8.7
CVE-2025-0352 - Rapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled Key
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.
9.4
CVE-2025-1265 - Elseta Vinci Protocol Analyzer OS Command Injection
An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.
9.4
CVE-2025-27096 - SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA
WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive infoβ¦
7
CVE-2025-26618 - SSH SFTP packet size not verified properly in Erlang OTP
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet sizeβ¦
5.9
CVE-2024-7141 - CSRF in Gliffy
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.
8.6
CVE-2025-27091 - OpenH264 Decoding Functions Heap Overflow Vulnerability
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameβ¦
7.8
CVE-2025-0161 - IBM Security Verify Access Appliance code injection
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
9.2
CVE-2025-20059 - PingAM Java Policy Agent path traversal
Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.
7.2
CVE-2025-1039 - Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Fieβ¦
The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary webβ¦
6.6
CVE-2025-21105 -
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down theβ¦