8.3
CVE-2025-58078 - AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.
8.2
CVE-2025-58456 - AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.
9.3
CVE-2025-61934 - AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the tarβ¦
6.9
CVE-2025-62688 - AutomationDirect Productivity Suite Incorrect Permission Assignment for Critical Resource
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.
7.3
CVE-2025-61977 - AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
8.6
CVE-2025-62498 - AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
10
CVE-2025-59503 - Azure Compute Resource Provider Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
7.3
CVE-2025-59273 - Azure Event Grid System Elevation of Privilege Vulnerability
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
7.7
CVE-2025-59500 - Azure Notification Service Elevation of Privilege Vulnerability
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
8.8
CVE-2025-12100 - MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation dβ¦
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.