CVE-2025-29773 - Froxlor Email Account Confusion Vulnerability
CVE ID : CVE-2025-29773
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29773
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2079 - Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool Authentication Bypass
CVE ID : CVE-2025-2079
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2079
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2080 - Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool Authentication Bypass Vulnerability
CVE ID : CVE-2025-2080
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2080
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2081 - Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool Authentication Bypass
CVE ID : CVE-2025-2081
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2081
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2263 - Sante PACS Server.exe OpenSSL Stack-Based Buffer Overflow
CVE ID : CVE-2025-2263
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2263
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2264 - Sante PACS Server Path Traversal Information Disclosure
CVE ID : CVE-2025-2264
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2264
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2265 - Sante PACS Server.exe Password Hash Truncation Vulnerability
CVE ID : CVE-2025-2265
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2265
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2284 - Sante PACS Server Denial-of-Service Vulnerability
CVE ID : CVE-2025-2284
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2284
Published : March 13, 2025, 5:15 p.m. | 1 hour, 36 minutes ago
Description : A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30143 - HCL AppScan Path Traversal
CVE ID : CVE-2024-30143
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30143
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24053 - Microsoft Dataverse Authentication Privilege Escalation
CVE ID : CVE-2025-24053
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24053
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25363 - JEMH Cross-Site Scripting (XSS)
CVE ID : CVE-2025-25363
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25363
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25598 - Inova Logic CUSTOMER MONITOR (CM) Escalation of Privilege Vulnerability
CVE ID : CVE-2025-25598
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25598
Published : March 13, 2025, 6:15 p.m. | 36 minutes ago
Description : Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27496 - Snowflake Driver: Client-Side Encryption Master Key Disclosure Vulnerability
CVE ID : CVE-2025-27496
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27496
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2229 - Apache Struts AES-128 Token Generation Vulnerability
CVE ID : CVE-2025-2229
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2229
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2230 - Windows AuthContext Token Replay Attack and Authentication Bypass Vulnerability
CVE ID : CVE-2025-2230
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2230
Published : March 13, 2025, 7:15 p.m. | 3 hours, 36 minutes ago
Description : A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55060 - Rafed CMS XSS
CVE ID : CVE-2024-55060
Published : March 13, 2025, 9:15 p.m. | 1 hour, 36 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55060
Published : March 13, 2025, 9:15 p.m. | 1 hour, 36 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1266 - CVE-2022-29420: Apache Struts Remote Code Execution Vulnerability
CVE ID : CVE-2025-1266
Published : March 13, 2025, 10:15 p.m. | 36 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1266
Published : March 13, 2025, 10:15 p.m. | 36 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55549 - Libxslt XSLT Use-After-Free Vulnerability
CVE ID : CVE-2024-55549
Published : March 14, 2025, 2:15 a.m. | 36 minutes ago
Description : xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55549
Published : March 14, 2025, 2:15 a.m. | 36 minutes ago
Description : xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24855 - XSLT/Use-After-Free
CVE ID : CVE-2025-24855
Published : March 14, 2025, 2:15 a.m. | 36 minutes ago
Description : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24855
Published : March 14, 2025, 2:15 a.m. | 36 minutes ago
Description : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26163 - CM Soluces Informatica Ltda Auto Atendimento SQL Injection Vulnerability
CVE ID : CVE-2025-26163
Published : March 14, 2025, 3:15 a.m. | 3 hours, 36 minutes ago
Description : CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26163
Published : March 14, 2025, 3:15 a.m. | 3 hours, 36 minutes ago
Description : CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30022 - CM Soluces Informatica Ltda Auto Atendimento SQL Injection Vulnerability
CVE ID : CVE-2025-30022
Published : March 14, 2025, 3:15 a.m. | 3 hours, 36 minutes ago
Description : CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30022
Published : March 14, 2025, 3:15 a.m. | 3 hours, 36 minutes ago
Description : CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...