10
CVE-2025-41672 - WAGO: Vulnerability in WAGO Device Sphere
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
6.9
CVE-2025-7115 - rowboatlabs rowboat Session route.ts PUT missing authentication
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument paβ¦
6.9
CVE-2025-7114 - SimStudioAI sim Session route.ts POST missing authentication
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Reβ¦
5.1
CVE-2025-7113 - Portabilis i-Educar Curricular Components Module edit cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It iβ¦
6.4
CVE-2025-24508 - Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
6.9
CVE-2025-53473 - From CVEorg collector
Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
9.3
CVE-2025-48501 -
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
5.1
CVE-2025-7112 - Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leβ¦
5.1
CVE-2025-7111 - Portabilis i-Educar Course Module educar_curso_det.php cross site scripting
A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. The attackβ¦
5.1
CVE-2025-7110 - Portabilis i-Educar School Module educar_escola_lst.php cross site scripting
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate thβ¦