CVE-2025-47782 - MotionEye Command Injection Vulnerability
CVE ID : CVE-2025-47782
Published : May 14, 2025, 4:15 p.m. | 1 hour, 14 minutes ago
Description : motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47782
Published : May 14, 2025, 4:15 p.m. | 1 hour, 14 minutes ago
Description : motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0135 - Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability
CVE ID : CVE-2025-0135
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0135
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0136 - Palo Alto Networks PAN-OS Unencrypted Data Transfer via AES-128-CCM IPSec Vulnerability
CVE ID : CVE-2025-0136
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0136
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0137 - Palo Alto Networks PAN-OS Authenticated Admin Impersonation
CVE ID : CVE-2025-0137
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0137
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0138 - Palo Alto Networks Prisma Cloud Web Session Expiration Vulnerability
CVE ID : CVE-2025-0138
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0138
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2900 - IBM Semeru Runtime Denial of Service Buffer Overflow
CVE ID : CVE-2025-2900
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2900
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33104 - IBM WebSphere Application Server Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-33104
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33104
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4640 - "PCL Zlib Out-of-bounds Write Overflow"
CVE ID : CVE-2025-4640
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4640
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4641 - Bonigarcia WebDriverManager XML External Entity Reference Vulnerability
CVE ID : CVE-2025-4641
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4641
Published : May 14, 2025, 7:15 p.m. | 2 hours, 15 minutes ago
Description : Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45516 - Zimbra Collaboration Classic UI Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-45516
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the victim's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed tags with embedded JavaScript. The vulnerability is triggered when the victim views a specially crafted email in the Classic UI, causing the malicious script to execute. No further user interaction is required beyond viewing the email.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45516
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the victim's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed tags with embedded JavaScript. The vulnerability is triggered when the victim views a specially crafted email in the Classic UI, causing the malicious script to execute. No further user interaction is required beyond viewing the email.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57096 - WPS Office Information Disclosure Vulnerability
CVE ID : CVE-2024-57096
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57096
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58101 - Samsung Galaxy Buds Audio Devices Bluetooth Pairing Remote Takeover Vulnerability
CVE ID : CVE-2024-58101
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58101
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25370 - Realme GT 2 Information Disclosure
CVE ID : CVE-2025-25370
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25370
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32363 - mediDOK Deserialization Remote Code Execution Vulnerability
CVE ID : CVE-2025-32363
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32363
Published : May 14, 2025, 8:15 p.m. | 1 hour, 15 minutes ago
Description : mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55569 - Samsung Exynos Out-of-Bounds Write Vulnerability
CVE ID : CVE-2024-55569
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55569
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56427 - Samsung Exynos Modem RRC Packet Out-of-Bounds Access Vulnerability
CVE ID : CVE-2024-56427
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56427
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26783 - Samsung Mobile Processor, Wearable Processor, and Modem Exynos RRC Denial of Service Vulnerability
CVE ID : CVE-2025-26783
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Incorrect handling of undefined values leads to a Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26783
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Incorrect handling of undefined values leads to a Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27891 - Samsung Exynos Modem NAS Packet Length Check Vulnerability
CVE ID : CVE-2025-27891
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27891
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44024 - Pichome XSS
CVE ID : CVE-2025-44024
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44024
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44879 - WS-WN572HP3 CGI Upload Buffer Overflow DoS
CVE ID : CVE-2025-44879
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44879
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47884 - Jenkins OpenID Connect Provider Plugin Authentication Bypass
CVE ID : CVE-2025-47884
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47884
Published : May 14, 2025, 9:15 p.m. | 15 minutes ago
Description : In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...