7.1
CVE-2025-9339 - SQL Injection in SIMPLE.ERP
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6 cβ¦
9.4
CVE-2025-11625 - Host verification bypass and credential leak
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
8.2
CVE-2025-11151 - Information Disclosure in Beyaz Computer's CityPLus
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.β¦
1.8
CVE-2025-11624 - Buffer overwrite when processing file handles with the SFTP server
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.
6.5
CVE-2025-6239 - Information disclosure
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
8.5
CVE-2025-10020 - Command Injection
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
7.1
CVE-2025-10641 - Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit theirβ¦
9.8
CVE-2025-10640 - Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitorβ¦
8.3
CVE-2025-9428 - SQL Injection
Zohocorp ManageEngine Analytics Plus versionsΒ 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
8.8
CVE-2025-10639 - Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304.Β An attacker with network access to this portΒ can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code exβ¦