CVE-2025-54572 - Apache Ruby SAML Denial-of-Service Vulnerability
CVE ID : CVE-2025-54572
Published : July 30, 2025, 2:15 p.m. | 3 hours, 47 minutes ago
Description : The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54572
Published : July 30, 2025, 2:15 p.m. | 3 hours, 47 minutes ago
Description : The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45515 - Zimbra Collaboration Cross-Site Scripting (XSS)
CVE ID : CVE-2024-45515
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45515
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43018 - HP LaserJet Pro Printer Information Disclosure Vulnerability
CVE ID : CVE-2025-43018
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43018
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46811 - SUSE Manager WebSocket Root RCE
CVE ID : CVE-2025-46811
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to execute arbitrary commands as root. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 0.3.7-150600.3.6.2; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 0.3.7-150400.3.39.4; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46811
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to execute arbitrary commands as root. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 0.3.7-150600.3.6.2; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 0.3.7-150400.3.39.4; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53111 - GLPI Unauthenticated Access Vulnerability
CVE ID : CVE-2025-53111
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53111
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53112 - GLPI Unauthorized Resource Deletion Vulnerability
CVE ID : CVE-2025-53112
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.19.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53112
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.19.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53113 - GLPI External Links Information Disclosure
CVE ID : CVE-2025-53113
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch information on items they do not have the right to see. This is fixed in version 10.0.19.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53113
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch information on items they do not have the right to see. This is fixed in version 10.0.19.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53357 - GLPI Unauthorized Reservation Alteration
CVE ID : CVE-2025-53357
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. This is fixed in version 10.0.19.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53357
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. This is fixed in version 10.0.19.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53944 - AutoGPT Authorization Bypass Vulnerability
CVE ID : CVE-2025-53944
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53944
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54433 - Bugsink File Path Traversal Vulnerability
CVE ID : CVE-2025-54433
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A specially crafted event_id can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such input requires access to a valid DSN, potentially exposing them. If Bugsink runs in a container, the effect is confined to the container’s filesystem. In non-containerized setups, the overwrite may affect other parts of the system accessible to that user. This is fixed in versions 1.4.3, 1.5.5, 1.6.4 and 1.7.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54433
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A specially crafted event_id can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such input requires access to a valid DSN, potentially exposing them. If Bugsink runs in a container, the effect is confined to the container’s filesystem. In non-containerized setups, the overwrite may affect other parts of the system accessible to that user. This is fixed in versions 1.4.3, 1.5.5, 1.6.4 and 1.7.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54573 - CVAT Unvalidated Email Authentication Bypass
CVE ID : CVE-2025-54573
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified users. Additionally, the missing email verification check leaves the system open to bot signups and further usage. CVAT 2.42.0 and later versions contain a fix for the issue. CVAT Enterprise customers have a workaround available; those customers may disable registration to prevent this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54573
Published : July 30, 2025, 3:15 p.m. | 2 hours, 47 minutes ago
Description : CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified users. Additionally, the missing email verification check leaves the system open to bot signups and further usage. CVAT 2.42.0 and later versions contain a fix for the issue. CVAT Enterprise customers have a workaround available; those customers may disable registration to prevent this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-2593 - Linux TCP Connection Denial of Service
CVE ID : CVE-2023-2593
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-2593
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50578 - LinuxServer.io Heimdall HTTP Header Injection and Open Redirect Vulnerability
CVE ID : CVE-2025-50578
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading of external resources from attacker-controlled domains and unintended redirection of users, potentially enabling phishing, UI redress, and session theft. The vulnerability exists due to insufficient validation and trust of untrusted input, affecting the integrity and trustworthiness of the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50578
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading of external resources from attacker-controlled domains and unintended redirection of users, potentially enabling phishing, UI redress, and session theft. The vulnerability exists due to insufficient validation and trust of untrusted input, affecting the integrity and trustworthiness of the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54656 - Apache Struts LookupDispatchAction Log Injection
CVE ID : CVE-2025-54656
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54656
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8312 - Devolutions Server PAM Deadlock Password Persistence Vulnerability
CVE ID : CVE-2025-8312
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.5.0 and earlier
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8312
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.5.0 and earlier
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8353 - Devolutions Server JIT Group Access Bypass Vulnerability
CVE ID : CVE-2025-8353
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8353
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45955 - Rocket Software Rocket Zena SQL Injection Vulnerability
CVE ID : CVE-2024-45955
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45955
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25691 - PrestaShop PHAR Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-25691
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25691
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25692 - PrestaShop PHAR Deserialization Remote Code Execution Vulnerability
CVE ID : CVE-2025-25692
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25692
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36611 - Dell Encryption Link Following Privilege Escalation Vulnerability
CVE ID : CVE-2025-36611
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36611
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45619 - Aver PTC310UV2 Remote Code Execution Vulnerability
CVE ID : CVE-2025-45619
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45619
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...