5.4
CVE-2025-53925 - Emlog has Stored Cross-site Scripting vulnerability in file upload functionality
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .sβ¦
7.1
CVE-2025-37104 - HPE Telco Service Orchestrator Software, Authenticated SQL Injection
A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized authenticated clienβ¦
6.5
CVE-2025-40913 - Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an inβ¦
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::DropbearΒ embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
6.5
CVE-2025-40919 - Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leβ¦
5.3
CVE-2025-3871 - Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier
Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may eβ¦
6.5
CVE-2025-40918 - Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed,β¦
6.9
CVE-2025-53924 - Emlog vulnerable to stored Cross-site Scripting in links functionality
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter β¦
8.2
CVE-2025-53923 - Emlog vulnerable to reflected Cross-site Scripting in admin panel
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keyworβ¦
5.3
CVE-2025-53892 - Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerrβ¦
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails β¦
8.6
CVE-2025-40776 - Birthday Attack against Resolvers supporting ECS
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.