5.3
CVE-2025-52576 - Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid β¦
6.6
CVE-2025-52569 - GitHub.jl lacks validation for user-provided fields
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not valβ¦
8.1
CVE-2025-52483 - Registrator.jl Vulnerable to Argument Injection and Command Injection
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `wβ¦
8.1
CVE-2025-52480 - Registrator.jl Argument Injection Vulnerability
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities), an argument injection is possible in the `gettrβ¦
9.3
CVE-2025-49153 - Path Traversal in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
8.7
CVE-2025-49152 - Insufficient Session Expiration in MICROSENS NMP Web+
The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
9.3
CVE-2025-49151 - Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
8.7
CVE-2025-6616 - D-Link DIR-619L formSetWAN_Wizard51 stack-based overflow
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotβ¦
10
CVE-2025-20282 - Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks thβ¦
8.8
CVE-2025-5015 - Parsons AccuWeather Widget Cross-site Scripting
A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.