9.3
CVE-2018-25120 - D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call toโฆ
7.7
CVE-2025-64102 - Zitadel allows brute-forcing authentication factors
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mโฆ
8.1
CVE-2025-64101 - ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmatโฆ
7.5
CVE-2025-11232 - Invalid characters cause assert
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNโฆ
6.1
CVE-2025-64100 - CKAN Vulnerable to Session Cookie Fixation
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need โฆ
8.6
CVE-2025-62797 - CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authorizโฆ
6.3
CVE-2025-1549 - WatchGuard Mobile VPN with SSL Local Privilege Escallation
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944. This vulnerabilitโฆ
10
CVE-2025-12479 - Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
6.9
CVE-2025-62792 - Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_Clโฆ
6.9
CVE-2025-62791 - Wazuh vulnerable to NULL pointer dereference in DecodeCiscat
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisdโฆ