7.1
CVE-2025-47902 - SQL Injection in web resource
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
8.2
CVE-2025-3465 - Path Traversal Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSenseâ„¢ HM, ABB CoreSenseâ„¢ M10.This issue affects CoreSenseâ„¢ HM: through 2.3.1; CoreSenseâ„¢ M10: through 1.4.1.12.
6.9
CVE-2025-62693 - Stored XSS through system messages in LastModified
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue affects Mediawiki - LastModified Extension: from master before 1.39.
6.3
CVE-2025-55086 -
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
8.9
CVE-2025-47901 - RCE on restore configuration password
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
5.3
CVE-2025-11979 - Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB …
8.9
CVE-2025-47900 - RCE on backup configuration password
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
8.1
CVE-2025-62510 - FileRise insecure folder visibility via name-based mapping and incomplete ACL checks
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some ca…
8.1
CVE-2025-62509 - FileRise improper ownership/permission validation allowed cross-tenant file operations
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users…
9.9
CVE-2025-9574 - Missing Authentication Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166