9.9

CVSS3.1

CVE-2025-32461 -

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.

πŸ“… Published: April 9, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-55210 -

An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.

πŸ“… Published: April 9, 2025, midnight πŸ”„ Last Modified: April 30, 2025, 7:09 p.m.

4

CVSS3.1

CVE-2025-32460 -

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

πŸ“… Published: April 9, 2025, midnight πŸ”„ Last Modified: Jan. 29, 2026, 8:34 p.m.

4.8

CVSS3.1

CVE-2025-29018 -

A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.

πŸ“… Published: April 9, 2025, midnight πŸ”„ Last Modified: April 28, 2025, 6:47 p.m.

6.5

CVSS3.1

CVE-2025-25013 - Elastic Defend Insertion of Sensitive Information into Log Files

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.

πŸ“… Published: April 8, 2025, 10:16 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2025-27190 - Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. …

πŸ“… Published: April 8, 2025, 8:17 p.m. πŸ”„ Last Modified: June 23, 2025, 7:30 p.m.

5.3

CVSS3.1

CVE-2025-27191 - Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. …

πŸ“… Published: April 8, 2025, 8:17 p.m. πŸ”„ Last Modified: May 20, 2025, 2:30 p.m.

2.7

CVSS3.1

CVE-2025-27192 - Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to pr…

πŸ“… Published: April 8, 2025, 8:17 p.m. πŸ”„ Last Modified: May 20, 2025, 2:03 p.m.

4.3

CVSS3.1

CVE-2025-27188 - Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploi…

πŸ“… Published: April 8, 2025, 8:17 p.m. πŸ”„ Last Modified: May 1, 2025, 8 p.m.

4.3

CVSS3.1

CVE-2025-27189 - Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to th…

πŸ“… Published: April 8, 2025, 8:17 p.m. πŸ”„ Last Modified: April 30, 2025, 2:59 p.m.
Total resulsts: 345139
Page 5542 of 34,514
Β« previous page Β» next page
Filters