8.2

CVSS3.1

CVE-2025-60962 -

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: Oct. 10, 2025, 4:35 p.m.

3.5

CVSS3.1

CVE-2025-59451 -

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-57515 -

A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS3.1

CVE-2025-29192 -

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: Oct. 7, 2025, 5:03 p.m.

8.2

CVSS3.1

CVE-2025-60960 -

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: Oct. 10, 2025, 4:35 p.m.

7.3

CVSS3.1

CVE-2025-60967 -

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: Oct. 10, 2025, 4:15 p.m.

4.9

CVSS3.1

CVE-2025-59449 -

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacker …

📅 Published: Oct. 6, 2025, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-11310 - Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findFileServerPage.do findFileServerP…

A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack …

📅 Published: Oct. 5, 2025, 11:32 p.m. 🔄 Last Modified: Nov. 3, 2025, 3:09 p.m.

6.9

CVSS4.0

CVE-2025-11309 - Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findDeptPage.do doFilter sql injection

A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the argument sort results in sql injection. It is possible to initiate the attack remotely. The exploit…

📅 Published: Oct. 5, 2025, 11:02 p.m. 🔄 Last Modified: Nov. 3, 2025, 3:13 p.m.

5.1

CVSS4.0

CVE-2025-11308 - Vanderlande Baggage 360 messages cross site scripting

A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and mi…

📅 Published: Oct. 5, 2025, 10:32 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 3551 of 34,919
« previous page » next page
Filters