9.3

CVSS4.0

CVE-2025-61774 - PyVista has Dependency Confusion Vulnerability in that leads to RCE

PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit (VTK). Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use`--extra-index-url`. But when `--extra-index-url` is used, pip always…

πŸ“… Published: Oct. 6, 2025, 10:14 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.8

CVSS4.0

CVE-2025-43824 -

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the β€œContent-Disposition” header, which allows remot…

πŸ“… Published: Oct. 6, 2025, 10:05 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 6:03 p.m.

5.1

CVSS4.0

CVE-2025-61768 - Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag…

πŸ“… Published: Oct. 6, 2025, 9:54 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-11346 - ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2…

πŸ“… Published: Oct. 6, 2025, 7:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:46 a.m.

5.1

CVSS4.0

CVE-2025-11345 - ILIAS Test Import unserialize deserialization

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading …

πŸ“… Published: Oct. 6, 2025, 7:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:46 a.m.

5.3

CVSS4.0

CVE-2025-11344 - ILIAS Certificate Import code injection

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 ad…

πŸ“… Published: Oct. 6, 2025, 6:32 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:46 a.m.

0.0

CVE-2025-11384 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Oct. 6, 2025, 6:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:27 p.m.

0.0

CVE-2025-11383 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Oct. 6, 2025, 6:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:27 p.m.

0.0

CVE-2025-11382 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Oct. 6, 2025, 6:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:27 p.m.

0.0

CVE-2025-11381 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Oct. 6, 2025, 6:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:26 p.m.
Total resulsts: 349182
Page 3540 of 34,919
Β« previous page Β» next page
Filters