iyadalkhatib98/My_CVES

iyadalkhatib98/My_CVES

Releases0

Stars1

PWN The World

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65228 ↗	Dec 8, 2025Monday, 8 December 2025, 21:16	3.5 LOW	—
A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).
CVE-2025-65230 ↗	Dec 8, 2025Monday, 8 December 2025, 20:15	5.4 MEDIUM	—
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.
CVE-2025-65231 ↗	Dec 8, 2025Monday, 8 December 2025, 19:15	6.1 MEDIUM	—
Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.
CVE-2025-63952 ↗	Nov 24, 2025Monday, 24 November 2025, 17:16	5.7 MEDIUM	—
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
CVE-2025-63953 ↗	Nov 24, 2025Monday, 24 November 2025, 17:16	6.5 MEDIUM	—
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.