1.1
CVE-2025-27609 - Icinga Web 2 Vulnerable to Reflected XSS
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on beβ¦
0.0
CVE-2025-2825 - CrushFTP HTTP Unauthenticated Access
DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
7.7
CVE-2025-27406 - Icinga Reporting Stored XSS leads to SSRF
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act oβ¦
8.4
CVE-2025-2098 - Dylib Hijacking in Fast CAD Reader
Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other usersβ¦
7.7
CVE-2025-27405 - Icinga Web 2 has XSS in embedded content
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that β¦
6.5
CVE-2025-26739 - WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1.
6.5
CVE-2025-2820 - Denial of Service
An authenticated attacker can compromise the availability of the device via the network
6.5
CVE-2025-26747 - WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7.
6.6
CVE-2025-2819 - Unrestricted Fileupload
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
6.5
CVE-2025-26869 - WordPress Build theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3.