Security Vulnerabilities
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-12
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-12-12
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
CVSS Score
4.4
EPSS Score
0.0
Published
2025-12-12
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-12
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-12
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-12
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to gain root privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-12
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-12
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
CVSS Score
2.8
EPSS Score
0.0
Published
2025-12-12
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-12