π¨ CVE-2025-64696
π’ Source: None
π£ CVSS Score: 3.3 (LOW)
π‘ Remotely Exploitable: False
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.
π Published Date: 2025-12-09 10:20:26.725733+00:00
https://cvefeed.io/vuln/detail/CVE-2025-64696
π’ Source: None
π£ CVSS Score: 3.3 (LOW)
π‘ Remotely Exploitable: False
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.
π Published Date: 2025-12-09 10:20:26.725733+00:00
https://cvefeed.io/vuln/detail/CVE-2025-64696
cvefeed.io
CVE-2025-64696 - Brother iPrint&Scan Android App External Cache Directory Information Disclosure
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.
π¨ CVE-2025-59030
π’ Source: None
π£ CVSS Score: 7.5 (HIGH)
π‘ Remotely Exploitable: True
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
π Published Date: 2025-12-09 10:20:26.724562+00:00
https://cvefeed.io/vuln/detail/CVE-2025-59030
π’ Source: None
π£ CVSS Score: 7.5 (HIGH)
π‘ Remotely Exploitable: True
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
π Published Date: 2025-12-09 10:20:26.724562+00:00
https://cvefeed.io/vuln/detail/CVE-2025-59030
cvefeed.io
CVE-2025-59030 - OpenLDAP DNS Cache Poisoning Vulnerability
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
π¨ CVE-2025-59029
π’ Source: None
π£ CVSS Score: 5.3 (MEDIUM)
π‘ Remotely Exploitable: True
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
π Published Date: 2025-12-09 10:20:26.725006+00:00
https://cvefeed.io/vuln/detail/CVE-2025-59029
π’ Source: None
π£ CVSS Score: 5.3 (MEDIUM)
π‘ Remotely Exploitable: True
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
π Published Date: 2025-12-09 10:20:26.725006+00:00
https://cvefeed.io/vuln/detail/CVE-2025-59029
cvefeed.io
CVE-2025-59029 - Apache HTTP Server DNS Cache Denial of Service
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
π¨ CVE-2025-41752
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.726269+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41752
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.726269+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41752
cvefeed.io
CVE-2025-41752 - Brocade NetIron pxc_portSfp Cross-Site Scripting Vulnerability
An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41751
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.729640+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41751
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.729640+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41751
cvefeed.io
CVE-2025-41751 - Brocade VDX XSS Vulnerability
An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41750
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.725219+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41750
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.725219+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41750
cvefeed.io
CVE-2025-41750 - Brocade PXC Web-Based Management XSS
An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41749
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.725839+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41749
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.725839+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41749
cvefeed.io
CVE-2025-41749 - Fortinet FortiSwitch Stored XSS
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41748
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.730752+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41748
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.730752+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41748
cvefeed.io
CVE-2025-41748 - Proximotion Web Management XSS
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41747
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.731266+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41747
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.731266+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41747
cvefeed.io
CVE-2025-41747 - Brocade Web-Based Management Cross-Site Scripting (XSS)
An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41746
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.731036+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41746
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.731036+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41746
cvefeed.io
CVE-2025-41746 - Brocade Web-Based Management Cross-Site Scripting
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41745
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.730054+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41745
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.730054+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41745
cvefeed.io
CVE-2025-41745 - Brocade Communications Web-Based Management Cross-Site Scripting (XSS)
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41697
π’ Source: None
π£ CVSS Score: 6.8 (MEDIUM)
π‘ Remotely Exploitable: False
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
π Published Date: 2025-12-09 10:20:26.729595+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41697
π’ Source: None
π£ CVSS Score: 6.8 (MEDIUM)
π‘ Remotely Exploitable: False
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
π Published Date: 2025-12-09 10:20:26.729595+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41697
cvefeed.io
CVE-2025-41697 - AVM FRITZ! UART Backdoor
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
π¨ CVE-2025-41696
π’ Source: None
π£ CVSS Score: 4.6 (MEDIUM)
π‘ Remotely Exploitable: False
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.
π Published Date: 2025-12-09 10:20:26.725367+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41696
π’ Source: None
π£ CVSS Score: 4.6 (MEDIUM)
π‘ Remotely Exploitable: False
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.
π Published Date: 2025-12-09 10:20:26.725367+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41696
cvefeed.io
CVE-2025-41696 - Qualcomm UART Unauthorized Access Vulnerability
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.
