1.8

CVSS4.0

CVE-2025-11624 - Buffer overwrite when processing file handles with the SFTP server

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.

๐Ÿ“… Published: Oct. 21, 2025, 1:14 p.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

6.5

CVSS3.1

CVE-2025-6239 - Information disclosure

Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.

๐Ÿ“… Published: Oct. 21, 2025, 12:25 p.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 12:52 p.m.

8.5

CVSS3.1

CVE-2025-10020 - Command Injection

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

๐Ÿ“… Published: Oct. 21, 2025, 12:12 p.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 12:58 p.m.

7.1

CVSS3.1

CVE-2025-10641 - Unencrypted cleartext communication in EfficientLab WorkExaminer Professional

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit theirโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:48 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

9.8

CVSS3.1

CVE-2025-10640 - Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitorโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:43 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

8.3

CVSS3.1

CVE-2025-9428 - SQL Injection

Zohocorp ManageEngine Analytics Plus versionsย 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.

๐Ÿ“… Published: Oct. 21, 2025, 11:43 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 2 p.m.

8.8

CVSS3.1

CVE-2025-10639 - Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304.ย An attacker with network access to this portย can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code exโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:36 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

5.2

CVSS3.1

CVE-2025-7473 - XML Injection

Zohocorp ManageEngine EndPoint Central versionsย 11.4.2516.1 and prior are vulnerable to XML Injection.

๐Ÿ“… Published: Oct. 21, 2025, 10:58 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 2:36 p.m.

3.3

CVSS3.1

CVE-2025-5496 - Arbitrary File Deletion

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

๐Ÿ“… Published: Oct. 21, 2025, 10:04 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.1

CVSS3.1

CVE-2025-10612 - XSS in GiSoft's City Guide

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.

๐Ÿ“… Published: Oct. 21, 2025, 8:48 a.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 10:17 a.m.
Total resulsts: 315553
Page 71 of 31,556
ยซ previous page ยป next page
Filters