9.1

CVSS3.1

CVE-2025-25948 -

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 29, 2026, 2:05 a.m.

7.5

CVSS3.1

CVE-2025-25951 -

An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 12, 2025, 4:15 p.m.

6.9

CVSS3.1

CVE-2025-27371 -

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 โ€ฆ

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

4

CVSS3.1

CVE-2025-27220 - CGI: ReDoS in CGI::Util#escapeElement

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.

3.2

CVSS3.1

CVE-2025-27221 - uri: userinfo leakage in URI#join, URI#merge and URI#+

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.

5.4

CVSS3.1

CVE-2024-55064 -

Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter tโ€ฆ

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: July 12, 2025, 10:01 p.m.

9

CVSS3.1

CVE-2025-27590 -

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: July 12, 2025, 3:26 p.m.

8.8

CVSS3.1

CVE-2024-53387 -

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: July 7, 2025, 5:56 p.m.

4.9

CVSS3.1

CVE-2024-53386 -

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: June 27, 2025, 1:01 p.m.

5.8

CVSS3.1

CVE-2025-27219 - CGI: Denial of Service in CGI::Cookie.parse

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when pโ€ฆ

๐Ÿ“… Published: March 3, 2025, midnight ๐Ÿ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.
Total resulsts: 349182
Page 6502 of 34,919
ยซ previous page ยป next page
Filters