8.2
CVE-2024-9334 - Information Disclosure in E-Kent's Pallium Vehicle Tracking
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.
8.4
CVE-2025-27154 - Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads tβ¦
6.4
CVE-2024-13402 - BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_tiβ¦
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βlink_titleβ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level β¦
7.1
CVE-2025-1739 - Multiple vulnerabilities in Trivision Camera NC227WF
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activβ¦
3.9
CVE-2025-1693 - MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying opeβ¦
6.3
CVE-2025-1692 - MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the userβs clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affectβ¦
7.6
CVE-2025-1691 - MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using βtabβ to autocomplete tβ¦
6.2
CVE-2025-1738 - Multiple vulnerabilities in Trivision Camera NC227WF
A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.
9.8
CVE-2025-1751 - SQL Injection CIGES
A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.
4.8
CVE-2024-10918 - Stack-based Buffer Overflow in libmodbus library
Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.