CVE-2025-1419 - Konsola Proget Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-1419
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1419
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1420 - Konsola Proget Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-1420
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1420
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1421 - Konsola Proget Remote Code Execution Vulnerability
CVE ID : CVE-2025-1421
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1421
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40775 - BIND DNS Invalid TSIG Algorithm Field Vulnerability
CVE ID : CVE-2025-40775
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40775
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48415 - Cisco USB Backdoor Command Injection Vulnerability
CVE ID : CVE-2025-48415
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48415
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48416 - OpenSSH Root Login Hard-Coded Credential Disclosure
CVE ID : CVE-2025-48416
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48416
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48417 - Fortinet SSL Hard-Coded Private Key Vulnerability
CVE ID : CVE-2025-48417
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48417
Published : May 21, 2025, 1:16 p.m. | 4 hours, 11 minutes ago
Description : The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-42922 - AAPanel OS Command Injection Vulnerability
CVE ID : CVE-2024-42922
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42922
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56429 - itech iLabClient Key Disclosure Vulnerability
CVE ID : CVE-2024-56429
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56429
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44892 - Fortinet Wireless Access Point Stack Overflow Vulnerability
CVE ID : CVE-2025-44892
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44892
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44895 - D-Link FW-WGS-804HPT Stack Overflow Vulnerability
CVE ID : CVE-2025-44895
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44895
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-23337 - jq Denial of Service Integer Overflow Vulnerability
CVE ID : CVE-2024-23337
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-23337
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5029 - Kingdee Cloud Galaxy Private Cloud BBC System Path Traversal Vulnerability
CVE ID : CVE-2025-5029
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5029
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27997 - Blizzard Battle.net Privilege Escalation Vulnerability
CVE ID : CVE-2025-27997
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27997
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27998 - Steam Client Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-27998
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27998
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48200 - TYPO3 sr_feuser_register Remote Code Execution
CVE ID : CVE-2025-48200
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48200
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48201 - "TYPO3 ns_backup Predictable Resource Location Vulnerability"
CVE ID : CVE-2025-48201
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48201
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48202 - "TYPO3 femanager Extension Insecure Direct Object Reference Vulnerability"
CVE ID : CVE-2025-48202
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48202
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48203 - TYPO3 cs_seo XSS Vulnerability
CVE ID : CVE-2025-48203
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48203
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48204 - TYPO3 ns_backup Command Injection Vulnerability
CVE ID : CVE-2025-48204
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48204
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48205 - TYPO3 sr_feuser_register Insecure Direct Object Reference
CVE ID : CVE-2025-48205
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48205
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...