8.8

CVSS3.1

CVE-2024-53388 -

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 7, 2025, 5:55 p.m.

5.4

CVSS3.1

CVE-2025-25949 -

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: Jan. 29, 2026, 2:05 a.m.

8.1

CVSS3.1

CVE-2025-25950 -

Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: Dec. 12, 2025, 4:15 p.m.

6.1

CVSS3.1

CVE-2025-25939 -

Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: Dec. 30, 2025, 5:03 p.m.

9.1

CVSS3.1

CVE-2025-27583 -

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: June 27, 2025, 1:43 p.m.

5.4

CVSS3.1

CVE-2024-55570 -

/api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access con…

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: March 5, 2025, 7:15 p.m.

5.4

CVSS3.1

CVE-2025-27585 -

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: June 27, 2025, 1:23 p.m.

5.1

CVSS3.1

CVE-2024-53384 -

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 7, 2025, 5:58 p.m.

5.4

CVSS3.1

CVE-2025-27584 -

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: June 27, 2025, 1:43 p.m.

6.5

CVSS3.1

CVE-2025-25952 -

An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: Dec. 12, 2025, 4:15 p.m.
Total resulsts: 349182
Page 6501 of 34,919
Β« previous page Β» next page
Filters