7.3
CVE-2025-20210 - Cisco Catalyst Center Unprotected API Endpoint
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could eβ¦
5.7
CVE-2025-46551 - JRuby-OpenSSL has hostname verification disabled by default
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRubyβ¦
8
CVE-2025-46827 - Graylog Allows Session Takeover via Insufficient HTML Sanitization
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissβ¦
7.5
CVE-2024-47619 - tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could hβ¦
9.3
CVE-2025-2777 - SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
9.3
CVE-2025-2776 - SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
9.3
CVE-2025-2775 - SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
4.3
CVE-2025-47692 - WordPress ContentStudio plugin <= 1.3.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
5.5
CVE-2025-47691 - WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
5.3
CVE-2025-47688 - WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulneraβ¦
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.