CVE-2024-58128 - MISP Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58129 - MISP Cross-Site Scripting
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58130 - MISP Unsanitized Non-JSON Response Vulnerability
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25579 - TOTOLINK A3002R Authentication Bypass Command Injection Vulnerability
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28087 - Sourcecodester Online Exam System SQL Injection Vulnerability
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28089 - Maccms SSRF Vulnerability
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28090 - Maccms Server-Side Request Forgery (SSRF)
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28091 - Maccms10 SSRF in Add Article
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28092 - ShopXO SSRF
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28093 - ShopXO SSRF
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28094 - Shopxo SSRF and XSS Vulnerabilities
CVE ID : CVE-2025-28094
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28094
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28096 - OneNav SSRF Vulnerability
CVE ID : CVE-2025-28096
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28096
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28097 - OneNav HTTP Header XSS
CVE ID : CVE-2025-28097
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28097
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2781 - WatchGuard Mobile VPN with SSL Client Directory Permission Escalation Vulnerability
CVE ID : CVE-2025-2781
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2781
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2782 - WatchGuard Terminal Services Agent Directory Permissions Escalation
CVE ID : CVE-2025-2782
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2782
Published : March 28, 2025, 11:15 p.m. | 2 hours, 44 minutes ago
Description : The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-43186 - IBM InfoSphere Information Server Local File Disclosure
CVE ID : CVE-2024-43186
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-43186
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51477 - IBM InfoSphere Information Server Information Disclosure Vulnerability
CVE ID : CVE-2024-51477
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51477
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-7577 - IBM InfoSphere Information Server Credentials Disclosure Vulnerability
CVE ID : CVE-2024-7577
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-7577
Published : March 29, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31367 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-31367
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31367
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31368 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-31368
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31368
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31369 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-31369
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31369
Published : March 29, 2025, 4:15 a.m. | 1 hour, 44 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...