CVE-2025-2826 - Arista EOS Ingress ACL Enforcement Vulnerability
CVE ID : CVE-2025-2826
Published : May 27, 2025, 11:15 p.m. | 2 hours, 15 minutes ago
Description : n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2826
Published : May 27, 2025, 11:15 p.m. | 2 hours, 15 minutes ago
Description : n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25025 - IBM Security Guardium Information Disclosure Vulnerability
CVE ID : CVE-2025-25025
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25025
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25026 - IBM Security Guardium Authentication Bypass Vulnerability
CVE ID : CVE-2025-25026
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25026
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25029 - IBM Security Guardium File Download Privilege Escalation
CVE ID : CVE-2025-25029
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25029
Published : May 28, 2025, 2:15 a.m. | 3 hours, 15 minutes ago
Description : IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-41839 - Apache Struts Unvalidated Redirect to Malicious Site
CVE ID : CVE-2023-41839
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-41839
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48841 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-48841
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48841
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48842 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-48842
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48842
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48843 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-48843
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48843
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48844 - QNAP NAS Denial of Service
CVE ID : CVE-2025-48844
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48844
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48845 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-48845
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48845
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48846 - VMware Remote Code Execution
CVE ID : CVE-2025-48846
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48846
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48847 - Dropbox Unvalidated Redirect
CVE ID : CVE-2025-48847
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48847
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48848 - Citrix NetScaler HTTP Request Smuggling
CVE ID : CVE-2025-48848
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48848
Published : May 28, 2025, 4:15 a.m. | 1 hour, 15 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4800 - WordPress MasterStudy LMS Pro Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-4800
Published : May 28, 2025, 6:15 a.m. | 3 hours, 15 minutes ago
Description : The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4800
Published : May 28, 2025, 6:15 a.m. | 3 hours, 15 minutes ago
Description : The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4009 - Evertz SVDN 3080ipx-10G PHP Web Management Interface Command Injection and Authentication Bypass
CVE ID : CVE-2025-4009
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4009
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4947 - libcurl QUIC Certificate Verification Bypass
CVE ID : CVE-2025-4947
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4947
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5025 - libcurl wolfSSL QUIC Certificate Pinning Bypass
CVE ID : CVE-2025-5025
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5025
Published : May 28, 2025, 7:15 a.m. | 2 hours, 15 minutes ago
Description : libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-54020 - Fortinet FortiManager Authorization Bypass
CVE ID : CVE-2024-54020
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-54020
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22252 - Fortinet FortiProxy Authentication Bypass Vulnerability
CVE ID : CVE-2025-22252
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22252
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24473 - Fortinet FortiClient Information Disclosure
CVE ID : CVE-2025-24473
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24473
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25251 - FortiClient Mac Incorrect Authorization Privilege Escalation Vulnerability
CVE ID : CVE-2025-25251
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25251
Published : May 28, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...