CVE-2025-51306 - Gatling Enterprise Session Token Expired
CVE ID : CVE-2025-51306
Published : Aug. 6, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51306
Published : Aug. 6, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51308 - Gatling Enterprise Information Disclosure Vulnerability
CVE ID : CVE-2025-51308
Published : Aug. 6, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51308
Published : Aug. 6, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-8244 - Go filepath Symbolic Link TOCTOU
CVE ID : CVE-2024-8244
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-8244
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48393 - Eaton Firmware Man-in-the-Middle Attack Vulnerability
CVE ID : CVE-2025-48393
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48393
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48394 - Eaton File Traversal Vulnerability
CVE ID : CVE-2025-48394
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48394
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51531 - Sage DPW Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-51531
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injcting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. This is fixed in Halbjahresversion 2024_12_004.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51531
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injcting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. This is fixed in Halbjahresversion 2024_12_004.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51532 - Sage DPW Unauthenticated Access Control Bypass Vulnerability
CVE ID : CVE-2025-51532
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via a crafted request. This is fixed in Halbjahresversion 2024_12_004.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51532
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via a crafted request. This is fixed in Halbjahresversion 2024_12_004.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53786 - Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability
CVE ID : CVE-2025-53786
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53786
Published : Aug. 6, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20215 - Cisco Webex Meetings Unauthenticated Meeting-Join Vulnerability
CVE ID : CVE-2025-20215
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20215
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20331 - Cisco ISE/Cisco ISE-PIC Stored XSS Vulnerability
CVE ID : CVE-2025-20331
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20331
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20332 - Cisco ISE HTTP Request Forgery (Remote Code Execution)
CVE ID : CVE-2025-20332
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20332
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30127 - Marbella KR8s Dashcam FF Information Disclosure and File Access Vulnerability
CVE ID : CVE-2025-30127
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30127
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8419 - Keycloak SMTP Injection Vulnerability
CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8665 - Agno-agi Agno Os Command Injection Vulnerability
CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8667 - SkyworkAI DeepResearchAgent OS Command Injection Vulnerability
CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 20 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 20 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38746 - Dell SupportAssist OS Recovery Exposure of Sensitive Information to an Unauthorized Actor
CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38747 - Dell SupportAssist Elevation of Privileges Vulnerability
CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45764 - jsrsasign RSA Key Encryption Weakness
CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45766 - Poco Weak Encryption Vulnerability
CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46659 - "4C Strategies Exonaut External HTTPS Information Disclosure"
CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51624 - Zone Bitaqati Cross-Site Scripting (XSS)
CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...