7.1

CVSS4.0

CVE-2025-39203 -

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

πŸ“… Published: June 24, 2025, 11:57 a.m. πŸ”„ Last Modified: Jan. 26, 2026, 6:45 p.m.

8.3

CVSS4.0

CVE-2025-39202 -

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.

πŸ“… Published: June 24, 2025, 11:51 a.m. πŸ”„ Last Modified: Jan. 26, 2026, 6:52 p.m.

6.9

CVSS4.0

CVE-2025-39201 -

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

πŸ“… Published: June 24, 2025, 11:46 a.m. πŸ”„ Last Modified: Jan. 26, 2026, 6:56 p.m.

8.7

CVSS4.0

CVE-2025-2403 -

A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction.

πŸ“… Published: June 24, 2025, 11:33 a.m. πŸ”„ Last Modified: June 26, 2025, 6:58 p.m.

7.1

CVSS4.0

CVE-2025-1718 -

An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management.

πŸ“… Published: June 24, 2025, 11:24 a.m. πŸ”„ Last Modified: June 26, 2025, 6:58 p.m.

7.5

CVSS3.1

CVE-2025-6206 - Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) A…

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This mak…

πŸ“… Published: June 24, 2025, 8:23 a.m. πŸ”„ Last Modified: April 8, 2026, 5:06 p.m.

7.5

CVSS3.1

CVE-2025-3092 - MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.

πŸ“… Published: June 24, 2025, 8:14 a.m. πŸ”„ Last Modified: June 26, 2025, 6:58 p.m.

7.5

CVSS3.1

CVE-2025-3091 - MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

πŸ“… Published: June 24, 2025, 8:10 a.m. πŸ”„ Last Modified: June 26, 2025, 6:58 p.m.

8.2

CVSS3.1

CVE-2025-3090 - MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

πŸ“… Published: June 24, 2025, 8:05 a.m. πŸ”„ Last Modified: June 26, 2025, 6:58 p.m.

6.4

CVSS3.1

CVE-2025-5258 - Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via classN…

The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level…

πŸ“… Published: June 24, 2025, 7:24 a.m. πŸ”„ Last Modified: April 8, 2026, 4:35 p.m.
Total resulsts: 343738
Page 4359 of 34,374
Β« previous page Β» next page
Filters