6.7
CVE-2025-23170 -
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to executeβ¦
8.8
CVE-2025-23121 -
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
6.1
CVE-2025-24287 -
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
7.4
CVE-2025-49591 - CryptPad 2FA Bypass Vulnerability
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the vβ¦
2.9
CVE-2025-49590 - CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which β¦
8.8
CVE-2025-6192 -
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2025-6191 -
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
9.8
CVE-2025-20260 - ClamAV PDF Scanning Buffer Overflow Vulnerability
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocatedβ¦
8.6
CVE-2025-20271 - Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Servicβ¦
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. This vulnerability is dueβ¦
5.5
CVE-2025-1349 - IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiβ¦