6.9

CVSS4.0

CVE-2025-62695 - Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.

πŸ“… Published: Oct. 21, 2025, 4:02 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.9

CVSS4.0

CVE-2025-62696 - Multiple critical security issues in Springboard

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master.

πŸ“… Published: Oct. 21, 2025, 3:58 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.9

CVSS4.0

CVE-2025-62699 - Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent mak…

πŸ“… Published: Oct. 21, 2025, 3:48 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 8:20 p.m.

8.1

CVSS3.1

CVE-2025-9133 -

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 coul…

πŸ“… Published: Oct. 21, 2025, 1:57 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

7.2

CVSS3.1

CVE-2025-8078 -

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 th…

πŸ“… Published: Oct. 21, 2025, 1:49 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 4:57 p.m.

8.7

CVSS4.0

CVE-2025-7851 - Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

πŸ“… Published: Oct. 21, 2025, 12:29 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 5:15 p.m.

9.3

CVSS4.0

CVE-2025-7850 - Authenticated OS command execution

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

πŸ“… Published: Oct. 21, 2025, 12:28 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 5:15 p.m.

9.3

CVSS4.0

CVE-2025-6542 - OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

πŸ“… Published: Oct. 21, 2025, 12:23 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 1:50 p.m.

8.6

CVSS4.0

CVE-2025-6541 - OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

πŸ“… Published: Oct. 21, 2025, 12:21 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 1:45 p.m.

6.1

CVSS3.1

CVE-2025-60933 -

Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Descrip…

πŸ“… Published: Oct. 21, 2025, midnight πŸ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.
Total resulsts: 343919
Page 2834 of 34,392
Β« previous page Β» next page
Filters