4.8
CVE-2025-3795 - DaiCuo SEO Optimization Settings Section cross site scripting
A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed β¦
6.5
CVE-2025-32377 - Rasa Pro Missing Authentication For Voice Connector APIs
Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentβ¦
4.3
CVE-2025-36625 - Log Poisoning in Nessus
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
7.8
CVE-2025-24914 - Local Priviledge Escalation
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-2β¦
6.9
CVE-2025-1697 - HP Touchpoint Analytics Service β Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vβ¦
6.5
CVE-2025-32796 - Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. β¦
6.5
CVE-2025-32795 - Dify Allows Insecure User Role Access Control for APP Editing
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite beβ¦
8.7
CVE-2025-32792 - ses's global contour bindings leak into Compartment lexical scope
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that havβ¦
7.5
CVE-2025-32442 - Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or alβ¦
8.6
CVE-2025-32389 - NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a¶m[1]=b&β¦