CVE-2025-5742 - Apache Web Server Cross-site Scripting Vulnerability
CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5743 - "Web Server Charging Station OS Command Injection"
CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40655 - DM Corporative CMS SQL Injection
CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40656 - DM Corporative CMS SQL Injection Vulnerability
CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40657 - DM Corporative CMS SQL Injection Vulnerability
CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40658 - DM Corporative CMS IDOR
CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40659 - DM Corporative CMS IDOR
CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40660 - DM Corporative CMS IDOR Vulnerability
CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40661 - DM Corporative CMS IDOR Vulnerability
CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40662 - DM Corporative CMS Absolute Path Disclosure
CVE ID : CVE-2025-40662
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40662
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13089 - Nozomi Networks Guardian and CMC OS Command Injection Vulnerability
CVE ID : CVE-2024-13089
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13089
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13090 - Apache Sudo Privilege Escalation Vulnerability
CVE ID : CVE-2024-13090
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13090
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41657 - Qualcomm Bluetooth Fingerprinting Vulnerability
CVE ID : CVE-2025-41657
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41657
Published : June 10, 2025, 11:15 a.m. | 3 hours, 2 minutes ago
Description : Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2918 - WordPress Blocks Plugin Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2918
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2918
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43697 - Salesforce OmniStudio DataMapper Permission Preservation Encryption Exposure Vulnerability
CVE ID : CVE-2025-43697
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43697
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43698 - Salesforce OmniStudio FlexCards Field Level Security Bypass Vulnerability
CVE ID : CVE-2025-43698
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43698
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43699 - Salesforce OmniStudio FlexCards Field Level Security Bypass
CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43700 - Salesforce OmniStudio FlexCards Data Exposure Permission Vulnerability
CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43701 - Salesforce OmniStudio FlexCards Information Disclosure Vulnerability
CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4577 - Smash Balloon Social Post Feed - WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4774 - Elementor Premium Addons Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...