8.7
CVE-2025-34120 - LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths usiโฆ
8.8
CVE-2025-34119 - EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its coโฆ
8.7
CVE-2025-34118 - Linknat VOS Manager Path Traversal File Disclosure
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', 'โฆ
9.3
CVE-2025-34117 - Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can sendโฆ
5.1
CVE-2025-6983 - Clickjacking vulnerability on the management web application of TP-LINK Archer C1200
A Clickjackingย vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <= 1.1.5.
6.9
CVE-2025-6982 - Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5
Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317)ย allows attackers to decrypt the config.xml files.
8.3
CVE-2025-53908 - RomM vulnerable to Authenticated Path Traversal
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official imโฆ
7.3
CVE-2025-37107 -
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
7.3
CVE-2025-37106 -
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
7.5
CVE-2025-36097 - IBM WebSphere Application Server denial of service
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.