9.8

CVSS3.1

CVE-2025-50475 -

An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization…

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2024-34328 -

An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-34327 -

Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:20 p.m.

3.5

CVSS3.1

CVE-2025-51384 -

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 4, 2025, 9 a.m.

8

CVSS3.1

CVE-2025-52289 -

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:37 p.m.

8.8

CVSS3.1

CVE-2025-50572 -

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-45769 -

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not mea…

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Feb. 18, 2026, 10:16 p.m.

7.3

CVSS3.1

CVE-2025-26064 -

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

6.5

CVSS3.1

CVE-2025-36040 - IBM Aspera Faspex session fixation

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.

πŸ“… Published: July 30, 2025, 11:48 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:53 p.m.

6.5

CVSS3.1

CVE-2025-36039 - IBM Aspera Faspex bypass security

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,

πŸ“… Published: July 30, 2025, 11:47 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:54 p.m.
Total resulsts: 349182
Page 4455 of 34,919
Β« previous page Β» next page
Filters