CVE-2025-2927 - ESAFENET CDG SQL Injection Vulnerability
CVE ID : CVE-2025-2927
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2927
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-23338 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2024-23338
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-23338
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58128 - MISP Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58129 - MISP Cross-Site Scripting
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58130 - MISP Unsanitized Non-JSON Response Vulnerability
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25579 - TOTOLINK A3002R Authentication Bypass Command Injection Vulnerability
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28087 - Sourcecodester Online Exam System SQL Injection Vulnerability
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28089 - Maccms SSRF Vulnerability
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28090 - Maccms Server-Side Request Forgery (SSRF)
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28091 - Maccms10 SSRF in Add Article
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28092 - ShopXO SSRF
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28093 - ShopXO SSRF
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28094 - Shopxo SSRF and XSS Vulnerabilities
CVE ID : CVE-2025-28094
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28094
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28096 - OneNav SSRF Vulnerability
CVE ID : CVE-2025-28096
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28096
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28097 - OneNav HTTP Header XSS
CVE ID : CVE-2025-28097
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28097
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2781 - WatchGuard Mobile VPN with SSL Client Directory Permission Escalation Vulnerability
CVE ID : CVE-2025-2781
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2781
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2782 - WatchGuard Terminal Services Agent Directory Permissions Escalation
CVE ID : CVE-2025-2782
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2782
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-43186 - IBM InfoSphere Information Server Local File Disclosure
CVE ID : CVE-2024-43186
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-43186
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51477 - IBM InfoSphere Information Server Information Disclosure Vulnerability
CVE ID : CVE-2024-51477
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51477
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-7577 - IBM InfoSphere Information Server Credentials Disclosure Vulnerability
CVE ID : CVE-2024-7577
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-7577
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31367 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-31367
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31367
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...