Medium
CVE-2025-54862
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Read moreAll CVEs — 2025
Page 1/225.
Browse all CVEs by publication year. Use filters to refine.
CVSS ≥ 0.0
2025-08-18
Medium
CVE-2025-54759
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Read more
High
CVE-2025-54156
The Sante PACS Server Web Portal sends credential information without encryption.
Read more
High
CVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no…
Read more
High
CVE-2025-52584
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This co…
Read more
High
CVE-2025-46269
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This c…
Read more
Low
CVE-2025-9119
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSI…
Read more
High
CVE-2025-53705
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This co…
Read more
High
CVE-2025-41392
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This co…
Read more
High
CVE-2025-8098
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
Read more
Critical
CVE-2025-55591
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
Read more
Medium
CVE-2025-55590
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
Read more
Medium
CVE-2025-55589
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.
Read more
High
CVE-2025-55588
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS)…
Read more
High
CVE-2025-55587
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Servi…
Read more
High
CVE-2025-55586
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) vi…
Read more
Medium
CVE-2025-55585
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
Read more
Medium
CVE-2025-55584
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
Read more
Medium
CVE-2025-55213
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2…
Read more
High
CVE-2025-53192
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the…
Read more
Medium
CVE-2025-4371
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a…
Read more
High
CVE-2025-32992
Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.
Read more
Medium
CVE-2025-43731
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3…
Read more
Critical
CVE-2025-7693
A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, t…
Read more
High
CVE-2025-55300
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled…
Read more
Critical
CVE-2025-55299
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this…
Read more
Medium
CVE-2025-55296
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This all…
Read more
Critical
CVE-2025-55293
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasse…
Read more
High
CVE-2025-55291
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely cl…
Read more
Medium
CVE-2025-55288
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could…
Read more
High
CVE-2025-55287
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could ru…
Read more
Critical
CVE-2025-55283
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration f…
Read more
Critical
CVE-2025-55282
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a mig…
Read more
Medium
CVE-2025-55214
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe fea…
Read more
Critical
CVE-2025-55205
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary la…
Read more
High
CVE-2025-55201
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja…
Read more
Low
CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated…
Read more
Low
CVE-2025-3639
Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.1…
Read more
High
CVE-2025-54421
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to injec…
Read more
Medium
CVE-2025-54118
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensiti…
Read more
Critical
CVE-2025-54117
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to injec…
Read more
High
CVE-2025-4962
An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated…
Read more
Medium
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q…
Read more
High
CVE-2025-36120
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Read more
Medium
CVE-2025-33100
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to extern…
Read more
High
CVE-2025-33090
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.
Read more
Medium
CVE-2025-27909
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only truste…
Read more
Medium
CVE-2025-1759
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Read more
Low
CVE-2024-49827
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.
Read more
Low
CVE-2025-43733
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via…
Read more
High
CVE-2025-47206
An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We ha…
Read more
High
CVE-2025-5296
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of…
Read more
High
CVE-2025-6625
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Read more
Medium
CVE-2025-57703
DIAEnergie - Reflected Cross-site Scripting
Read more
Medium
CVE-2025-57702
DIAEnergie - Reflected Cross-site Scripting
Read more
Medium
CVE-2025-57701
DIAEnergie - Reflected Cross-site Scripting
Read more
High
CVE-2025-57700
DIAEnergie - Stored Cross-site Scripting
Read more
Low
CVE-2025-9109
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpo…
Read more
Medium
CVE-2025-9108
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
Read more
Medium
CVE-2025-9107
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross…
Read more
Low
CVE-2025-9106
A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing m…
Read more
Low
CVE-2025-9105
A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Ad…
Read more
Low
CVE-2025-9104
A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This m…
Read more
Low
CVE-2025-9103
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be…
Read more
Medium
CVE-2025-9102
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.…
Read more
Low
CVE-2025-9101
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross…
Read more
Medium
CVE-2025-9100
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipula…
Read more
Medium
CVE-2025-9099
A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument Fi…
Read more
Medium
CVE-2025-9098
A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to imprope…
Read more
Medium
CVE-2025-9097
A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the c…
Read more
Low
CVE-2025-9096
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation…
Read more2025-08-17
Low
CVE-2025-9095
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulat…
Read more
Medium
CVE-2025-9094
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements us…
Read more
High
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Additionally, virtual machine images built using the Nutanix or t…
Read more
Medium
CVE-2025-9093
A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation lead…
Read more
Low
CVE-2025-9091
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials.…
Read more
Medium
CVE-2025-9090
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injecti…
Read more
High
CVE-2025-9089
A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffe…
Read more2025-08-16
High
CVE-2025-9088
A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to…
Read more
High
CVE-2025-9087
A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation…
Read more
Medium
CVE-2025-8878
The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in al…
Read more
Medium
CVE-2025-8143
The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization…
Read more
High
CVE-2025-8142
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers…
Read more
High
CVE-2025-8105
The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that do…
Read more
Low
CVE-2025-9092
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is asso…
Read more
Medium
CVE-2025-8719
The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘base_lang’ parameter in all versions up to, and including, 1.0 due to insufficient i…
Read more
Medium
CVE-2025-8464
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. T…
Read more
Medium
CVE-2025-7499
The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorize…
Read more
Critical
CVE-2025-8898
The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin…
Read more
Medium
CVE-2025-8896
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preference…
Read more
Medium
CVE-2025-8089
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization a…
Read more
Medium
CVE-2025-8293
The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitizatio…
Read more
Medium
CVE-2025-7686
The weichuncai(WP伪春菜) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-option…
Read more
Medium
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on…
Read more
Medium
CVE-2025-7683
The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckin…
Read more
Medium
CVE-2025-7668
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'i…
Read more
High
CVE-2025-7664
The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/presslearn/v1/activate…
Read more
Medium
CVE-2025-7651
The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to insufficient input s…
Read more
Medium
CVE-2025-7649
The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to…
Read more
Critical
CVE-2025-7441
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API en…
Read more
Medium
CVE-2025-7440
The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient i…
Read more
Medium
CVE-2025-7439
Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']’ parameter in all versions up to, and including, 1.0.1 to insufficien…
Read more
Medium
CVE-2025-6221
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and outpu…
Read more
High
CVE-2025-6080
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not prope…
Read more
High
CVE-2025-6079
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and includi…
Read more
High
CVE-2025-3671
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible fo…
Read more
Medium
CVE-2024-8393
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for aut…
Read more
High
CVE-2024-12612
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to i…
Read more
High
CVE-2025-49895
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.
Read more
Medium
CVE-2024-12575
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX…
Read more
High
CVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user co…
Read more
High
CVE-2025-55286
z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the s…
Read more
Low
CVE-2017-20199
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The…
Read more2025-08-15
Medium
CVE-2025-52621
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflectio…
Read more
Medium
CVE-2025-52620
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
Read more
Medium
CVE-2025-52619
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platfor…
Read more
Medium
CVE-2025-52618
HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.
Read more
Medium
CVE-2025-43201
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
Read more
High
CVE-2025-8959
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identi…
Read more
Medium
CVE-2025-36088
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code…
Read more