6.4
CVE-2025-4774 - Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vβ¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated aβ¦
7.5
CVE-2025-43701 -
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.Β This impacts OmniStudio: before version 254.
7.5
CVE-2025-43700 -
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.Β This impacts OmniStudio: before Spring 2025.
4.3
CVE-2025-41657 - AUMA: Incorrect delivery status of the Bluetooth configuration
Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
7.3
CVE-2024-13090 - Privilege escalation in Guardian/CMC before 24.6.0
A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It isβ¦
7.5
CVE-2024-13089 - Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these β¦
6.9
CVE-2025-40662 - Absolute path disclosure vulnerability in DM Corporative CMS
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
6.9
CVE-2025-40661 - Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting theΒ option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
6.9
CVE-2025-40660 - Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting theΒ option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
6.9
CVE-2025-40659 - Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting theΒ option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.