4.3
CVE-2025-1711 - CVE-2025-1711
Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.
7.5
CVE-2025-1710 - CVE-2025-1710
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
6.5
CVE-2025-1709 - CVE-2025-1709
Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).
6.4
CVE-2025-2540 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sβ¦
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wβ¦
4.8
CVE-2025-6563 - Cross-site scripting via dst parameter in RouterOS WiFi hotspot
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can alβ¦
8.6
CVE-2025-1708 - CVE-2025-1708
The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.
5.2
CVE-2025-6587 - Exposure of system environment variables in Docker Desktop diagnostic logs
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.Β A malicious actor with read access to these logs could obtain secrets and further use theβ¦
1.8
CVE-2025-0885 - Incorrect Authorization vulnerability affects OpenTextβ’ GroupWise
Incorrect Authorization vulnerability in OpenTextβ’ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 2β¦
6.4
CVE-2024-5647 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sβ¦
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerβ¦
0.0
CVE-2025-38169 - arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME β¦