CVE-2025-60962 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60962
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60962
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60963 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60963
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60963
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60964 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60964
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60964
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60965 - EndRun Technologies Sonoma D12 Network Time Server (GPS) Command Injection Vulnerability
CVE ID : CVE-2025-60965
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60965
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60967 - EndRun Technologies Sonoma D12 Network Time Server (GPS) XSS
CVE ID : CVE-2025-60967
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60967
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60969 - EndRun Technologies Sonoma D12 Network Time Server (GPS) Directory Traversal Vulnerability
CVE ID : CVE-2025-60969
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60969
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61766 - Bucket vulnerable to infinite recursion when querying a bucket using the != operator
CVE ID : CVE-2025-61766
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61766
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61769 - Emlog vulnerable to stored XSS in file upload functionality in emlog
CVE ID : CVE-2025-61769
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61769
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61777 - FlagForge Allows Unauthenticated Badge Template API Access
CVE ID : CVE-2025-61777
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61777
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61778 - Akka.Remote TLS did not properly implement certificate-based authentication
CVE ID : CVE-2025-61778
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of inbound connections. Akka.Remote, however, never asked the outbound-connecting client to present ITS certificate - therefore it's possible for untrusted parties to connect to a private key'd Akka.NET cluster and begin communicating with it without any certificate. The issue here is that for certificate-based authentication to work properly, ensuring that all members of the Akka.Remote network are secured with the same private key, Akka.Remote needed to implement mutual TLS. This was not the case before Akka.NET v1.5.52. Those who run Akka.NET inside a private network that they fully control or who were never using TLS in the first place are now affected by the bug. However, those who use TLS to secure their networks must upgrade to Akka.NET V1.5.52 or later. One patch forces "fail fast" semantics if TLS is enabled but the private key is missing or invalid. Previous versions would only check that once connection attempts occurred. The second patch, a critical fix, enforces mutual TLS (mTLS) by default, so both parties must be keyed using the same certificate. As a workaround, avoid exposing the application publicly to avoid the vulnerability having a practical impact on one's application. However, upgrading to version 1.5.52 is still recommended by the maintainers.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61778
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of inbound connections. Akka.Remote, however, never asked the outbound-connecting client to present ITS certificate - therefore it's possible for untrusted parties to connect to a private key'd Akka.NET cluster and begin communicating with it without any certificate. The issue here is that for certificate-based authentication to work properly, ensuring that all members of the Akka.Remote network are secured with the same private key, Akka.Remote needed to implement mutual TLS. This was not the case before Akka.NET v1.5.52. Those who run Akka.NET inside a private network that they fully control or who were never using TLS in the first place are now affected by the bug. However, those who use TLS to secure their networks must upgrade to Akka.NET V1.5.52 or later. One patch forces "fail fast" semantics if TLS is enabled but the private key is missing or invalid. Previous versions would only check that once connection attempts occurred. The second patch, a critical fix, enforces mutual TLS (mTLS) by default, so both parties must be keyed using the same certificate. As a workaround, avoid exposing the application publicly to avoid the vulnerability having a practical impact on one's application. However, upgrading to version 1.5.52 is still recommended by the maintainers.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11342 - code-projects Online Course Registration edit-course.php sql injection
CVE ID : CVE-2025-11342
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11342
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11343 - code-projects Student Crud Operation delete.php sql injection
CVE ID : CVE-2025-11343
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11343
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28129 - PhpGurukul Hostel Management System Clickjacking Vulnerability
CVE ID : CVE-2025-28129
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28129
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56382 - LionCoders SalePro POS Stored XSS Vulnerability
CVE ID : CVE-2025-56382
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56382
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57515 - Uniclare Student Portal SQL Injection Vulnerability
CVE ID : CVE-2025-57515
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57515
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6985 - XXE Vulnerability in langchain-ai/langchain
CVE ID : CVE-2025-6985
Published : Oct. 6, 2025, 6:15 p.m. | 22 minutes ago
Description : The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without any hardening measures. In lxml versions up to 4.9.x, external entities are resolved by default, allowing attackers to read arbitrary local files or perform outbound HTTP(S) fetches. In lxml versions 5.0 and above, while entity expansion is disabled, the XSLT document() function can still read any URI unless XSLTAccessControl is applied. This vulnerability allows remote attackers to gain read-only access to any file the LangChain process can reach, including sensitive files such as SSH keys, environment files, source code, or cloud metadata. No authentication, special privileges, or user interaction are required, and the issue is exploitable in default deployments that enable custom XSLT.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6985
Published : Oct. 6, 2025, 6:15 p.m. | 22 minutes ago
Description : The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without any hardening measures. In lxml versions up to 4.9.x, external entities are resolved by default, allowing attackers to read arbitrary local files or perform outbound HTTP(S) fetches. In lxml versions 5.0 and above, while entity expansion is disabled, the XSLT document() function can still read any URI unless XSLTAccessControl is applied. This vulnerability allows remote attackers to gain read-only access to any file the LangChain process can reach, including sensitive files such as SSH keys, environment files, source code, or cloud metadata. No authentication, special privileges, or user interaction are required, and the issue is exploitable in default deployments that enable custom XSLT.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11344 - ILIAS Certificate Import Remote Code Execution
CVE ID : CVE-2025-11344
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11344
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11345 - ILIAS Test Import unserialize deserialization
CVE ID : CVE-2025-11345
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11345
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61984 - OpenSSH SSH Command Injection
CVE ID : CVE-2025-61984
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61984
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61985 - OpenSSH SSH URI Injection Vulnerability
CVE ID : CVE-2025-61985
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61985
Published : Oct. 6, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11346 - ILIAS Base64 Decoding unserialize deserialization
CVE ID : CVE-2025-11346
Published : Oct. 6, 2025, 8:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11346
Published : Oct. 6, 2025, 8:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...