5.6

CVSS3.1

CVE-2025-68919 -

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and avai…

πŸ“… Published: Dec. 24, 2025, 9:01 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 9:06 p.m.

6.4

CVSS3.1

CVE-2025-68917 -

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.

πŸ“… Published: Dec. 24, 2025, 8:19 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 8:38 p.m.

9.3

CVSS4.0

CVE-2025-8769 - MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server.

πŸ“… Published: Dec. 24, 2025, 8:14 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 8:14 p.m.

8.7

CVSS4.0

CVE-2025-3232 - Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.

πŸ“… Published: Dec. 24, 2025, 7:55 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 7:55 p.m.

9.1

CVSS3.1

CVE-2025-68916 -

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.

πŸ“… Published: Dec. 24, 2025, 7:43 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 7:48 p.m.

5.5

CVSS3.1

CVE-2025-68915 -

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.

πŸ“… Published: Dec. 24, 2025, 7:40 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 7:40 p.m.

6.5

CVSS3.1

CVE-2025-68914 -

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.

πŸ“… Published: Dec. 24, 2025, 7:37 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 7:37 p.m.

7.1

CVSS4.0

CVE-2019-25258 - LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to ac…

πŸ“… Published: Dec. 24, 2025, 7:28 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 9:16 p.m.

8.7

CVSS4.0

CVE-2019-25257 - LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.pat…

πŸ“… Published: Dec. 24, 2025, 7:28 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 9:16 p.m.

7.1

CVSS4.0

CVE-2019-25256 - VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating…

πŸ“… Published: Dec. 24, 2025, 7:28 p.m. πŸ”„ Last Modified: Dec. 24, 2025, 9:16 p.m.
Total resulsts: 324358
Page 3 of 32,436
Β« previous page Β» next page
Filters