - Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters

  CVE ID :CVE-2025-66259
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in main_ok.php user supplied data/hour/time is passed directly into date shell command
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66257 - Unauthenticated Arbitrary File Deletion (patch_contents.php)

  CVE ID :CVE-2025-66257
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks.
  Severity: 9.2 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66256 - Unauthenticated Arbitrary File Upload (patch_contents.php)

  CVE ID :CVE-2025-66256
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files. The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload malicious files.
  Severity: 9.9 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66255 - Unauthenticated Arbitrary File Upload (upgrade_contents.php)

  CVE ID :CVE-2025-66255
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.  The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution
  Severity: 9.9 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66253 - Unauthenticated OS Command Injection (start_upgrade.php)

  CVE ID :CVE-2025-66253
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root).
  Severity: 9.9 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66252 - Infinite Loop Denial of Service via Failed File Deletion

  CVE ID :CVE-2025-66252
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.
  Severity: 8.4 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66250 - Unauthenticated Arbitrary File Upload (status_contents.php)

  CVE ID :CVE-2025-66250
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.
  Severity: 9.2 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-64657 - Azure Application Gateway Elevation of Privilege Vulnerability

  CVE ID :CVE-2025-64657
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-64656 - Azure Application Gateway Elevation of Privilege Vulnerability

  CVE ID :CVE-2025-64656
  Published : Nov. 26, 2025, 1:16 a.m. | 11 hours, 43 minutes ago
  Description :Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
  Severity: 9.4 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-65957 - Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

  CVE ID :CVE-2025-65957
  Published : Nov. 26, 2025, 12:15 a.m. | 12 hours, 44 minutes ago
  Description :Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-65952 - Console is vulnerable to path traversal regarding custom assets

  CVE ID :CVE-2025-65952
  Published : Nov. 25, 2025, 11:15 p.m. | 13 hours, 44 minutes ago
  Description :Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.
  Severity: 8.7 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13597 - AI Feeds Arbitrary File Upload

  CVE ID :CVE-2025-13597
  Published : Nov. 25, 2025, 11:15 p.m. | 13 hours, 44 minutes ago
  Description :The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13595 - CIBELES AI rbitrary File Upload

  CVE ID :CVE-2025-13595
  Published : Nov. 25, 2025, 11:15 p.m. | 13 hours, 44 minutes ago
  Description :The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...