CVE-2025-28073 - phpList Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-28073
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28073
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44023 - D-Link DNS-320 Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-44023
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44023
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45787 - Totolink A3100R Buffer Overflow Vulnerability
CVE ID : CVE-2025-45787
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45787
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45788 - TOTOLINK A3100R Buffer Overflow Vulnerability
CVE ID : CVE-2025-45788
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45788
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45789 - TOTOLINK A3100R Buffer Overflow
CVE ID : CVE-2025-45789
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45789
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45790 - TOTOLINK A3100R Buffer Overflow Vulnerability
CVE ID : CVE-2025-45790
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45790
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45797 - TOTOlink A950RG Buffer Overflow Vulnerability in NoticeUrl Parameter
CVE ID : CVE-2025-45797
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45797
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45798 - TOTOLINK A950RG Command Execution Vulnerability
CVE ID : CVE-2025-45798
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45798
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46336 - Rack::Session Pool Session Restoration Vulnerability
CVE ID : CVE-2025-46336
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46336
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46712 - Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability
CVE ID : CVE-2025-46712
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46712
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46812 - Trix Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-46812
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This issue has been patched in version 2.1.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46812
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This issue has been patched in version 2.1.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46833 - Apache SimplePythonEncryption RSA Brute Force Decryption Vulnerability
CVE ID : CVE-2025-46833
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46833
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4475 - Here is a potential title for the vulnerability: "Apache Struts Remote Code Execution Vulnerability"
CVE ID : CVE-2025-4475
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Issue in my product in blah version x on y allows bad person to break
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4475
Published : May 8, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Issue in my product in blah version x on y allows bad person to break
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-31585 - Grocery-CMS-PHP Unauthenticated File Upload Vulnerability
CVE ID : CVE-2023-31585
Published : May 8, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-31585
Published : May 8, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28074 - phpList XSS Injection
CVE ID : CVE-2025-28074
Published : May 8, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28074
Published : May 8, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1329 - IBM CICS TX DNS Rebinding Vulnerability
CVE ID : CVE-2025-1329
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1329
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1330 - IBM CICS TX DNS Code Injection
CVE ID : CVE-2025-1330
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1330
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1331 - IBM CICS TX Buffer Overflow Vulnerability
CVE ID : CVE-2025-1331
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1331
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27578 - Pixmeo OsiriX MD Denial-of-Service Use-After-Free Vulnerability
CVE ID : CVE-2025-27578
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27578
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27720 - Pixmeo Osirix MD Unencrypted Credential Disclosure
CVE ID : CVE-2025-27720
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27720
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29813 - Microsoft Visual Studio Pipeline Job Token Elevation of Privilege Vulnerability
CVE ID : CVE-2025-29813
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29813
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...