9.3
CVE-2025-48757 -
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responβ¦
7.8
CVE-2025-44906 -
jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
9.3
CVE-2025-46352 - Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials
The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an β¦
9.3
CVE-2025-41438 - Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severelyβ¦
9.3
CVE-2025-1907 - Instantel Micromate Missing Authentication for Critical Function
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
6.9
CVE-2025-5332 - 1000 Projects Online Notice Board index.php sql injection
A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to thβ¦
8.4
CVE-2025-5307 - Santesoft Sante DICOM Viewer Pro Out-of-bounds Read
Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.
6.9
CVE-2025-5331 - PCMan FTP Server NLST Command buffer overflow
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may bβ¦
9.8
CVE-2025-30466 - Same Origin Policy Bypass via State Management Flaw
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy.
5.5
CVE-2025-31261 - Sandbox Permission Bypass Allowing Access to Protected User Data
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.