CVE-2025-3719 - Incorrect authorization for CLI in Guardian/CMC before 25.2.0
CVE ID : CVE-2025-3719
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or affecting its availability.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3719
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or affecting its availability.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40649 - Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC
CVE ID : CVE-2025-40649
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure (BBMRI-ERIC), consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40649
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure (BBMRI-ERIC), consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40676 - Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC
CVE ID : CVE-2025-40676
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in '/api/v3/users/', which may result in the exposure or alteration of sensitive data
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40676
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in '/api/v3/users/', which may result in the exposure or alteration of sensitive data
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40885 - Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0
CVE ID : CVE-2025-40885
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40885
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40886 - Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0
CVE ID : CVE-2025-40886
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40886
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40887 - Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0
CVE ID : CVE-2025-40887
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40887
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40888 - Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0
CVE ID : CVE-2025-40888
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40888
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40889 - Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0
CVE ID : CVE-2025-40889
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder, and/or affect their availability.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40889
Published : Oct. 7, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder, and/or affect their availability.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-22291 - EIBPORT Reflected XSS
CVE ID : CVE-2021-22291
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-22291
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11397 - SourceCodester Hotel and Lodge Management System login.php sql injection
CVE ID : CVE-2025-11397
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11397
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25009 - Kibana Cross-Site Scripting (XSS)
CVE ID : CVE-2025-25009
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25009
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37728 - Kibana Insufficiently Protected Credentials in the CrowdStrike Connector
CVE ID : CVE-2025-37728
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37728
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48826 - Planet WGR-500 Format String Vulnerability
CVE ID : CVE-2025-48826
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48826
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50505 - Clash Verge Rev Privilege Escalation Vulnerability
CVE ID : CVE-2025-50505
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50505
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53476 - OpenPLC ModbusTCP Server Denial of Service
CVE ID : CVE-2025-53476
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53476
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54399 - Planet WGR-500 HTTP PingCmd Stack-Based Buffer Overflow
CVE ID : CVE-2025-54399
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c 2>&1 > %s &"` string.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54399
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c 2>&1 > %s &"` string.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54400 - Planet WGR-500 HTTP PingCmd Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-54400
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c 2>&1 > %s &"` string.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54400
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c 2>&1 > %s &"` string.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54401 - Planet WGR-500 HTTP FormPingCmd Stack Buffer Overflow
CVE ID : CVE-2025-54401
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54401
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54402 - Multiple stack-based buffer overflow vulnerabiliti
CVE ID : CVE-2025-54402
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` and `ipaddr` request parameters combined.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54402
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` and `ipaddr` request parameters combined.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54403 - Planet WGR-500 Swctrl OS Command Injection Vulnerability
CVE ID : CVE-2025-54403
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_password` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54403
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_password` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54404 - Planet WGR-500 OS Command Injection Vulnerability in swctrl
CVE ID : CVE-2025-54404
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_device_name` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54404
Published : Oct. 7, 2025, 2:15 p.m. | 23 minutes ago
Description : Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_device_name` request parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...