8.7
CVE-2025-1036 -
Command injection vulnerability exists in the βLoggingβ page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.
9.3
CVE-2025-9313 - Unauthorized database access in Asseco mMedica
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and gβ¦
0.0
CVE-2025-40050 - bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination regiβ¦
5.4
CVE-2025-55758 - Extension - jdownloads.com - CSRF vectors in jDownloads component 1.0.0 - 4.0.47 for Joomla
Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.
7.6
CVE-2025-41090 - Improper Access Control in CCN-CERT microCLAUDIA
microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a compromisβ¦
5
CVE-2025-12103 - Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-seβ¦
7.2
CVE-2025-10151 - Malicious TCP/IP thread locking leads into diverse malfunctions
Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
8.7
CVE-2025-10150 - Webserver crash caused by scanning on TCP port 80
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
6.9
CVE-2025-12378 - code-projects Simple Food Ordering System addproduct.php unrestricted upload
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been releβ¦
7.5
CVE-2025-11735 - HUSKY β Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection viaβ¦
The HUSKY β Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing β¦