5.4

CVSS3.1

CVE-2025-29153 -

SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: July 9, 2025, 1:30 a.m.

6.5

CVSS3.1

CVE-2025-45514 -

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: May 27, 2025, 2:22 p.m.

8.1

CVSS3.1

CVE-2025-26169 -

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be ove…

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.6

CVSS3.1

CVE-2025-29152 -

Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, …

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: July 9, 2025, 1:31 a.m.

7.1

CVSS3.1

CVE-2020-36791 - net_sched: keep alloc_hash updated after hash allocation

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is lef…

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: Nov. 10, 2025, 5:34 p.m.

6.1

CVSS3.1

CVE-2025-29602 -

flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: June 16, 2025, 7:38 p.m.

7.3

CVSS3.1

CVE-2025-0856 - PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.

πŸ“… Published: May 6, 2025, 10:22 p.m. πŸ”„ Last Modified: April 22, 2026, 5:30 p.m.

9.8

CVSS3.1

CVE-2025-0855 - PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in t…

πŸ“… Published: May 6, 2025, 10:22 p.m. πŸ”„ Last Modified: April 22, 2026, 1:30 p.m.

8.8

CVSS3.1

CVE-2025-4372 -

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

πŸ“… Published: May 6, 2025, 9:35 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 6:28 p.m.

8.7

CVSS4.0

CVE-2025-47420 - User Permissions on Network API

266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

πŸ“… Published: May 6, 2025, 9:33 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 347939
Page 5405 of 34,794
Β« previous page Β» next page
Filters