0.0

CVE-2025-55524 -

Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 5:11 p.m.

0.0

CVE-2025-52351 -

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via b…

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 5:49 p.m.

0.0

CVE-2025-55523 -

An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 5:10 p.m.

0.0

CVE-2025-55366 -

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 1:40 p.m.

0.0

CVE-2025-55371 -

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 2:10 p.m.

0.0

CVE-2025-51818 -

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 1:28 p.m.

0.0

CVE-2025-52395 -

An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 3:47 p.m.

0.0

CVE-2025-52352 -

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to regis…

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 5:52 p.m.

0.0

CVE-2024-50641 -

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 6:01 p.m.

0.0

CVE-2025-52194 -

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co…

πŸ“… Published: Aug. 21, 2025, midnight πŸ”„ Last Modified: Aug. 21, 2025, 2:23 p.m.
Total resulsts: 306525
Page 10 of 30,653
Β« previous page Β» next page
Filters