5.9

CVSS4.0

CVE-2025-12101 - Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

📅 Published: Nov. 11, 2025, 1:44 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.4

CVSS4.0

CVE-2025-11862 - Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.

📅 Published: Nov. 11, 2025, 1:43 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-11085 - FactoryTalk® DataMosaix™ Private Cloud – Persistent XSS

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website.

📅 Published: Nov. 11, 2025, 1:35 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-9227 - Stored XSS

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.

📅 Published: Nov. 11, 2025, 1:29 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.6

CVSS4.0

CVE-2025-11084 - FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

📅 Published: Nov. 11, 2025, 1:26 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2025-9223 - Command Injection

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

📅 Published: Nov. 11, 2025, 1:13 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-8324 - SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.

📅 Published: Nov. 11, 2025, 1:04 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.3

CVSS3.1

CVE-2025-10161 - Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue…

📅 Published: Nov. 11, 2025, 12:42 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-41106 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.

📅 Published: Nov. 11, 2025, 12:21 p.m. 🔄 Last Modified: Nov. 17, 2025, 3:17 p.m.

5.1

CVSS4.0

CVE-2025-41105 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.

📅 Published: Nov. 11, 2025, 12:19 p.m. 🔄 Last Modified: Nov. 17, 2025, 3:19 p.m.
Total resulsts: 349182
Page 3073 of 34,919
« previous page » next page
Filters