4.8
CVE-2025-43025 - HP Universal Print Driver β Potential Denial of Service
HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).
6.8
CVE-2025-52559 - Zulip XSS in digest preview URL
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topiβ¦
7.5
CVE-2025-34079 - NSClient++ Authenticated Remote Code Execution via ExternalScripts API
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port 8443), inject arbitrary commands as externaβ¦
7.3
CVE-2025-34078 - NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attackβ¦
6.1
CVE-2025-34076 - Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyβ¦
9.4
CVE-2025-34074 - Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
An authenticated remote code execution vulnerability exists in Luceeβs administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled sβ¦
0.0
CVE-2025-34075 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the hostβs Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does nβ¦
0.0
CVE-2025-34092 - Chrome Cookie Key Exposure via AppBound COM Path Validation Weakness
Neither filed by Chrome nor a valid security vulnerability.
0.0
CVE-2025-34091 - Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption
Neither filed by Chrome nor a valid security vulnerability.
0.0
CVE-2025-34090 -
Neither filed by Chrome nor a valid security vulnerability.