8.6

CVSS3.1

CVE-2025-27222 -

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file th…

πŸ“… Published: Oct. 27, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 4:57 p.m.

3.7

CVSS3.1

CVE-2025-10939 - Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /real…

πŸ“… Published: Oct. 27, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS3.1

CVE-2025-61247 -

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php.

πŸ“… Published: Oct. 27, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2025-60982 -

IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identif…

πŸ“… Published: Oct. 27, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.7

CVSS3.1

CVE-2025-11989 - Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.

πŸ“… Published: Oct. 26, 2025, 11:33 p.m. πŸ”„ Last Modified: Oct. 28, 2025, 2:44 p.m.

10

CVSS4.0

CVE-2025-12285 - Missing Initial Password Change

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 26, 2025, 4:24 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 2:55 p.m.

6.9

CVSS4.0

CVE-2025-12284 - Lack of Input Validation

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 26, 2025, 4:21 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 2:57 p.m.

10

CVSS4.0

CVE-2025-12275 - Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 26, 2025, 4:15 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 2:06 a.m.

6.9

CVSS4.0

CVE-2025-12278 - Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 26, 2025, 4:14 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 2:58 p.m.

7.3

CVSS3.1

CVE-2025-8709 - SQL Injection in langchain-ai/langchain

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte…

πŸ“… Published: Oct. 26, 2025, 5:38 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 345149
Page 2880 of 34,515
Β« previous page Β» next page
Filters