CVE-2025-62656 - GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS
CVE ID : CVE-2025-62656
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62656
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62657 - Stored XSS through system messages in PageForms
CVE ID : CVE-2025-62657
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62657
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62658 - SQL injection in WatchAnalytics through Special:ClearPendingReviews
CVE ID : CVE-2025-62658
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62658
Published : Oct. 20, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2018-25118 - GeoVision Command Injection RCE via /PictureCatch.cgi
CVE ID : CVE-2018-25118
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2018-25118
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11536 - Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
CVE ID : CVE-2025-11536
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11536
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12001 - Incorrect Content-Type Header
CVE ID : CVE-2025-12001
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12001
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54764 - Mbed TLS RSA Timing Attack
CVE ID : CVE-2025-54764
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54764
Published : Oct. 20, 2025, 10:15 p.m. | 33 minutes ago
Description : Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6541 - OS command injection using information obtained from the web management interface
CVE ID : CVE-2025-6541
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6541
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6542 - OS command injection in multiple parameters
CVE ID : CVE-2025-6542
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6542
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7850 - Authenticated OS command execution
CVE ID : CVE-2025-7850
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7850
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7851 - Unauthorized root access via debug functionality
CVE ID : CVE-2025-7851
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7851
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8078 - Zyxel ATP/USG FLEX/USG20 Command Injection Vulnerability
CVE ID : CVE-2025-8078
Published : Oct. 21, 2025, 1:49 a.m. | 1 hour, 5 minutes ago
Description : A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8078
Published : Oct. 21, 2025, 1:49 a.m. | 1 hour, 5 minutes ago
Description : A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9133 - Zyxel ATP/USG FLEX/USG20(W) Missing Authorization Vulnerability
CVE ID : CVE-2025-9133
Published : Oct. 21, 2025, 1:57 a.m. | 58 minutes ago
Description : A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9133
Published : Oct. 21, 2025, 1:57 a.m. | 58 minutes ago
Description : A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62677 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62677
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62677
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62678 - Apache HTTP Server Unvalidated Redirect
CVE ID : CVE-2025-62678
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62678
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62679 - Cisco Webex Meeting Server Authentication Bypass
CVE ID : CVE-2025-62679
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62679
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62680 - Apache Struts Unvalidated Redirect
CVE ID : CVE-2025-62680
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62680
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62681 - Apache HTTP Server Unvalidated User-Input
CVE ID : CVE-2025-62681
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62681
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62682 - Apache HTTP Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-62682
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62682
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62683 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-62683
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62683
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62684 - Cisco Router Unauthenticated Remote Command Execution
CVE ID : CVE-2025-62684
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62684
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...