CVE-2025-41772 - wwwupdate.cgi Session token in URL
CVE ID :CVE-2025-41772
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41772
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61611 - "Ericsson Modem Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-61611
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61611
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61612 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61612
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61612
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61613 - "NR Modem Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-61613
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61613
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61614 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61614
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61614
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61615 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61615
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61615
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61616 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61616
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61616
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69278 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-69278
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69278
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69279 - NR Modem Denial of Service Vulnerability
CVE ID :CVE-2025-69279
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69279
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24015 - Apache IoTDB: Insecure Default Configuration Vulnerability
CVE ID :CVE-2026-24015
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24015
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24713 - Apache IoTDB: JEXL Expression Injection Vulnerability
CVE ID :CVE-2026-24713
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24713
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3811 - Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow
CVE ID :CVE-2026-3811
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3811
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3812 - itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting
CVE ID :CVE-2026-3812
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3812
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33022 - Apache Struts Remote Code Execution
CVE ID :CVE-2025-33022
Published : March 9, 2026, 10:15 a.m. | 1 hour, 20 minutes ago
Description :Rejected reason: The reporter agreed to not assign CVE ID
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-33022
Published : March 9, 2026, 10:15 a.m. | 1 hour, 20 minutes ago
Description :Rejected reason: The reporter agreed to not assign CVE ID
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40638 - Reflected Cross-Site Scripting (XSS) in Eventobot
CVE ID :CVE-2025-40638
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-40638
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40639 - SQL injection in Eventobot
CVE ID :CVE-2025-40639
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-40639
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3813 - opencc JFlow WF_CCForm.java Calculate injection
CVE ID :CVE-2026-3813
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3813
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3814 - UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow
CVE ID :CVE-2026-3814
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3814
Published : March 9, 2026, 10:16 a.m. | 1 hour, 20 minutes ago
Description :A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69219 - Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator
CVE ID :CVE-2025-69219
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69219
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25604 - Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
CVE ID :CVE-2026-25604
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25604
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3815 - UTT HiPER 810G formApMail strcpy buffer overflow
CVE ID :CVE-2026-3815
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3815
Published : March 9, 2026, 11:16 a.m. | 20 minutes ago
Description :A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...