9.9

CVSS3.1

CVE-2025-49113 - roundcubemail: Remote Code Execution in Roundcube via Unvalidated _from Parameter

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: Feb. 23, 2026, 1:24 p.m.

5.4

CVSS3.1

CVE-2025-44115 -

A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: June 13, 2025, 5:21 p.m.

7.5

CVSS3.1

CVE-2025-27956 -

Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: June 17, 2025, 6:45 p.m.

6.5

CVSS3.1

CVE-2025-27954 -

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: June 13, 2025, 5:53 p.m.

7.3

CVSS3.1

CVE-2025-45542 -

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: June 13, 2025, 5:45 p.m.

6.5

CVSS3.1

CVE-2024-40113 -

Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.

πŸ“… Published: June 2, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 1 a.m.

5.1

CVSS4.0

CVE-2025-5412 - Mist Community Edition Authentication Endpoint views.py login cross site scripting

A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to laun…

πŸ“… Published: June 1, 2025, 11:31 p.m. πŸ”„ Last Modified: Nov. 25, 2025, 2:49 p.m.

5.1

CVSS4.0

CVE-2025-5411 - Mist Community Edition views.py tag_resources cross site scripting

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The explo…

πŸ“… Published: June 1, 2025, 11 p.m. πŸ”„ Last Modified: Nov. 25, 2025, 2:50 p.m.

5.3

CVSS4.0

CVE-2025-5410 - Mist Community Edition middleware.py session_start_response cross-site request forgery

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotel…

πŸ“… Published: June 1, 2025, 10:31 p.m. πŸ”„ Last Modified: Nov. 25, 2025, 2:55 p.m.

6.9

CVSS4.0

CVE-2025-5409 - Mist Community Edition API Token views.py create_token access control

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the a…

πŸ“… Published: June 1, 2025, 10 p.m. πŸ”„ Last Modified: Nov. 25, 2025, 2:58 p.m.
Total resulsts: 346292
Page 4919 of 34,630
Β« previous page Β» next page
Filters