7.5
CVE-2025-6796 - Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability
Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The s…
9.4
CVE-2025-6793 - Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Informa…
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentica…
7.5
CVE-2025-6804 - Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulne…
Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerabili…
7.5
CVE-2025-6803 - Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerabili…
Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. T…
7.5
CVE-2025-6714 - Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server …
7.7
CVE-2025-6713 - MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB Serv…
6.5
CVE-2025-6712 - MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation
MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory con…
4.4
CVE-2025-6711 - Incomplete Redaction of Sensitive Information in MongoDB Server Logs
An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 version…
6.9
CVE-2025-7132 - Campcodes Payroll Management System ajax.php sql injection
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_payroll. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The e…
6.9
CVE-2025-7131 - Campcodes Payroll Management System ajax.php sql injection
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_employee_attendance. The manipulation of the argument employee_id leads to sql injection. The attack c…