6.9
CVE-2025-66028 - OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying thiβ¦
8.8
CVE-2025-65966 - OneUptime Unauthorized User Creation via API
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.
2.7
CVE-2025-20373 - Sensitive Information Disclosure in β_internalβ index through Splunk Add-On for Palo Alto Networks
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new βData Security Accountsβ. The vulnerability would require either local access to the log files or administrative access to internal indexesβ¦
9.3
CVE-2025-64130 - Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
7
CVE-2025-64129 - Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
6.5
CVE-2021-4472 - Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
10
CVE-2025-64128 - Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.
10
CVE-2025-64127 - Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
10
CVE-2025-64126 - Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary β¦
7.1
CVE-2025-11461 - Frappe CRM 1.53.1 β Multiple SQL Injections in Dashboard Controller
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.