5.3

CVSS4.0

CVE-2025-14520 - baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The explo…

πŸ“… Published: Dec. 11, 2025, 3:32 p.m. πŸ”„ Last Modified: Jan. 9, 2026, 1:58 a.m.

3.8

CVSS3.1

CVE-2025-67742 -

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:06 p.m.

4.8

CVSS3.1

CVE-2025-67741 -

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:06 p.m.

2.7

CVSS3.1

CVE-2025-67740 -

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:07 p.m.

3.1

CVSS3.1

CVE-2025-67739 -

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 23, 2025, 9:10 p.m.

5.1

CVSS4.0

CVE-2025-14519 - baowzh hfly advtext add cross site scripting

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remote…

πŸ“… Published: Dec. 11, 2025, 3:02 p.m. πŸ”„ Last Modified: Jan. 6, 2026, 2:36 p.m.

5.3

CVSS4.0

CVE-2025-14518 - PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to serve…

πŸ“… Published: Dec. 11, 2025, 3:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:16 a.m.

7.6

CVSS3.1

CVE-2025-13124 - IDOR in Netiket''s ApplyLogic

Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.

πŸ“… Published: Dec. 11, 2025, 2:30 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.1

CVSS3.1

CVE-2025-14265 - Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnectβ„’ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of cust…

πŸ“… Published: Dec. 11, 2025, 2:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:21 p.m.

5.9

CVSS3.1

CVE-2024-40593 -

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4…

πŸ“… Published: Dec. 11, 2025, 2:10 p.m. πŸ”„ Last Modified: Jan. 14, 2026, 9:14 a.m.
Total resulsts: 346283
Page 2371 of 34,629
Β« previous page Β» next page
Filters