9.3
CVE-2025-64348 - ELOG configuration file authorization bypass
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shelβ¦
8.6
CVE-2025-62618 - ELOG file upload stored XSS
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or cracβ¦
4.6
CVE-2025-62267 -
Multiple cross-site scripting (XSS) vulnerabilities in web content templateβs select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary weβ¦
5.1
CVE-2025-62264 -
Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via theβ¦
4.8
CVE-2025-59501 - Microsoft Configuration Manager Spoofing Vulnerability
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
1.8
CVE-2025-6075 - Quadratic complexity in os.path.expandvars() with user-controlled template
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
6.9
CVE-2025-12554 - Missing Security Headers
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
8.4
CVE-2025-12509 - Scripts for the module Global_Shipping executable on BRAIN2 Server
On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
8.4
CVE-2025-12508 - Unencrypted communication to Active Directory services
When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
8.8
CVE-2025-12507 - Insecure service configuration β unquoted path
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.