CVE
CVE
Latest Cyber News
CVE-2025-24973 - Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-24976 - Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-24807 - eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-24896 - Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-24897 - Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-24900 - Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2025-22467 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-47908 - OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-13813 - Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-13830 - Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-13842 - A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-13843 - Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-10644 - Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-11771 - Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-12058 - External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-12797 - Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact ...
3 hours ago Tenable.com
3 hours ago Tenable.com
CVE-2024-33659 - AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM ...
4 hours ago Tenable.com
4 hours ago Tenable.com
CVE-2025-1231 - Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. ...
5 hours ago Tenable.com
5 hours ago Tenable.com
CVE-2025-26492 - In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources ...
5 hours ago Tenable.com
5 hours ago Tenable.com
CVE-2025-26493 - In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab ...
5 hours ago Tenable.com
5 hours ago Tenable.com
CVE-2024-12366 - PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. ...
6 hours ago Tenable.com
6 hours ago Tenable.com
CVE-2025-0588 - In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses ...
7 hours ago Tenable.com
7 hours ago Tenable.com
CVE-2025-24812 - A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/Rly ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-24956 - A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-26490 - A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Personal access token disclosure vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 000390611. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-26491 - A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Server-side request forgery (SSRF) vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 001534936. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-0862 - The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-23363 - A vulnerability has been identified in Teamcenter (All versions < V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-23403 - A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-24499 - A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-24532 - A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-24811 - A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-53977 - A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-54015 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-54089 - A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-54090 - A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-0513 - In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-0526 - In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-53648 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-53651 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-45386 - A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-13506 - The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2024-23814 - A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2023-37482 - The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. ...
8 hours ago Tenable.com
8 hours ago Tenable.com
CVE-2025-0525 - In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server. ...
9 hours ago Tenable.com
9 hours ago Tenable.com
CVE-2025-26408 - The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's ...
9 hours ago Tenable.com
9 hours ago Tenable.com
CVE-2025-26409 - A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root ...
9 hours ago Tenable.com
9 hours ago Tenable.com
CVE-2025-26410 - The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login ...
9 hours ago Tenable.com
9 hours ago Tenable.com
CVE-2025-26411 - An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a ...
9 hours ago Tenable.com
9 hours ago Tenable.com
CVE-2025-0589 - In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active ...
10 hours ago Tenable.com
10 hours ago Tenable.com
CVE-2025-1182 - A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to ...
10 hours ago Tenable.com
10 hours ago Tenable.com
CVE-2024-52606 - SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2024-52611 - The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2024-52612 - SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2025-1180 - A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2025-1181 - A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2024-13643 - The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2024-28989 - SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2024-45718 - Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data. ...
11 hours ago Tenable.com
11 hours ago Tenable.com
CVE-2025-1179 - A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched ...
12 hours ago Tenable.com
12 hours ago Tenable.com
CVE-2025-0180 - The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it ...
12 hours ago Tenable.com
12 hours ago Tenable.com
CVE-2025-0181 - The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and ...
12 hours ago Tenable.com
12 hours ago Tenable.com
CVE-2025-1178 - A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be ...
12 hours ago Tenable.com
12 hours ago Tenable.com
CVE-2025-1176 - A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be ...
13 hours ago Tenable.com
13 hours ago Tenable.com
CVE-2025-1177 - A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the ...
13 hours ago Tenable.com
13 hours ago Tenable.com
CVE-2024-13543 - The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. ...
13 hours ago Tenable.com
13 hours ago Tenable.com
CVE-2024-13544 - The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite ...
13 hours ago Tenable.com
13 hours ago Tenable.com
CVE-2024-13570 - The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. ...
13 hours ago Tenable.com
13 hours ago Tenable.com
CVE-2025-1211 - Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the ...
14 hours ago Tenable.com
14 hours ago Tenable.com
CVE-2025-1173 - A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible ...
14 hours ago Tenable.com
14 hours ago Tenable.com
CVE-2025-1174 - A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the component Add Book Page. The manipulation of the argument ...
14 hours ago Tenable.com
14 hours ago Tenable.com
CVE-2024-12599 - The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping ...
14 hours ago Tenable.com
14 hours ago Tenable.com
CVE-2025-0896 - Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker. ...
15 hours ago Tenable.com
15 hours ago Tenable.com
CVE-2025-1143 - Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system. ...
15 hours ago Tenable.com
15 hours ago Tenable.com
CVE-2025-1144 - School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials. ...
15 hours ago Tenable.com
15 hours ago Tenable.com
Trending Cyber News (last 7 days)
CVE-2024-57278 - A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-53964 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2025-0364 - BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-49798 - IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2025-1114 - A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2021-27017 - Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-49792 - IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-13352 - The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-0674 - Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-21408 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1096 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-55630 - Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2025-24028 - Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-57357 - An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-7425 - The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1025 - Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2025-0799 - IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-49795 - IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2025-1072 - A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1061 - The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1085 - A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-21253 - Microsoft Edge for IOS and Android Spoofing Vulnerability ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-21177 - Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-25187 - Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-57606 - SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2025-1106 - A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-51547 - Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-49800 - IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-49796 - IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-49793 - IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2025-22402 - Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1086 - A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-0675 - Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-21342 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-1082 - A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2025-24366 - SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-55272 - An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-55215 - An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2025-25183 - vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2021-41528 - An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2021-41527 - An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2025-1104 - A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-9664 - The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-9661 - The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-57949 - In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2025-0517 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-8377 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2025-1116 - A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2025-25246 - NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. ...
6 days ago Tenable.com
6 days ago Tenable.com