6.9

CVSS4.0

CVE-2025-42604 - Detailed Error Response Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related informatio…

📅 Published: April 23, 2025, 10:43 a.m. 🔄 Last Modified: April 23, 2025, 2:44 p.m.

8.7

CVSS4.0

CVE-2025-42603 - Information Disclosure Vulnerability in Meon KYC solutions

This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive informati…

📅 Published: April 23, 2025, 10:38 a.m. 🔄 Last Modified: April 23, 2025, 3:09 p.m.

8.2

CVSS4.0

CVE-2025-42602 - Improper Authentication Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorize…

📅 Published: April 23, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2025, 3:24 p.m.

8.2

CVSS4.0

CVE-2025-42601 - Captcha Bypass Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechani…

📅 Published: April 23, 2025, 10:32 a.m. 🔄 Last Modified: April 23, 2025, 3:28 p.m.

8.2

CVSS4.0

CVE-2025-42600 - Brute Force Attack Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to g…

📅 Published: April 23, 2025, 10:25 a.m. 🔄 Last Modified: April 23, 2025, 3:29 p.m.

6.8

CVSS3.1

CVE-2025-2703 - grafana: Cross-Site Scripting in Grafana XY Chart Panel

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

📅 Published: April 23, 2025, 9:56 a.m. 🔄 Last Modified: July 12, 2025, 3:26 p.m.

5

CVSS3.1

CVE-2025-3454 - grafana: Unauthorized Data Source Access in Grafana via URL Path Manipulation

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily a…

📅 Published: April 23, 2025, 9:55 a.m. 🔄 Last Modified: June 24, 2025, 9:44 a.m.

6.4

CVSS3.1

CVE-2025-1054 - UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Sto…

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insuffici…

📅 Published: April 23, 2025, 9:23 a.m. 🔄 Last Modified: April 8, 2026, 5:26 p.m.

0.0

CVE-2025-46377 -

Not used

📅 Published: April 23, 2025, 9:14 a.m. 🔄 Last Modified: April 24, 2025, 3:15 a.m.

0.0

CVE-2025-46378 -

Not used

📅 Published: April 23, 2025, 9:14 a.m. 🔄 Last Modified: April 24, 2025, 3:15 a.m.
Total resulsts: 343970
Page 5168 of 34,397
« previous page » next page
Filters