CVE-2025-59273 - Azure Event Grid System Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59273
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59273
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59500 - Azure Notification Service Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59500
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59500
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59503 - Azure Compute Resource Provider Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59503
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59503
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61934 - AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327
CVE ID : CVE-2025-61934
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61934
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61977 - AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password
CVE ID : CVE-2025-61977
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61977
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62498 - AutomationDirect Productivity Suite Relative Path Traversal
CVE ID : CVE-2025-62498
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62498
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62688 - AutomationDirect Productivity Suite Incorrect Permission Assignment for Critical Resource
CVE ID : CVE-2025-62688
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62688
Published : Oct. 23, 2025, 10:15 p.m. | 1 hour ago
Description : An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62254 - Liferay Portal DoS File Combination Vulnerability
CVE ID : CVE-2025-62254
Published : Oct. 23, 2025, 10:16 p.m. | 59 minutes ago
Description : The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62254
Published : Oct. 23, 2025, 10:16 p.m. | 59 minutes ago
Description : The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59776 - AutomationDirect Productivity Suite Relative Path Traversal
CVE ID : CVE-2025-59776
Published : Oct. 23, 2025, 10:17 p.m. | 58 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59776
Published : Oct. 23, 2025, 10:17 p.m. | 58 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60023 - AutomationDirect Productivity Suite Relative Path Traversal
CVE ID : CVE-2025-60023
Published : Oct. 23, 2025, 10:21 p.m. | 55 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60023
Published : Oct. 23, 2025, 10:21 p.m. | 55 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7730 - Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter
CVE ID : CVE-2025-7730
Published : Oct. 23, 2025, 10:25 p.m. | 50 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7730
Published : Oct. 23, 2025, 10:25 p.m. | 50 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62827 - Microsoft Exchange Server Unvalidated User Input
CVE ID : CVE-2025-62827
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62827
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62828 - SAP SQL Injection
CVE ID : CVE-2025-62828
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62828
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62829 - Apache HTTP Server SQL Injection
CVE ID : CVE-2025-62829
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62829
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62830 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-62830
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62830
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62831 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62831
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62831
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62832 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62832
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62832
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62833 - Apache HTTP Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-62833
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62833
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62834 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62834
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62834
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62835 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62835
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62835
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10723 - PixelYourSite < 11.1.2 - Admin+ LFI
CVE ID : CVE-2025-10723
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10723
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...