10
CVE-2018-25118 - GeoVision Command Injection RCE via /PictureCatch.cgi
GeoVision embedded IP devices, confirmed onΒ GV-BX1500 andΒ GV-MFD1501, contain a remote command injection vulnerability viaΒ /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has β¦
7.5
CVE-2025-62658 - SQL injection in WatchAnalytics through Special:ClearPendingReviews
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.
5.8
CVE-2025-62657 - Stored XSS through system messages in PageForms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.
5.8
CVE-2025-62656 - GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.
5.4
CVE-2025-62528 - Taguette cross-site scripting vulnerability via tag name, tag description, document name and documeβ¦
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.
7.1
CVE-2025-62527 - Taguette vulnerable to password reset link poisoning
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been pβ¦
1
CVE-2025-8052 - HQL Injection vulnerability has been discovered in Opentext Flipper.
SQL Injection vulnerability in opentext Flipper allows SQL Injection.Β The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2.
6
CVE-2025-62522 - vite allows server.fs.deny bypass via backslash on Windows
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended witβ¦
5.3
CVE-2025-8048 - External Control of File path vulnerability has been discovered on Openext Flipper.
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2.
2.3
CVE-2025-8049 - Insufficient Access Control vulnerability has been discovered in OpenText Flipper.
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.Β The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2.