8.3
CVE-2025-29995 - Account Takeover Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted โฆ
8.2
CVE-2025-29994 - Improper Authentication Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorizโฆ
7.3
CVE-2025-25175 -
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code โฆ
0.0
CVE-2025-2275 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.4
CVE-2025-1785 - Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originallyโฆ
7.3
CVE-2025-1119 - Appointment Booking Calendar โ Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticโฆ
The Appointment Booking Calendar โ Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value bโฆ
7.7
CVE-2025-2271 - IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive informatโฆ
2.7
CVE-2024-7296 - Incorrect Authorization in GitLab
An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.
6.5
CVE-2025-1257 - Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.
7.1
CVE-2025-1487 - WoWPth <= 2.0 - Reflected XSS
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin