7.8
CVE-2025-36632 - Local Privilege Escalation
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
8.7
CVE-2025-3602 -
Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on tβ¦
6.9
CVE-2025-6124 - code-projects Restaurant Order System tablelow.php sql injection
A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed tβ¦
6.9
CVE-2025-6123 - code-projects Restaurant Order System payment.php sql injection
A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disβ¦
5.3
CVE-2025-6122 - code-projects Restaurant Order System table.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Restaurant Order System 1.0. This affects an unknown part of the file /table.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
9.3
CVE-2025-6121 - D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow
A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be lβ¦
8.5
CVE-2025-5689 - Improper Permission Management in SSH Session Handling
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
4.8
CVE-2025-6120 - Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to lauβ¦
3.8
CVE-2025-24388 - Unsafe handling of AJAX calls
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X * ((OTRS)) Community Edβ¦
5.7
CVE-2025-46710 -
Possible kernel exceptions caused by reading and writing kernel heap data after free.