🔒 Security Vulnerability Index

Critical and High-Severity Vulnerabilities (CVSS > 7.0)

CVE-2025-66203: StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

CRITICAL - 9.9/10

Published: 27 Dec 2025

CVE-2025-54322: Xspeeder SXZOS Remote Code Execution Vulnerability

CRITICAL - 10.0/10

Published: 27 Dec 2025

CVE-2025-15089: UTT 进取 512W APSecurity strcpy buffer overflow

CRITICAL - 9.0/10

Published: 26 Dec 2025

CVE-2025-15090: UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

CRITICAL - 9.0/10

Published: 26 Dec 2025

CVE-2025-15092: UTT 进取 512W ConfigExceptMSN strcpy buffer overflow

CRITICAL - 9.0/10

Published: 26 Dec 2025

CVE-2025-59887: Eaton UPS Companion Library File Authentication Bypass

HIGH - 8.6/10

Published: 26 Dec 2025

CVE-2025-13915: Authentication bypass in IBM API Connect

CRITICAL - 9.8/10

Published: 26 Dec 2025

CVE-2025-68665: LangChain serialization injection vulnerability enables secret extraction

HIGH - 8.6/10

Published: 24 Dec 2025

CVE-2025-68667: continuwuity Has an Unintended Proxy or Intermediary and Improper Input Validation

CRITICAL - 9.9/10

Published: 24 Dec 2025

CVE-2025-68669: 5ire vulnerable to Remote Code Execution (RCE) via mermaid

CRITICAL - 9.6/10

Published: 24 Dec 2025

CVE-2025-68696: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

HIGH - 8.8/10

Published: 24 Dec 2025

CVE-2025-68664: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

CRITICAL - 9.3/10

Published: 24 Dec 2025

CVE-2025-43875: iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo

HIGH - 8.7/10

Published: 24 Dec 2025

CVE-2025-2155: Arbitrary File Upload in EchoCCS's Specto CM

HIGH - 8.8/10

Published: 24 Dec 2025

CVE-2025-43876: iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings

HIGH - 8.7/10

Published: 24 Dec 2025

CVE-2025-8769: MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation

CRITICAL - 9.8/10

Published: 24 Dec 2025

CVE-2025-68916: Riello UPS NetMan 208 Remote File Inclusion Vulnerability

CRITICAL - 9.1/10

Published: 24 Dec 2025

CVE-2019-25255: VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution

HIGH - 8.7/10

Published: 24 Dec 2025

CVE-2019-25257: LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

HIGH - 8.7/10

Published: 24 Dec 2025

CVE-2019-25249: devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

CRITICAL - 9.8/10

Published: 24 Dec 2025

CVE-2019-25248: Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure

HIGH - 8.7/10

Published: 24 Dec 2025

CVE-2019-25243: FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

HIGH - 8.8/10

Published: 24 Dec 2025

CVE-2025-68920: C-Kermit Remote File Overwrite/Vulnerable File Retrieval

HIGH - 8.9/10

Published: 25 Dec 2025

CVE-2025-68475: Fedify has ReDoS Vulnerability in HTML Parsing Regex

HIGH - 7.5/10

Published: 23 Dec 2025

CVE-2025-68476: KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

HIGH - 8.2/10

Published: 23 Dec 2025

CVE-2025-65856: Xiongmai XM530 IP Camera Authentication Bypass

CRITICAL - 9.8/10

Published: 23 Dec 2025

CVE-2025-65857: Xiongmai XM530 IP Camera Unauthenticated Video Stream Exposure

HIGH - 7.5/10

Published: 23 Dec 2025

CVE-2025-15034: itsourcecode Student Management System record.php sql injection

HIGH - 7.5/10

Published: 23 Dec 2025

CVE-2025-67109: Eclipse Cyclone DDS Certificate Verification Bypass

CRITICAL - 10.0/10

Published: 23 Dec 2025

CVE-2025-65865: eProsima Fast-DDS Integer Overflow Denial of Service

HIGH - 7.5/10

Published: 23 Dec 2025

CVE-2025-67108: eProsima Fast-DDS Data Validation Vulnerability

CRITICAL - 10.0/10

Published: 23 Dec 2025

CVE-2024-9684: FreyrSCADA IEC-60870-5-104 Server Denial of Service

HIGH - 7.5/10

Published: 23 Dec 2025

CVE-2025-33222: NVIDIA Isaac Launchable Hard-Coded Credential Disclosure

CRITICAL - 9.8/10

Published: 23 Dec 2025

Cyber Security News| AI Security News| Hacking News | Cyber Attack News| Security Learning

Search Suggest

Vulnerabilities

🔒 Security Vulnerability Index

CVE-2025-66203: StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

CVE-2025-54322: Xspeeder SXZOS Remote Code Execution Vulnerability

CVE-2025-15089: UTT 进取 512W APSecurity strcpy buffer overflow

CVE-2025-15090: UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

CVE-2025-15092: UTT 进取 512W ConfigExceptMSN strcpy buffer overflow

CVE-2025-59887: Eaton UPS Companion Library File Authentication Bypass

CVE-2025-13915: Authentication bypass in IBM API Connect

CVE-2025-68665: LangChain serialization injection vulnerability enables secret extraction

CVE-2025-68667: continuwuity Has an Unintended Proxy or Intermediary and Improper Input Validation

CVE-2025-68669: 5ire vulnerable to Remote Code Execution (RCE) via mermaid

CVE-2025-68696: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

CVE-2025-68664: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

CVE-2025-43875: iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo

CVE-2025-2155: Arbitrary File Upload in EchoCCS's Specto CM

CVE-2025-43876: iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings

CVE-2025-8769: MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation

CVE-2025-68916: Riello UPS NetMan 208 Remote File Inclusion Vulnerability

CVE-2019-25255: VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution

CVE-2019-25257: LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

CVE-2019-25249: devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

CVE-2019-25248: Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure

CVE-2019-25243: FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

CVE-2025-68920: C-Kermit Remote File Overwrite/Vulnerable File Retrieval

CVE-2025-68475: Fedify has ReDoS Vulnerability in HTML Parsing Regex

CVE-2025-68476: KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

CVE-2025-65856: Xiongmai XM530 IP Camera Authentication Bypass

CVE-2025-65857: Xiongmai XM530 IP Camera Unauthenticated Video Stream Exposure

CVE-2025-15034: itsourcecode Student Management System record.php sql injection

CVE-2025-67109: Eclipse Cyclone DDS Certificate Verification Bypass

CVE-2025-65865: eProsima Fast-DDS Integer Overflow Denial of Service

CVE-2025-67108: eProsima Fast-DDS Data Validation Vulnerability

CVE-2024-9684: FreyrSCADA IEC-60870-5-104 Server Denial of Service

CVE-2025-33222: NVIDIA Isaac Launchable Hard-Coded Credential Disclosure