5.3
CVE-2025-2094 - TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launchedβ¦
2.3
CVE-2025-2093 - PHPGurukul Online Library Management System change-password.php password recovery
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The atβ¦
7.8
CVE-2025-2024 - Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit β¦
5.4
CVE-2025-26643 - Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
5.3
CVE-2023-43052 - IBM Control Center external service interaction
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain β¦
5.4
CVE-2023-35894 - IBM Control Center HOST header injection
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
1
CVE-2024-12975 - Silicon Labs CPC can leak information in full duplex SPI
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.
7.1
CVE-2025-0162 - IBM Aspera Shares XML external entity injection
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
5.3
CVE-2025-4432 - Ring: some aes functions may panic when overflow checking is enabled in ring
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
8.8
CVE-2025-27607 - Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. Iβ¦