6.5

CVSS3.1

CVE-2025-32993 -

Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-29705 -

code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 5:46 p.m.

8.8

CVSS3.1

CVE-2025-29281 -

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 3:17 p.m.

5.9

CVSS3.1

CVE-2025-28198 -

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:24 p.m.

6.5

CVSS3.1

CVE-2025-24948 -

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:41 p.m.

4

CVSS3.1

CVE-2025-32997 - http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Oct. 21, 2025, 2:42 p.m.

9.1

CVSS3.1

CVE-2021-27289 -

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attack…

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2025-32103 -

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

9

CVSS4.0

CVE-2025-32428 - Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX sock…

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still access…

πŸ“… Published: April 14, 2025, 11:29 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS3.1

CVE-2025-24797 - Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not r…

πŸ“… Published: April 14, 2025, 11:25 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:31 p.m.
Total resulsts: 346565
Page 5626 of 34,657
Β« previous page Β» next page
Filters