All CVEs — 2025 (Page 3/225)

Medium

CVE-2025-54715

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager allows Path Traversal.…

CVSS: 4.9 CWE: CWE-22

Medium

CVE-2025-54712

Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a thr…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-54708

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54054

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: f…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-53587

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2025-53582

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-53575

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyDa…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-53347

Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-53343

Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0.

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53342

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/a through 3.4.0.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53341

Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53330

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53249

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2025-53241

Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.

CVSS: 5.5 CWE: CWE-918

Medium

CVE-2025-53221

Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0.

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53219

Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2.

CVSS: 5.4 CWE: CWE-352

High

CVE-2025-52797

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1.

CVSS: 8.2 CWE: CWE-352

Medium

CVE-2025-52771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander: from n/a through 1.0.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-52769

Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.0006.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-52767

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin…

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-52765

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a throu…

CVSS: 7.1 CWE: CWE-352

Low

CVE-2025-8974

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHe…

CVSS: 3.7 CWE: CWE-259

High

CVE-2025-8973

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8972

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argu…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.

CVSS: 6.1 CWE: CWE-79

High

CVE-2025-51986

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.

CVSS: 7.5 CWE: CWE-835

Medium

CVE-2025-21110

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerabil…

CVSS: 6.7 CWE: CWE-250

Medium

CVE-2024-37945

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addon…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks bet…

CVSS: 6.5 CWE: CWE-421

Medium

CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Sear…

CVSS: 6.7 CWE: CWE-428

Medium

CVE-2025-9039

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group…

CVSS: 4.3 CWE: CWE-277

High

CVE-2025-8971

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8970

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID lea…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8969

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8968

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The man…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype P…

CVSS: 7.3 CWE: CWE-1321

High

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workf…

CVSS: 8.6 CWE: CWE-94

Medium

CVE-2025-50817

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, i…

CVSS: 5.4 CWE: CWE-77

Medium

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to ex…

CVSS: 4.9 CWE: CWE-77

Medium

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain.…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-20268

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured pol…

CVSS: 5.8 CWE: CWE-229

Critical

CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands tha…

CVSS: 10.0 CWE: CWE-74

High

CVE-2025-20263

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…

CVSS: 8.6 CWE: CWE-680

Medium

CVE-2025-20254

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20253

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20252

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20251

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authen…

CVSS: 8.5 CWE: CWE-1287

High

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote…

CVSS: 7.7 CWE: CWE-1287

High

CVE-2025-20243

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexp…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20239

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat D…

CVSS: 8.6 CWE: CWE-401

Medium

CVE-2025-20238

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arb…

CVSS: 6.0 CWE: CWE-1244

Medium

CVE-2025-20237

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arb…

CVSS: 6.0 CWE: CWE-146

Medium

CVE-2025-20235

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-20225

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat D…

CVSS: 5.8 CWE: CWE-401

Medium

CVE-2025-20224

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20222

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could…

CVSS: 8.6 CWE: CWE-120

Medium

CVE-2025-20220

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute ar…

CVSS: 6.0 CWE: CWE-78

Medium

CVE-2025-20219

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD…

CVSS: 5.3 CWE: CWE-284

Medium

CVE-2025-20218

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an…

CVSS: 4.9 CWE: CWE-643

High

CVE-2025-20217

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a d…

CVSS: 8.5 CWE: CWE-20

High

CVE-2025-20136

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fire…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20135

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthentic…

CVSS: 4.3 CWE: CWE-401

High

CVE-2025-20134

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…

CVSS: 8.6 CWE: CWE-415

High

CVE-2025-20133

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacke…

CVSS: 8.6 CWE: CWE-401

High

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Ci…

CVSS: 7.7 CWE: CWE-404

High

CVE-2023-43692

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.

CVSS: 7.5 CWE: CWE-125

Medium

CVE-2023-43683

An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling new…

CVSS: 6.5 CWE: CWE-121

High

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argume…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argum…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8965

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminS…

CVSS: 6.3 CWE: CWE-284

High

CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.…

CVSS: 7.0 CWE: CWE-61

Medium

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing…

CVSS: 6.2 CWE: CWE-476

Medium

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by includin…

CVSS: 6.2 CWE: CWE-117

Medium

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS)…

CVSS: 5.3 CWE: CWE-79

Critical

CVE-2025-50518

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU obj…

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabil…

CVSS: 5.3 CWE: CWE-770

Medium

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVSS: 5.3 CWE: CWE-295

Medium

CVE-2023-43694

An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability iss…

CVSS: 5.2 CWE: CWE-125

High

CVE-2025-9042

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing…

CVSS: 8.7 CWE: CWE-1287

High

CVE-2025-9041

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing…

CVSS: 8.7 CWE: CWE-1287

Medium

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper aut…

CVSS: 5.3 CWE: CWE-287

Medium

CVE-2025-8962

A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The mani…

CVSS: 5.3 CWE: CWE-119

High

CVE-2025-8876

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

CVSS: 8.8 CWE: CWE-20

High

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

CVSS: 7.8 CWE: CWE-502

High

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access…

CVSS: 8.4 CWE: CWE-286

High

CVE-2025-7971

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possib…

CVSS: 7.3 CWE: CWE-20

Critical

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauth…

CVSS: 9.1 CWE: CWE-306

High

CVE-2025-40758

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatibl…

CVSS: 8.7 CWE: CWE-347

Medium

CVE-2025-38745

Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remo…

CVSS: 4.8 CWE: CWE-532

Medium

CVE-2025-38738

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access cou…

CVSS: 6.7 CWE: CWE-266

Low

CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker…

CVSS: 2.8 CWE: CWE-266

Medium

CVE-2025-36612

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vuln…

CVSS: 6.7 CWE: CWE-266

Medium

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.

CVSS: 4.3 CWE: CWE-269

Medium

CVE-2025-27846

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.

CVSS: 4.3 CWE: CWE-269

Critical

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

CVSS: 9.8 CWE: CWE-200

Medium

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit th…

CVSS: 5.5 CWE: CWE-611

High

CVE-2025-9036

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client…

CVSS: 8.5 CWE: CWE-200

High

CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which r…

CVSS: 8.5 CWE: CWE-268

High

CVE-2025-7774

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to per…

CVSS: 8.8 CWE: CWE-306

High

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in se…

CVSS: 8.8 CWE: CWE-863

Critical

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow r…

CVSS: 9.3 CWE: CWE-1188

Medium

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do n…

CVSS: 6.5 CWE: CWE-285

Medium

CVE-2025-55674

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist.…

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2025-55672

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's…

CVSS: 5.4 CWE: CWE-80

Critical

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_proces…

CVSS: 9.8 CWE: CWE-78

Low

CVE-2025-36581

Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potenti…

CVSS: 3.8 CWE: CWE-788

High

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user int…

CVSS: 8.8 CWE: CWE-352

High

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS com…

CVSS: 8.8 CWE: CWE-77

Medium

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large…

CVSS: 6.3 CWE: CWE-20

Low

CVE-2025-8961

A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to…

CVSS: 3.3 CWE: CWE-119

High

CVE-2025-8715

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql…

CVSS: 8.8 CWE: CWE-93

High

CVE-2025-8714

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running…

CVSS: 8.8 CWE: CWE-829

Low

CVE-2025-8713

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy inten…

CVSS: 3.1 CWE: CWE-1230

Medium

CVE-2023-5342

The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.

CVSS: 4.1 CWE: CWE-324

High

CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74