CVE-2025-62807 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62807
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62807
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62808 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62808
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62808
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62809 - Apache Struts Command Injection
CVE ID : CVE-2025-62809
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62809
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62810 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62810
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62810
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62811 - Apache Web Server Unvalidated User Input
CVE ID : CVE-2025-62811
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62811
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62812 - Apache HTTP Server Unauthenticated Remote Code Execution
CVE ID : CVE-2025-62812
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62812
Published : Oct. 23, 2025, 3:15 a.m. | 3 hours, 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12104 - Incorrect Content-Type Header
CVE ID : CVE-2025-12104
Published : Oct. 23, 2025, 4:15 a.m. | 2 hours, 57 minutes ago
Description : Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12104
Published : Oct. 23, 2025, 4:15 a.m. | 2 hours, 57 minutes ago
Description : Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35981 - VISA Command Centre Server Information Disclosure
CVE ID : CVE-2025-35981
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6).
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35981
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6).
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41402 - Schneider Electric Command Centre Server Expiration Check Bypass
CVE ID : CVE-2025-41402
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), all versions of 9.00 and prior.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41402
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), all versions of 9.00 and prior.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47699 - Gallagher Morpho Command Centre Server Unauthorized Configuration Exposure
CVE ID : CVE-2025-47699
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47699
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48428 - Gallagher Morpho Command Centre Server Key Export Vulnerability
CVE ID : CVE-2025-48428
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48428
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48430 - Schneider Electric Command Centre Server DoS
CVE ID : CVE-2025-48430
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48430
Published : Oct. 23, 2025, 4:16 a.m. | 2 hours, 56 minutes ago
Description : Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62813 - LZ4 Denial of Service (DoS) and Potential Unspecified Impact Vulnerability
CVE ID : CVE-2025-62813
Published : Oct. 23, 2025, 4:17 a.m. | 2 hours, 55 minutes ago
Description : LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62813
Published : Oct. 23, 2025, 4:17 a.m. | 2 hours, 55 minutes ago
Description : LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62820 - Slack Nebula IP Address Spoofing
CVE ID : CVE-2025-62820
Published : Oct. 23, 2025, 4:18 a.m. | 2 hours, 54 minutes ago
Description : Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62820
Published : Oct. 23, 2025, 4:18 a.m. | 2 hours, 54 minutes ago
Description : Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54806 - GROWI Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54806
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54806
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54856 - Movable Type Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54856
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54856
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61865 - NarSuS App Windows Service Path Injection Vulnerability
CVE ID : CVE-2025-61865
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61865
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62499 - Movable Type Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-62499
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62499
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41073 - Path Traversal in Gandia Integra Total by TESI
CVE ID : CVE-2025-41073
Published : Oct. 23, 2025, 11:15 a.m. | 3 hours, 59 minutes ago
Description : Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41073
Published : Oct. 23, 2025, 11:15 a.m. | 3 hours, 59 minutes ago
Description : Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-14011 - Cisco WebEx WebConference Session Hijacking Vulnerability
CVE ID : CVE-2024-14011
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Rejected reason: This is a duplicate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-14011
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Rejected reason: This is a duplicate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10355 - Open redirection vulnerability in MOLGENIS EMX2
CVE ID : CVE-2025-10355
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10355
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...