8.6
CVE-2025-7705 - Authentication bypass due to compatibility mode enabled by default
: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions.
6.1
CVE-2025-4284 - Reflected XSS in Rolantis Information Technologies' Agentis
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rolantis Information Technologies Agentis allows Reflected XSS, DOM-Based XSS.This issue affects Agentis: before 4.32.
10
CVE-2025-4285 - SQLi in Rolantis Information Technologies' Agentis
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection.This issue affects Agentis: before 4.32.
5.3
CVE-2025-7900 - Insecure Direct Object Reference in extension "femanager" (femanager)
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0
6
CVE-2025-7899 - Insecure Direct Object Reference in extension "powermail" (powermail)
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download ofΒ arbitraryΒ files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0
5.9
CVE-2025-7427 - Uncontrolled Search Path Element in Arm Development Studio before 2025
Uncontrolled Search Path Element in Arm Development Studio before 2025Β may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.
6.9
CVE-2025-46267 -
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.
8.6
CVE-2025-53472 -
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.
9.8
CVE-2025-6187 - bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_infβ¦
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing β¦
7.2
CVE-2025-6213 - Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppp_preload_cache_on_update' function. This is due to insufficient sanitization of the $_SERVER['HTTP_REFERERER'] parameter passed from the 'nppp_handle_faβ¦