8.8
CVE-2025-5015 - Parsons AccuWeather Widget Cross-site Scripting
A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.
3.1
CVE-2025-4656 - Vault Vulnerable to Recovery Key Cancellation Denial of Service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17β¦
10
CVE-2025-20281 - Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to iβ¦
6.4
CVE-2025-20264 - Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanismsβ¦
7.7
CVE-2025-52479 - HTTP.jl vulnerable to CR/LF Injection in URIs
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise esβ¦
8.7
CVE-2025-6615 - D-Link DIR-619L formAutoDetecWAN_wizard4 stack-based overflow
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attβ¦
8.7
CVE-2025-6614 - D-Link DIR-619L formSetWANType_Wizard5 stack-based overflow
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be laβ¦
4.6
CVE-2025-50179 - Tuleap missing CSRF protection on tracker reports manipulation
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims inβ¦
6.3
CVE-2025-49845 - Discourse users are able to see their own whispers even after being removed from a group that has bβ¦
Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that usersβ¦
6.9
CVE-2025-6612 - code-projects Inventory Management System removeCategories.php sql injection
A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/removeCategories.php. The manipulation of the argument categoriesId leads to sql injection. The attack may be initiated remotβ¦