7.8
CVE-2024-10630 -
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
5.3
CVE-2025-23080 - XSSes in Special:BadgeView
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - OpenBadges Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - OpenBadges Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.…
5.3
CVE-2025-0462 - Shanghai Lingdang Information Technology Lingdang CRM index.php sql injection
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the a…
5.9
CVE-2024-45627 - Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerab…
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be…
5.3
CVE-2025-0461 - Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal
A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin…
6.9
CVE-2025-0460 - Blog Botz for Journal Theme blog_add unrestricted upload
A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attac…
4.6
CVE-2024-29980 - Unsafe Handling of IHV UEFI Variables
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ fo…
4.6
CVE-2024-29979 - Unsafe Handling of Phoenix UEFI Variables
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ fo…
4.8
CVE-2025-0459 - libretro RetroArch Startup profapi.dll untrusted search path
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approach…
6.9
CVE-2025-0458 - Virtual Computer Vysual RH Solution Login Panel index.php cross site scripting
A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can b…