5.2

CVSS3.1

CVE-2025-7473 - XML Injection

Zohocorp ManageEngine EndPoint Central versionsΒ 11.4.2516.1 and prior are vulnerable to XML Injection.

πŸ“… Published: Oct. 21, 2025, 10:58 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 2:36 p.m.

3.3

CVSS3.1

CVE-2025-5496 - Arbitrary File Deletion

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

πŸ“… Published: Oct. 21, 2025, 10:04 a.m. πŸ”„ Last Modified: Oct. 28, 2025, 3:36 p.m.

6.1

CVSS3.1

CVE-2025-10612 - XSS in GiSoft's City Guide

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.

πŸ“… Published: Oct. 21, 2025, 8:48 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 10:17 a.m.

5.4

CVSS3.1

CVE-2025-26392 - SolarWinds Observability Self-Hosted SQL Injection Vulnerability

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

πŸ“… Published: Oct. 21, 2025, 7:46 a.m. πŸ”„ Last Modified: Nov. 12, 2025, 7:17 p.m.

8.7

CVSS4.0

CVE-2025-11949 - Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.

πŸ“… Published: Oct. 21, 2025, 6:49 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

10

CVSS4.0

CVE-2025-12004 - The compare API module breaks Extension:Lockdown

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.

πŸ“… Published: Oct. 21, 2025, 6:20 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

9.1

CVSS3.1

CVE-2025-10916 - FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

πŸ“… Published: Oct. 21, 2025, 6 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.9

CVSS4.0

CVE-2025-62701 - Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.

πŸ“… Published: Oct. 21, 2025, 4:45 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

6.9

CVSS4.0

CVE-2025-62702 - Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44.

πŸ“… Published: Oct. 21, 2025, 4:42 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.9

CVSS4.0

CVE-2025-62694 - Stored XSS through a system message

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.

πŸ“… Published: Oct. 21, 2025, 4:28 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 8:20 p.m.
Total resulsts: 343879
Page 2829 of 34,388
Β« previous page Β» next page
Filters