6.5

CVSS3.1

CVE-2025-62388 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

πŸ“… Published: Oct. 13, 2025, 9:11 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62389 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

πŸ“… Published: Oct. 13, 2025, 9:11 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62390 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

πŸ“… Published: Oct. 13, 2025, 9:10 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62392 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

πŸ“… Published: Oct. 13, 2025, 9:10 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

8.6

CVSS4.0

CVE-2025-62177 - WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/depende…

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to …

πŸ“… Published: Oct. 13, 2025, 9:09 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

6.5

CVSS3.1

CVE-2025-11623 -

SQL injection in Ivanti Endpoint ManagerΒ before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

πŸ“… Published: Oct. 13, 2025, 9:09 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

8.8

CVSS3.1

CVE-2025-9713 -

Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

πŸ“… Published: Oct. 13, 2025, 9:08 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

7.8

CVSS3.1

CVE-2025-11622 -

Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.

πŸ“… Published: Oct. 13, 2025, 9:07 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

4.3

CVSS3.1

CVE-2025-62176 - Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public chan…

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allows …

πŸ“… Published: Oct. 13, 2025, 9:04 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

4.3

CVSS3.1

CVE-2025-62175 - Mastodon streaming API fails to disconnect disabled and suspended users

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updates…

πŸ“… Published: Oct. 13, 2025, 8:59 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.
Total resulsts: 349182
Page 3457 of 34,919
Β« previous page Β» next page
Filters