CVE-2025-10504 - Heap Memory Corruption Vulnerability
CVE ID : CVE-2025-10504
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10504
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11141 - Ruijie NBR2100G-E branch_passw.php listAction os command injection
CVE ID : CVE-2025-11141
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11141
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-5200 - Postie < 1.9.71 - Admin+ Stored XSS
CVE ID : CVE-2024-5200
Published : Sept. 29, 2025, 6:15 a.m. | 1 hour, 10 minutes ago
Description : The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-5200
Published : Sept. 29, 2025, 6:15 a.m. | 1 hour, 10 minutes ago
Description : The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48006 - DataSpider Servista XXE Injection Vulnerability
CVE ID : CVE-2025-48006
Published : Sept. 29, 2025, 8:15 a.m. | 3 hours, 11 minutes ago
Description : Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48006
Published : Sept. 29, 2025, 8:15 a.m. | 3 hours, 11 minutes ago
Description : Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10341 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10341
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10341
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10342 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10342
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10342
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10343 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10343
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10343
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10344 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10344
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10344
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10345 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10345
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10345
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10346 - HTML injection in Perfex CRM
CVE ID : CVE-2025-10346
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10346
Published : Sept. 29, 2025, 9:15 a.m. | 2 hours, 11 minutes ago
Description : HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11146 - Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG
CVE ID : CVE-2025-11146
Published : Sept. 29, 2025, 10:15 a.m. | 1 hour, 11 minutes ago
Description : Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11146
Published : Sept. 29, 2025, 10:15 a.m. | 1 hour, 11 minutes ago
Description : Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11147 - Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG
CVE ID : CVE-2025-11147
Published : Sept. 29, 2025, 10:15 a.m. | 1 hour, 11 minutes ago
Description : Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/.html”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11147
Published : Sept. 29, 2025, 10:15 a.m. | 1 hour, 11 minutes ago
Description : Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/.html”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11150 - I'm happy to help! However, it seems like you provided a string of random characters instead of a description of a vulnerability. Please provide a description of the vulnerability, and I'll do my best to come up with a title for it.
CVE ID : CVE-2025-11150
Published : Sept. 29, 2025, 10:52 a.m. | 34 minutes ago
Description : asdasdasdasdasdasdasd
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11150
Published : Sept. 29, 2025, 10:52 a.m. | 34 minutes ago
Description : asdasdasdasdasdasdasd
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6724 - Chef Automate SQL Injection Vulnerability
CVE ID : CVE-2025-6724
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6724
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8868 - Chef Automate compliance service SQL Injection Vulnerability
CVE ID : CVE-2025-8868
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8868
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9648 - Denial of Service in CivetWeb
CVE ID : CVE-2025-9648
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests. This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9648
Published : Sept. 29, 2025, 12:15 p.m. | 3 hours, 10 minutes ago
Description : A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests. This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13150 - SQLi in Fayton Software's fayton.pro ERP
CVE ID : CVE-2024-13150
Published : Sept. 29, 2025, 1:15 p.m. | 2 hours, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fayton.Pro ERP: through 20250929.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13150
Published : Sept. 29, 2025, 1:15 p.m. | 2 hours, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fayton.Pro ERP: through 20250929.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57428 - Italy Wireless Mini Router WIRELESS-N 300M Default Credentials Telnet Debug Shell Command Injection
CVE ID : CVE-2025-57428
Published : Sept. 29, 2025, 2:16 p.m. | 1 hour, 9 minutes ago
Description : Default credentials in Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57428
Published : Sept. 29, 2025, 2:16 p.m. | 1 hour, 9 minutes ago
Description : Default credentials in Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36352 - IBM License Metric Tool cross-site scripting
CVE ID : CVE-2025-36352
Published : Sept. 29, 2025, 2:25 p.m. | 1 hour, 1 minute ago
Description : IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36352
Published : Sept. 29, 2025, 2:25 p.m. | 1 hour, 1 minute ago
Description : IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36351 - IBM License Metric Tool bypass security
CVE ID : CVE-2025-36351
Published : Sept. 29, 2025, 2:27 p.m. | 59 minutes ago
Description : IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36351
Published : Sept. 29, 2025, 2:27 p.m. | 59 minutes ago
Description : IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41245 - VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
CVE ID : CVE-2025-41245
Published : Sept. 29, 2025, 5:15 p.m. | 2 hours, 11 minutes ago
Description : VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41245
Published : Sept. 29, 2025, 5:15 p.m. | 2 hours, 11 minutes ago
Description : VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...