4.3
CVE-2025-5263 - Error handling for script execution was incorrectly isolated from web content
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
8.8
CVE-2025-5117 - Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via β¦
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Authorβlevel access and above, to elevate their privilβ¦
4.8
CVE-2025-4412 - TCC Bypass via Dylib Loading in Viscosity.app
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as acceβ¦
7.5
CVE-2025-41653 - Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernetβ¦
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.
9.8
CVE-2025-41652 - Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentβ¦
9.8
CVE-2025-41651 - Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
7.5
CVE-2025-41650 - Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
7.5
CVE-2025-41649 - Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
0.0
CVE-2025-48847 -
Not used
0.0
CVE-2025-48848 -
Not used