8.2

CVSS3.1

CVE-2025-4044 - XML External Entity Injection vulnerability in various Lexmark Universal Drivers

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.

📅 Published: Aug. 19, 2025, 1:12 p.m. 🔄 Last Modified: Aug. 19, 2025, 1:12 p.m.

4.6

CVSS4.0

CVE-2025-43740 -

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows a…

📅 Published: Aug. 19, 2025, 1:03 p.m. 🔄 Last Modified: Aug. 19, 2025, 1:03 p.m.

5.3

CVSS4.0

CVE-2025-9139 - Scada-LTS WatchListDwr.init.dwr information disclosure

A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit…

📅 Published: Aug. 19, 2025, 1:02 p.m. 🔄 Last Modified: Aug. 19, 2025, 1:02 p.m.

5.1

CVSS4.0

CVE-2025-9138 - Scada-LTS new cross site scripting

A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The …

📅 Published: Aug. 19, 2025, 12:32 p.m. 🔄 Last Modified: Aug. 19, 2025, 12:32 p.m.

0.0