7.4

CVSS3.1

CVE-2025-27447 - CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victimรขโ‚ฌโ„ขs browser when an authenticated administrator clicks the link.

๐Ÿ“… Published: July 3, 2025, 11:23 a.m. ๐Ÿ”„ Last Modified: Feb. 6, 2026, 2:38 p.m.

4.3

CVSS3.1

CVE-2025-1711 - CVE-2025-1711

Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.

๐Ÿ“… Published: July 3, 2025, 11:22 a.m. ๐Ÿ”„ Last Modified: Jan. 29, 2026, 6:59 p.m.

7.5

CVSS3.1

CVE-2025-1710 - CVE-2025-1710

The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

๐Ÿ“… Published: July 3, 2025, 11:21 a.m. ๐Ÿ”„ Last Modified: Feb. 6, 2026, 2:38 p.m.

6.5

CVSS3.1

CVE-2025-1709 - CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).

๐Ÿ“… Published: July 3, 2025, 11:20 a.m. ๐Ÿ”„ Last Modified: Feb. 6, 2026, 2:36 p.m.

6.4

CVSS3.1

CVE-2025-2540 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sโ€ฆ

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wโ€ฆ

๐Ÿ“… Published: July 3, 2025, 11:19 a.m. ๐Ÿ”„ Last Modified: April 22, 2026, 1:15 a.m.

4.8

CVSS4.0

CVE-2025-6563 - Cross-site scripting via dst parameter in RouterOS WiFi hotspot

A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can alโ€ฆ

๐Ÿ“… Published: July 3, 2025, 11:18 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS3.1

CVE-2025-1708 - CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

๐Ÿ“… Published: July 3, 2025, 11:18 a.m. ๐Ÿ”„ Last Modified: Jan. 29, 2026, 5:26 p.m.

5.2

CVSS4.0

CVE-2025-6587 - Exposure of system environment variables in Docker Desktop diagnostic logs

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.ย  A malicious actor with read access to these logs could obtain secrets and further use theโ€ฆ

๐Ÿ“… Published: July 3, 2025, 10:03 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

1.8

CVSS4.0

CVE-2025-0885 - Incorrect Authorization vulnerability affects OpenTextโ„ข GroupWise

Incorrect Authorization vulnerability in OpenTextโ„ข GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 2โ€ฆ

๐Ÿ“… Published: July 3, 2025, 9:54 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-5647 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sโ€ฆ

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerโ€ฆ

๐Ÿ“… Published: July 3, 2025, 9:22 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 4804 of 34,919
ยซ previous page ยป next page
Filters