5.3

CVSS3.1

CVE-2025-47748 -

Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: June 19, 2025, 12:02 a.m.

6.5

CVSS3.1

CVE-2024-57338 -

An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-45343 -

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: June 3, 2025, 3:36 p.m.

7.2

CVSS3.1

CVE-2025-30087 -

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

5.3

CVSS3.1

CVE-2025-48927 -

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: Feb. 26, 2026, 6:27 p.m.

6.5

CVSS3.1

CVE-2024-57337 -

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2025-32802 - Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4…

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.1

CVSS3.1

CVE-2025-48749 -

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: June 18, 2025, 11:59 p.m.

7.8

CVSS3.1

CVE-2025-32801 - Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6…

πŸ“… Published: May 28, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-45094 - IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting

IBM DS8900F and DS8A00 Hardware Management Console (HMC)Β is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

πŸ“… Published: May 27, 2025, 10:41 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 3:03 p.m.
Total resulsts: 349182
Page 5239 of 34,919
Β« previous page Β» next page
Filters