4.6
CVE-2025-61926 - Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstarβs Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and β¦
8.7
CVE-2016-15047 - AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invokeβ¦
4.8
CVE-2025-62240 -
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbiβ¦
6.5
CVE-2025-59286 - Copilot Spoofing Vulnerability
Copilot Spoofing Vulnerability
6.5
CVE-2025-59272 - Copilot Spoofing Vulnerability
Copilot Spoofing Vulnerability
8.7
CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability
Redis Enterprise Elevation of Privilege Vulnerability
6.5
CVE-2025-59252 - M365 Copilot Spoofing Vulnerability
M365 Copilot Spoofing Vulnerability
8.7
CVE-2025-55321 - Azure Monitor Log Analytics Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
8.8
CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability
Azure PlayFab Elevation of Privilege Vulnerability
9.8
CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability