5.1
CVE-2025-3026 - Improper Neutralization of Special Elements vulnerability in EJBCA
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the βHostβ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his β¦
8.7
CVE-2025-3021 - Path Traversal vulnerability in e-management of e-solutions
Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the βfileβ parameter in the /downloadReport.php endpoint.
6.9
CVE-2025-2990 - Tenda FH1202 Web Management Interface AdvSetWrlGstset access control
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely.β¦
4.3
CVE-2025-31376 - WordPress NanoSupport plugin <= 0.6.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mayeenul Islam NanoSupport nanosupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through <= 0.6.0.
0.0
CVE-2025-31521 -
Not used
0.0
CVE-2025-31522 -
Not used
0.0
CVE-2025-31520 -
Not used
0.0
CVE-2025-31523 -
Not used
0.0
CVE-2025-31516 -
Not used
0.0
CVE-2025-31517 -
Not used