6.9

CVSS4.0

CVE-2025-62699 - Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent mak…

πŸ“… Published: Oct. 21, 2025, 3:48 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 8:20 p.m.

8.1

CVSS3.1

CVE-2025-9133 -

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 coul…

πŸ“… Published: Oct. 21, 2025, 1:57 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

7.2

CVSS3.1

CVE-2025-8078 -

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 th…

πŸ“… Published: Oct. 21, 2025, 1:49 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

8.7

CVSS4.0

CVE-2025-7851 - Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

πŸ“… Published: Oct. 21, 2025, 12:29 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 5:15 p.m.

9.3

CVSS4.0

CVE-2025-7850 - Authenticated OS command execution

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

πŸ“… Published: Oct. 21, 2025, 12:28 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 5:15 p.m.

9.3

CVSS4.0

CVE-2025-6542 - OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

πŸ“… Published: Oct. 21, 2025, 12:23 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 1:50 p.m.

8.6

CVSS4.0

CVE-2025-6541 - OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

πŸ“… Published: Oct. 21, 2025, 12:21 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 1:45 p.m.

6.1

CVSS3.1

CVE-2025-60933 -

Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Descrip…

πŸ“… Published: Oct. 21, 2025, midnight πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

4.3

CVSS3.1

CVE-2025-60511 -

Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administra…

πŸ“… Published: Oct. 21, 2025, midnight πŸ”„ Last Modified: Oct. 23, 2025, 1:12 p.m.

6.1

CVSS3.1

CVE-2025-61255 -

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection.

πŸ“… Published: Oct. 21, 2025, midnight πŸ”„ Last Modified: Oct. 23, 2025, 12:29 p.m.
Total resulsts: 343887
Page 2831 of 34,389
Β« previous page Β» next page
Filters