8.7
CVE-2025-2493 - Path Traversal vulnerability in Softdial Contact Center
Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the ex…
5.3
CVE-2024-41975 - CODESYS (Edge) Gateway for Windows insecure default
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
6.6
CVE-2025-0694 - CODESYS Control V3 removable media path traversal
Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.
9.1
CVE-2024-23943 - MB connect line: Cloud API access due to a lack of authentication for a critical function
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
7.1
CVE-2024-23942 - MB connect line: Configuration File on the client workstation is not encrypted
A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.
7.5
CVE-2025-1468 - CODESYS Control V3 - OPC UA Server Authentication bypass
An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.
8.4
CVE-2025-0755 - MongoDB C Driver bson library may be susceptible to buffer overflow
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This …
8.8
CVE-2025-25220 -
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.
7.2
CVE-2025-24306 -
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege.
7.3
CVE-2025-2262 - Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly valid…