0.0
CVE-2025-68124 -
reserved but not needed
0.0
CVE-2025-68126 -
reserved but not needed
0.0
CVE-2025-68125 -
reserved but not needed
6.4
CVE-2025-14387 - LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scriptin…
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above,…
8.7
CVE-2025-13824 - Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and report…
7.1
CVE-2025-13823 - Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities
A security issue was found in the IPv6 stack in the Micro850 and Micro870 controllers when the controllers received multiple malformed packets during fuzzing. The controllers will go into recoverable fault with fault code 0xFE60. To recover the controller, clear the fault.
6.9
CVE-2025-34412 - Convercent Whistleblowing Platform Protection Mechanism Failure Insecure Default Browser & Session …
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, C…
6.9
CVE-2025-34411 - Convercent Whistleblowing Platform Unauthenticated GetLegalEntity Endpoint Enables Customer Enumera…
The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix terms…
8.7
CVE-2025-34181 - NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE
NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server.…
8.4
CVE-2025-34180 - NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored …