8.8

CVSS3.1

CVE-2025-10639 - Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304.Β An attacker with network access to this portΒ can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code ex…

πŸ“… Published: Oct. 21, 2025, 11:36 a.m. πŸ”„ Last Modified: Nov. 3, 2025, 6:15 p.m.

5.2

CVSS3.1

CVE-2025-7473 - XML Injection

Zohocorp ManageEngine EndPoint Central versionsΒ 11.4.2516.1 and prior are vulnerable to XML Injection.

πŸ“… Published: Oct. 21, 2025, 10:58 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 2:36 p.m.

3.3

CVSS3.1

CVE-2025-5496 - Arbitrary File Deletion

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

πŸ“… Published: Oct. 21, 2025, 10:04 a.m. πŸ”„ Last Modified: Oct. 28, 2025, 3:36 p.m.

6.1

CVSS3.1

CVE-2025-10612 - XSS in GiSoft's City Guide

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.

πŸ“… Published: Oct. 21, 2025, 8:48 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 10:17 a.m.

5.4

CVSS3.1

CVE-2025-26392 - SolarWinds Observability Self-Hosted SQL Injection Vulnerability

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

πŸ“… Published: Oct. 21, 2025, 7:46 a.m. πŸ”„ Last Modified: Nov. 12, 2025, 7:17 p.m.

8.7

CVSS4.0

CVE-2025-11949 - Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.

πŸ“… Published: Oct. 21, 2025, 6:49 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

10

CVSS4.0

CVE-2025-12004 - The compare API module breaks Extension:Lockdown

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.

πŸ“… Published: Oct. 21, 2025, 6:20 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

9.1

CVSS3.1

CVE-2025-10916 - FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

πŸ“… Published: Oct. 21, 2025, 6 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.9

CVSS4.0

CVE-2025-62701 - Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.

πŸ“… Published: Oct. 21, 2025, 4:45 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

6.9

CVSS4.0

CVE-2025-62702 - Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44.

πŸ“… Published: Oct. 21, 2025, 4:42 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.
Total resulsts: 343740
Page 2815 of 34,374
Β« previous page Β» next page
Filters