CVE-2025-30353 - Directus Information Disclosure Vulnerability
CVE ID : CVE-2025-30353
Published : March 26, 2025, 6:15 p.m. | 3 hours, 43 minutes ago
Description : Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse. Version 11.5.0 fixes the issue.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30353
Published : March 26, 2025, 6:15 p.m. | 3 hours, 43 minutes ago
Description : Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse. Version 11.5.0 fixes the issue.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25535 - SCRIPT CASE HTTP Response Manipulation Privilege Escalation
CVE ID : CVE-2025-25535
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25535
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26001 - Telesquare TLR-2005KSH Authentication Information Disclosure
CVE ID : CVE-2025-26001
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26001
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26002 - Telesquare TLR-2005KSH Stack Overflow Vulnerability
CVE ID : CVE-2025-26002
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26002
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26003 - Telesquare TLR-2005KSH Command Injection Vulnerability
CVE ID : CVE-2025-26003
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26003
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26004 - Telesquare TLR-2005KSH Stack Buffer Overflow
CVE ID : CVE-2025-26004
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26004
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29322 - ScriptCase XSS
CVE ID : CVE-2025-29322
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29322
Published : March 26, 2025, 7:15 p.m. | 2 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55963 - Appsmith DoS: Unauthorized Server Restart
CVE ID : CVE-2024-55963
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55963
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55964 - Appsmith PostgreSQL Command Execution Vulnerability
CVE ID : CVE-2024-55964
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55964
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26005 - Telesquare TLR-2005KSH Stack Overflow Vulnerability
CVE ID : CVE-2025-26005
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26005
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26006 - Telesquare TLR-2005KSH Stack Overflow Vulnerability
CVE ID : CVE-2025-26006
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26006
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26007 - Telesquare TLR-2005KSH Stack Overflow Vulnerability in Login Interface
CVE ID : CVE-2025-26007
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26007
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26008 - Telesquare TLR-2005KSH Stack Overflow Vulnerability
CVE ID : CVE-2025-26008
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26008
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26009 - Telesquare TLR-2005KSH Information Disclosure Vulnerability
CVE ID : CVE-2025-26009
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26009
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26010 - Telesquare TLR-2005KSH Authentication Bypass
CVE ID : CVE-2025-26010
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26010
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26011 - Telesquare TLR-2005KSH Stack Overflow Vulnerability
CVE ID : CVE-2025-26011
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26011
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28361 - Telesquare TLR-2005KSH Stack Overflow Information Disclosure
CVE ID : CVE-2025-28361
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28361
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30073 - OPC cardsystems Webapp Aufwertung Referential Reuse Vulnerability
CVE ID : CVE-2025-30073
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee cards than is paid.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30073
Published : March 26, 2025, 8:15 p.m. | 1 hour, 43 minutes ago
Description : An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee cards than is paid.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55965 - Appsmith Information Disclosure Vulnerability
CVE ID : CVE-2024-55965
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55965
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2787 - KNIME Business Hub Ingress-nginx Cluster Takeover Vulnerability
CVE ID : CVE-2025-2787
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2787
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31160 - Atop Denial of Service Vulnerability
CVE ID : CVE-2025-31160
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31160
Published : March 26, 2025, 9:15 p.m. | 43 minutes ago
Description : atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...