CVE-2025-48207 - TYPO3 Reint Download Manager Insecure Direct Object Reference (IDOR)
CVE ID : CVE-2025-48207
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48207
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4008 - Meteobridge Command Injection Vulnerability
CVE ID : CVE-2025-4008
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4008
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5030 - Ackites KillWxapkg os Command Injection Vulnerability
CVE ID : CVE-2025-5030
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5030
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5031 - Ackites KillWxapkg wxapkg File Decompression Handler Resource Consumption Vulnerability
CVE ID : CVE-2025-5031
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5031
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5032 - Campcodes Online Shopping Portal SQL Injection Vulnerability
CVE ID : CVE-2025-5032
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5032
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2102 - HYPR Passwordless Link Following Privilege Escalation Vulnerability
CVE ID : CVE-2025-2102
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2102
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46822 - Apache Spring Boot Java Path Traversal Vulnerability
CVE ID : CVE-2025-46822
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46822
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47291 - Containerd CRI Kubernetes Cgroup Bypass Denial of Service
CVE ID : CVE-2025-47291
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47291
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48060 - jq Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-48060
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48060
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48063 - XWiki Remote Code Execution via Required Rights Bypass
CVE ID : CVE-2025-48063
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned about the dangerous content unless the attacker managed to bypass this check. Note also that none of the affected versions include a UI for enabling the enforcing of required rights so it seems unlikely that anybody relied on them for security in the affected versions. As this vulnerability provides no additional attack surface unless all documents in the wiki enforce required rights, we consider the impact of this attack to be low even though gaining programming right could have a high impact. This vulnerability has been patched in XWiki 16.10.4 and 17.1.0RC1. No known workarounds are available except for upgrading.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48063
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned about the dangerous content unless the attacker managed to bypass this check. Note also that none of the affected versions include a UI for enabling the enforcing of required rights so it seems unlikely that anybody relied on them for security in the affected versions. As this vulnerability provides no additional attack surface unless all documents in the wiki enforce required rights, we consider the impact of this attack to be low even though gaining programming right could have a high impact. This vulnerability has been patched in XWiki 16.10.4 and 17.1.0RC1. No known workarounds are available except for upgrading.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48064 - GitHub Desktop Windows Network Share Path Traversal Information Disclosure
CVE ID : CVE-2025-48064
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. This affects GitHub Desktop users on Windows that view malicious commits in the history view. macOS users are not affected. When viewing a file diff in the history view GitHub Desktop will call `git log` or `git diff` with the object id (SHA) of the commit, the name of the file, and the old name of the file if the file has been renamed. As a security precaution Git will attempt to fully resolve the old and new path via `realpath`, traversing symlinks, to ensure that the resolved paths reside within the repository working directory. This can lead to Git attempting to access a path that resides on a network share (UNC path) and in doing so Windows will attempt to perform NTLM authentication which passes information such as the computer name, the currently signed in (Windows) user name, and an NTLM hash. GitHub Desktop 3.4.20 and later fix this vulnerability. The beta channel includes the fix in 3.4.20-beta3. As a workaround to use until upgrading is possible, only browse commits in the history view that comes from trusted sources.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48064
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. This affects GitHub Desktop users on Windows that view malicious commits in the history view. macOS users are not affected. When viewing a file diff in the history view GitHub Desktop will call `git log` or `git diff` with the object id (SHA) of the commit, the name of the file, and the old name of the file if the file has been renamed. As a security precaution Git will attempt to fully resolve the old and new path via `realpath`, traversing symlinks, to ensure that the resolved paths reside within the repository working directory. This can lead to Git attempting to access a path that resides on a network share (UNC path) and in doing so Windows will attempt to perform NTLM authentication which passes information such as the computer name, the currently signed in (Windows) user name, and an NTLM hash. GitHub Desktop 3.4.20 and later fix this vulnerability. The beta channel includes the fix in 3.4.20-beta3. As a workaround to use until upgrading is possible, only browse commits in the history view that comes from trusted sources.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48069 - Apache ejson2env Command Injection Vulnerability
CVE ID : CVE-2025-48069
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48069
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5020 - Firefox for iOS URL Spoofing Vulnerability
CVE ID : CVE-2025-5020
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5020
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5033 - XiaoBingby TeaCMS Cross-Site Request Forgery Vulnerability
CVE ID : CVE-2025-5033
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5033
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57529 - Jeppesen JetPlanner Pro Cross Site Scripting Vulnerability
CVE ID : CVE-2024-57529
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57529
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27558 - Wi-Fi Protected Access (WPA, WPA2, WPA3) and Wired Equivalent Privacy (WEP) Mesh Network FragAttacks
CVE ID : CVE-2025-27558
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27558
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2261 - TIBCO ActiveMatrix Administrator Stored Cross-Site Scripting
CVE ID : CVE-2025-2261
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2261
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3751 - Apache Web Server SQL Injection Vulnerability
CVE ID : CVE-2025-3751
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3751
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44083 - D-Link DI-8100 Remote Authentication Bypass Vulnerability
CVE ID : CVE-2025-44083
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44083
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45752 - SeedDMS PHP Code Execution Vulnerability
CVE ID : CVE-2025-45752
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45752
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5049 - FreeFloat FTP Server Buffer Overflow Vulnerability
CVE ID : CVE-2025-5049
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5049
Published : May 21, 2025, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...