8.7
CVE-2025-43855 - tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash โฆ
5.5
CVE-2025-30409 -
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.
6.7
CVE-2025-30408 -
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.
7.5
CVE-2025-27820 - Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
5.3
CVE-2021-47664 - Enumeration of valid user names
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
8.1
CVE-2021-47663 - Improper session handling
Due to improperย JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.
7.5
CVE-2021-47662 - Unauthenticated remote shutdown of the cobot
Due to missing authorization an unauthenticated remote attackerย can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
7.2
CVE-2025-3872 - Privilege escalation by altering payload in contact form
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering itsโฆ
9.8
CVE-2025-3603 - Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticateโฆ
8.3
CVE-2025-3776 - Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauโฆ