7.1

CVSS3.1

CVE-2025-62795 - JumpServer Unauthorized LDAP Configuration Access via WebSocket

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket end…

πŸ“… Published: Oct. 30, 2025, 4:56 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

8.8

CVSS3.1

CVE-2025-62726 - n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of…

πŸ“… Published: Oct. 30, 2025, 4:24 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

9.6

CVSS3.1

CVE-2025-62712 - JumpServer Connection Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/…

πŸ“… Published: Oct. 30, 2025, 4:08 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

6.8

CVSS4.0

CVE-2025-11998 - HP Card Readers (B Models) – Potential Information Disclosure

The following HP Card Readers B ModelsΒ (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions β€”e.g., when an NFC device (such as a smartphone/smartwatches) is in proximity during a card swipe event.

πŸ“… Published: Oct. 30, 2025, 4 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

2.1

CVSS4.0

CVE-2025-12517 - Credits Page not Matching Versions in Use in the Firmware

Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

πŸ“… Published: Oct. 30, 2025, 3:47 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

10

CVSS4.0

CVE-2025-12516 - Lack of Graceful Error Handling - HTTP 5xx Error

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

πŸ“… Published: Oct. 30, 2025, 3:42 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

10

CVSS4.0

CVE-2025-12515 - Systemic Internal Server Errors - HTTP 500 Response

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

πŸ“… Published: Oct. 30, 2025, 3:38 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

5.4

CVSS3.1

CVE-2025-36592 -

Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, l…

πŸ“… Published: Oct. 30, 2025, 3:26 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

4.3

CVSS3.1

CVE-2025-46363 -

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with rem…

πŸ“… Published: Oct. 30, 2025, 3:22 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 3:41 p.m.

6.3

CVSS3.1

CVE-2025-5347 - Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.

πŸ“… Published: Oct. 30, 2025, 2:31 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 1:46 a.m.
Total resulsts: 317435
Page 112 of 31,744
Β« previous page Β» next page
Filters