0.0
CVE-2025-48422 -
Not used
0.0
CVE-2025-48425 -
Not used
0.0
CVE-2025-48420 -
Not used
0.0
CVE-2025-48419 -
Not used
0.0
CVE-2025-48421 -
Not used
7.5
CVE-2025-30193 - Denial of service via crafted TCP exchange
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of serβ¦
5.1
CVE-2025-40633 - Stored Cross-Site Scripting (XSS) in Koibox
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint
9.2
CVE-2025-40634 - Stack-based buffer overflow in TP-Link Archer AX50
Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.
4.6
CVE-2025-4951 -
Editions of Rapid7 AppSpider Pro before versionΒ 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration filβ¦
6.4
CVE-2024-5878 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sβ¦
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticateβ¦