0.0
CVE-2025-53162 -
Not used
4.6
CVE-2025-5995 - Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading tβ¦
Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution aβ¦
6.9
CVE-2025-53121 - Stored XSS in multiple 33.0.8files in opennms/opennms
Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon 33.1.6β¦
8.1
CVE-2025-52904 - File Browser: Command Execution not Limited to Scope
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command Executiβ¦
8.1
CVE-2025-52903 - File Browser Allows Execution of Shell Commands That Can Spawn Other Commands
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a user-specifiβ¦
5.2
CVE-2025-53013 - Himmelblau offline auth permits authentication with invalid Hello PIN
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to thβ¦
8.6
CVE-2025-52477 - Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow
Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error loβ¦
8.7
CVE-2025-34047 - Leadsec VPN Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enablβ¦
5.3
CVE-2025-6702 - linlinjava litemall post improper authorization
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has beβ¦
5.1
CVE-2025-6701 - Xuxueli xxl-sso doLogin redirect
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has β¦