8.6
CVE-2025-48389 - FreeScout Vulnerable to Deserialization of Untrusted Data
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get β¦
5.3
CVE-2025-3913 - Team Privacy Settings Authorization Bypass in Mattermost Server
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the /api/v4/teams/:teamIdβ¦
5.3
CVE-2025-5321 - aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack caβ¦
7.5
CVE-2025-5334 -
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from β¦
4.8
CVE-2025-4081 - TCC Bypass via Dylib Substitution in DaVinci Resolve
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassingβ¦
5.8
CVE-2025-33043 - SMM buffer Integrity
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
6.3
CVE-2025-5320 - gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The comβ¦
9.4
CVE-2025-48047 - MICI Network Co. Ltd. NetFax Server Command Injection
An authenticated user can perform command injection via unsanitized input to the NetFax Serverβs ping functionality via the /test.php endpoint.
5.3
CVE-2025-48046 - MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
8.7
CVE-2025-48045 - MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.