π¨ CVE-2025-41695
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.726257+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41695
π’ Source: None
π£ CVSS Score: 7.1 (HIGH)
π‘ Remotely Exploitable: True
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
π Published Date: 2025-12-09 10:20:26.726257+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41695
cvefeed.io
CVE-2025-41695 - Juniper Networks Web Based Management Cross-Site Scripting (XSS)
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilityβ¦
π¨ CVE-2025-41694
π’ Source: None
π£ CVSS Score: 6.5 (MEDIUM)
π‘ Remotely Exploitable: True
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.
π Published Date: 2025-12-09 10:20:26.736708+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41694
π’ Source: None
π£ CVSS Score: 6.5 (MEDIUM)
π‘ Remotely Exploitable: True
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.
π Published Date: 2025-12-09 10:20:26.736708+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41694
cvefeed.io
CVE-2025-41694 - Apache WebServer Denial of Service
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.
π¨ CVE-2025-41693
π’ Source: None
π£ CVSS Score: 4.3 (MEDIUM)
π‘ Remotely Exploitable: True
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.
π Published Date: 2025-12-09 10:20:26.729854+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41693
π’ Source: None
π£ CVSS Score: 4.3 (MEDIUM)
π‘ Remotely Exploitable: True
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.
π Published Date: 2025-12-09 10:20:26.729854+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41693
cvefeed.io
CVE-2025-41693 - Cisco SSH Command Injection Vulnerability
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.
π¨ CVE-2025-41692
π’ Source: None
π£ CVSS Score: 6.8 (MEDIUM)
π‘ Remotely Exploitable: True
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
π Published Date: 2025-12-09 10:20:26.730486+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41692
π’ Source: None
π£ CVSS Score: 6.8 (MEDIUM)
π‘ Remotely Exploitable: True
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
π Published Date: 2025-12-09 10:20:26.730486+00:00
https://cvefeed.io/vuln/detail/CVE-2025-41692
cvefeed.io
CVE-2025-41692 - Cisco ASA Weak Password Generation Vulnerability
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
π¨ CVE-2025-40820
π’ Source: None
π£ CVSS Score: 7.5 (HIGH)
π‘ Remotely Exploitable: True
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
π Published Date: 2025-12-09 12:29:56.684453+00:00
https://cvefeed.io/vuln/detail/CVE-2025-40820
π’ Source: None
π£ CVSS Score: 7.5 (HIGH)
π‘ Remotely Exploitable: True
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
π Published Date: 2025-12-09 12:29:56.684453+00:00
https://cvefeed.io/vuln/detail/CVE-2025-40820
cvefeed.io
CVE-2025-40820 - Apache TCP Sequence Number Validation Bypass
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denialβ¦
π¨ CVE-2025-6924
π’ Source: None
π£ CVSS Score: 5.4 (MEDIUM)
π‘ Remotely Exploitable: True
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
π Published Date: 2025-12-09 14:20:15.725928+00:00
https://cvefeed.io/vuln/detail/CVE-2025-6924
π’ Source: None
π£ CVSS Score: 5.4 (MEDIUM)
π‘ Remotely Exploitable: True
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
π Published Date: 2025-12-09 14:20:15.725928+00:00
https://cvefeed.io/vuln/detail/CVE-2025-6924
cvefeed.io
CVE-2025-6924 - TalentSoft Software e-BAP Automation Cross-site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
π¨ CVE-2025-12807
π’ Source: None
π£ CVSS Score: 0.0 (NA)
π‘ Remotely Exploitable: False
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.
π Published Date: 2025-12-09 14:20:15.724656+00:00
https://cvefeed.io/vuln/detail/CVE-2025-12807
π’ Source: None
π£ CVSS Score: 0.0 (NA)
π‘ Remotely Exploitable: False
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.
π Published Date: 2025-12-09 14:20:15.724656+00:00
https://cvefeed.io/vuln/detail/CVE-2025-12807
cvefeed.io
CVE-2025-12807 - DataMosaix Private Cloud Privilege Escalation Vulnerability
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.
π¨ CVE-2025-12705
π’ Source: None
π£ CVSS Score: 7.2 (HIGH)
π‘ Remotely Exploitable: True
The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5.
π Published Date: 2025-12-09 14:20:15.723789+00:00
https://cvefeed.io/vuln/detail/CVE-2025-12705
π’ Source: None
π£ CVSS Score: 7.2 (HIGH)
π‘ Remotely Exploitable: True
The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5.
π Published Date: 2025-12-09 14:20:15.723789+00:00
https://cvefeed.io/vuln/detail/CVE-2025-12705
cvefeed.io
CVE-2025-12705 - WordPress Social Reviews & Recommendations Stored Cross-Site Scripting (XSS)
The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping.β¦