7.2
CVE-2025-14850 - Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory
Advantech WebAccess/SCADAΒ is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
5.5
CVE-2025-59529 - simple protocol server ignores accepts unlimited connections and logs failures without limit
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX`β¦
7.3
CVE-2025-13911 - Inductive Automation Ignition Execution with Unnecessary Privileges
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core isβ¦
5.3
CVE-2025-14889 - Campcodes Advanced Voting Management System Password voters_edit.php improper authorization
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack is possiβ¦
8.4
CVE-2023-53940 - Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the fileβ¦
8.5
CVE-2023-53937 - Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application staβ¦
5.1
CVE-2024-58323 - Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder.
5.1
CVE-2024-58322 - Kentico Xperience <= 13.0.158 Shipping Options Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers.
5.1
CVE-2024-58321 - Kentico Xperience <= 13.0.159 Form Validation Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers.
6.9
CVE-2024-58320 - Kentico Xperience <= 13.0.159 Authentication Information Disclosure
An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal netwoβ¦