8.5
CVE-2025-32992 -
Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.
7.5
CVE-2025-55588 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
7.5
CVE-2025-55587 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
6.5
CVE-2025-55590 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
9.8
CVE-2025-55591 -
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
5.1
CVE-2025-9096 - ExpressGateway express-gateway REST Endpoint apps.js cross site scripting
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been dβ¦
7.5
CVE-2025-7342 - VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for β¦
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters aβ¦
5.1
CVE-2025-9095 - ExpressGateway express-gateway REST Endpoint users.js cross site scripting
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been discloβ¦
5.3
CVE-2025-9094 - ThingsBoard Add Gateway special elements used in a template engine
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
4.8
CVE-2025-9093 - BuzzFeed App com.buzzfeed.android AndroidManifest.xml improper export of android application componβ¦
A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. Tβ¦