0.0

CVE-2025-51606 -

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical secโ€ฆ

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 8:26 p.m.

0.0

CVE-2025-47184 -

An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7.0.1p02 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 12:52 p.m.

0.0

CVE-2025-55521 -

An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 5:06 p.m.

0.0

CVE-2025-55371 -

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 2:10 p.m.

0.0

CVE-2024-45438 -

An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email โ€ฆ

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 4:20 p.m.

0.0

CVE-2025-55367 -

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 1:42 p.m.

0.0

CVE-2025-52351 -

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via bโ€ฆ

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 5:49 p.m.

0.0

CVE-2025-55522 -

Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 5:07 p.m.

0.0

CVE-2025-55366 -

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 1:40 p.m.

0.0

CVE-2025-55564 -

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

๐Ÿ“… Published: Aug. 21, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 21, 2025, 1:10 p.m.
Total resulsts: 306545
Page 12 of 30,655
ยซ previous page ยป next page
Filters