5.9
CVE-2025-22245 -
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
6.9
CVE-2025-22244 -
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
7.5
CVE-2025-22243 -
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
5.5
CVE-2025-48935 - Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
8.7
CVE-2025-5607 - Tenda AC18 setPptpUserList formSetPPTPUserList buffer overflow
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disβ¦
5.5
CVE-2025-48934 - Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--deny-env` option this might lead to a false iβ¦
5.5
CVE-2025-48888 - Deno run with --allow-read and --deny-read flags results in allowed
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions giveβ¦
5.3
CVE-2025-5606 - Tenda AC18 SetIPTVCfg formSetIptv command injection
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disβ¦
6.9
CVE-2025-5604 - Campcodes Hospital Management System user-login.php sql injection
A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has β¦
6.9
CVE-2025-5603 - Campcodes Hospital Management System registration.php sql injection
A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument full_name/username leads to sql injection. The attack can be launched remβ¦