CVE-2025-7851 - Unauthorized root access via debug functionality
CVE ID : CVE-2025-7851
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7851
Published : Oct. 21, 2025, 1:15 a.m. | 1 hour, 39 minutes ago
Description : An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8078 - Zyxel ATP/USG FLEX/USG20 Command Injection Vulnerability
CVE ID : CVE-2025-8078
Published : Oct. 21, 2025, 1:49 a.m. | 1 hour, 5 minutes ago
Description : A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8078
Published : Oct. 21, 2025, 1:49 a.m. | 1 hour, 5 minutes ago
Description : A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9133 - Zyxel ATP/USG FLEX/USG20(W) Missing Authorization Vulnerability
CVE ID : CVE-2025-9133
Published : Oct. 21, 2025, 1:57 a.m. | 58 minutes ago
Description : A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9133
Published : Oct. 21, 2025, 1:57 a.m. | 58 minutes ago
Description : A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62677 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62677
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62677
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62678 - Apache HTTP Server Unvalidated Redirect
CVE ID : CVE-2025-62678
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62678
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62679 - Cisco Webex Meeting Server Authentication Bypass
CVE ID : CVE-2025-62679
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62679
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62680 - Apache Struts Unvalidated Redirect
CVE ID : CVE-2025-62680
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62680
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62681 - Apache HTTP Server Unvalidated User-Input
CVE ID : CVE-2025-62681
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62681
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62682 - Apache HTTP Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-62682
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62682
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62683 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-62683
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62683
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62684 - Cisco Router Unauthenticated Remote Command Execution
CVE ID : CVE-2025-62684
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62684
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62695 - Stored XSS through system messages
CVE ID : CVE-2025-62695
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62695
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62696 - Multiple critical security issues in Springboard
CVE ID : CVE-2025-62696
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62696
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62699 - Special:Translate tool do not use the correct IP and User-Agent in the CheckUser tool
CVE ID : CVE-2025-62699
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CheckUser Extension allows Footprinting.This issue affects Mediawiki - CheckUser Extension: from master before 1.39.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62699
Published : Oct. 21, 2025, 4:16 a.m. | 40 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CheckUser Extension allows Footprinting.This issue affects Mediawiki - CheckUser Extension: from master before 1.39.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62694 - Stored XSS through a system message
CVE ID : CVE-2025-62694
Published : Oct. 21, 2025, 4:28 a.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62694
Published : Oct. 21, 2025, 4:28 a.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62702 - Stored XSS through system messages
CVE ID : CVE-2025-62702
Published : Oct. 21, 2025, 4:42 a.m. | 14 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62702
Published : Oct. 21, 2025, 4:42 a.m. | 14 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62701 - Stored XSS through system messages
CVE ID : CVE-2025-62701
Published : Oct. 21, 2025, 5:15 a.m. | 3 hours, 42 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62701
Published : Oct. 21, 2025, 5:15 a.m. | 3 hours, 42 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10916 - FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion
CVE ID : CVE-2025-10916
Published : Oct. 21, 2025, 6:15 a.m. | 2 hours, 42 minutes ago
Description : The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10916
Published : Oct. 21, 2025, 6:15 a.m. | 2 hours, 42 minutes ago
Description : The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11949 - Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication
CVE ID : CVE-2025-11949
Published : Oct. 21, 2025, 7:15 a.m. | 1 hour, 42 minutes ago
Description : EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11949
Published : Oct. 21, 2025, 7:15 a.m. | 1 hour, 42 minutes ago
Description : EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12004 - The compare API module breaks Extension:Lockdown
CVE ID : CVE-2025-12004
Published : Oct. 21, 2025, 7:15 a.m. | 1 hour, 42 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12004
Published : Oct. 21, 2025, 7:15 a.m. | 1 hour, 42 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26392 - SolarWinds Observability Self-Hosted SQL Injection Vulnerability
CVE ID : CVE-2025-26392
Published : Oct. 21, 2025, 8:15 a.m. | 42 minutes ago
Description : SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26392
Published : Oct. 21, 2025, 8:15 a.m. | 42 minutes ago
Description : SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...