0.0

CVE-2025-59924 -

Not used

πŸ“… Published: Sept. 23, 2025, 12:51 p.m. πŸ”„ Last Modified: Sept. 24, 2025, 2:55 a.m.

10

CVSS3.1

CVE-2025-9846 - Unrestricted File Upload in TaletSys Inka.Net

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1.

πŸ“… Published: Sept. 23, 2025, 12:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.3

CVSS4.0

CVE-2025-9966 - Execution with Unnecessary Privileges

Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 untilΒ P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

πŸ“… Published: Sept. 23, 2025, 11:41 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-9965 - UDP Service Weak Authentication

Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 untilΒ P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

πŸ“… Published: Sept. 23, 2025, 11:36 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-9964 - Weak Authentication for Root User

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

πŸ“… Published: Sept. 23, 2025, 11:33 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.7

CVSS3.1

CVE-2025-10244 - HTML Payload Stored Cross-Site Scripting (XSS) Vulnerability

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

πŸ“… Published: Sept. 23, 2025, 11:31 a.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:48 p.m.

9.4

CVSS4.0

CVE-2025-9963 - Path Traversal

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9…

πŸ“… Published: Sept. 23, 2025, 11:11 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS4.0

CVE-2025-9962 - Unauthenticated Buffer Overflow

A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

πŸ“… Published: Sept. 23, 2025, 11:02 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-4598 - Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between execu…

πŸ“… Published: Sept. 23, 2025, 10:39 a.m. πŸ”„ Last Modified: Jan. 9, 2026, 2:34 a.m.

5.3

CVSS3.1

CVE-2025-7106 - Authorization Bypass due to Incorrect Access Control in danny-avila/librechat

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required…

πŸ“… Published: Sept. 23, 2025, 9:54 a.m. πŸ”„ Last Modified: Oct. 20, 2025, 7 p.m.
Total resulsts: 349182
Page 3708 of 34,919
Β« previous page Β» next page
Filters