6.5

CVSS3.1

CVE-2025-6239 - Information disclosure

Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.

๐Ÿ“… Published: Oct. 21, 2025, 12:25 p.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 12:52 p.m.

8.5

CVSS3.1

CVE-2025-10020 - Command Injection

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

๐Ÿ“… Published: Oct. 21, 2025, 12:12 p.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 12:58 p.m.

7.1

CVSS3.1

CVE-2025-10641 - Unencrypted cleartext communication in EfficientLab WorkExaminer Professional

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit theirโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:48 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

9.8

CVSS3.1

CVE-2025-10640 - Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitorโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:43 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

8.3

CVSS3.1

CVE-2025-9428 - SQL Injection

Zohocorp ManageEngine Analytics Plus versionsย 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.

๐Ÿ“… Published: Oct. 21, 2025, 11:43 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 2 p.m.

8.8

CVSS3.1

CVE-2025-10639 - Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304.ย An attacker with network access to this portย can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code exโ€ฆ

๐Ÿ“… Published: Oct. 21, 2025, 11:36 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 10:13 a.m.

5.2

CVSS3.1

CVE-2025-7473 - XML Injection

Zohocorp ManageEngine EndPoint Central versionsย 11.4.2516.1 and prior are vulnerable to XML Injection.

๐Ÿ“… Published: Oct. 21, 2025, 10:58 a.m. ๐Ÿ”„ Last Modified: Oct. 23, 2025, 2:36 p.m.

3.3

CVSS3.1

CVE-2025-5496 - Arbitrary File Deletion

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

๐Ÿ“… Published: Oct. 21, 2025, 10:04 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.1

CVSS3.1

CVE-2025-10612 - XSS in GiSoft's City Guide

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.

๐Ÿ“… Published: Oct. 21, 2025, 8:48 a.m. ๐Ÿ”„ Last Modified: Oct. 24, 2025, 10:17 a.m.

5.4

CVSS3.1

CVE-2025-26392 - SolarWinds Observability Self-Hosted SQL Injection Vulnerability

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

๐Ÿ“… Published: Oct. 21, 2025, 7:46 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.
Total resulsts: 315592
Page 75 of 31,560
ยซ previous page ยป next page
Filters