5.3
CVE-2025-8463 - IDOR in SecHard Information Technologies' SecHard
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing.This issue affects SecHard: before 3.6.2-20250805.
9.8
CVE-2025-8077 - NeuVector admin account has insecure default password
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credβ¦
4.7
CVE-2025-0879 - XSS in Shopside Software's Shopside App
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside App allows Cross-Site Scripting (XSS). This issue requires high privileges.This issue affects Shopside App: before 17.02.2025.
5.3
CVE-2025-54467 - NeuVector process with sensitive arguments lead to leakage
When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password willΒ appear in the NeuVector security event log.
5.3
CVE-2025-53884 - NeuVector has an insecure password storage vulnerable to rainbow attack
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).
9.8
CVE-2025-10439 - SQLi in Yordam Library Automation System
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7.
4.7
CVE-2025-0546 - XSS in Mevzuattr Software's MevzuatTR
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges.Β This isβ¦
9.3
CVE-2025-10157 - PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodulβ¦
5.3
CVE-2025-8999 - Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_modules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate β¦
7.1
CVE-2025-8411 - XSS in Dokuzsoft Technology's E-Commerce Web Design Product
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.This issue affects E-Commerce Web Design Product: before 11.08.2025.