4.1

CVSS3.1

CVE-2025-29932 -

In JetBrains GoLand before 2025.1 an XXE during debugging was possible

πŸ“… Published: March 25, 2025, 12:44 p.m. πŸ”„ Last Modified: Sept. 30, 2025, 10:06 p.m.

6.1

CVSS3.1

CVE-2025-27633 -

The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.

πŸ“… Published: March 25, 2025, 12:40 p.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

8.7

CVSS4.0

CVE-2025-1445 -

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are con…

πŸ“… Published: March 25, 2025, 12:38 p.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

6.1

CVSS3.1

CVE-2025-27632 -

A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

πŸ“… Published: March 25, 2025, 12:37 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 1:15 p.m.

8.7

CVSS4.0

CVE-2024-12169 -

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.

πŸ“… Published: March 25, 2025, 12:36 p.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

6.9

CVSS4.0

CVE-2024-11499 -

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically r…

πŸ“… Published: March 25, 2025, 12:30 p.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

5.5

CVSS3.1

CVE-2022-1804 - Accountsservice incorrectly drops privileges

accountsservice no longer drops permissions when writting .pam_environment

πŸ“… Published: March 25, 2025, 12:28 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 5:13 p.m.

5.9

CVSS4.0

CVE-2024-10037 -

A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled t…

πŸ“… Published: March 25, 2025, 12:22 p.m. πŸ”„ Last Modified: March 31, 2025, 4:17 p.m.

5.8

CVSS3.1

CVE-2025-2109 - WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations origin…

πŸ“… Published: March 25, 2025, 11:12 a.m. πŸ”„ Last Modified: April 8, 2026, 4:36 p.m.

8.4

CVSS4.0

CVE-2024-53679 - Apache VCL: XSS vulnerability in User Lookup impacting user privileges

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate…

πŸ“… Published: March 25, 2025, 9:33 a.m. πŸ”„ Last Modified: July 14, 2025, 6:06 p.m.
Total resulsts: 343924
Page 5693 of 34,393
Β« previous page Β» next page
Filters