7.1

CVSS4.0

CVE-2025-3116 -

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.

πŸ“… Published: June 10, 2025, 8:34 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-3905 -

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.

πŸ“… Published: June 10, 2025, 8:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS4.0

CVE-2025-3112 -

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.

πŸ“… Published: June 10, 2025, 8:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-3899 -

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.

πŸ“… Published: June 10, 2025, 8:25 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS4.0

CVE-2025-3898 -

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.

πŸ“… Published: June 10, 2025, 8:22 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7

CVSS4.0

CVE-2025-5743 -

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.

πŸ“… Published: June 10, 2025, 8:15 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-5742 -

CWE-79: Improper Neutralization of Input During Web Page Generation (β€˜Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server

πŸ“… Published: June 10, 2025, 8:11 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-5741 -

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.

πŸ“… Published: June 10, 2025, 8:09 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-5740 -

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path.

πŸ“… Published: June 10, 2025, 8:06 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2025-27817 - Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Ap…

πŸ“… Published: June 10, 2025, 7:55 a.m. πŸ”„ Last Modified: July 11, 2025, 4:58 p.m.
Total resulsts: 349182
Page 5099 of 34,919
Β« previous page Β» next page
Filters