6.5
CVE-2024-30152 - HCL SX is affected by usage of a weak cryptographic algorithm
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
8.7
CVE-2025-3928 - Commvault Web Server unspecified vulnerability
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 foβ¦
5.1
CVE-2025-2070 -
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
5.1
CVE-2025-2069 -
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
5.1
CVE-2025-2068 -
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
5.5
CVE-2024-56156 - Halo Vulnerable to Stored XSS and RCE via File Upload Bypass
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks andβ¦
7.6
CVE-2025-43862 - Dify Allows Unauthorized Access and Modification of APP Orchestration
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access andβ¦
10
CVE-2025-32432 - Craft CMS Allows Remote Code Execution
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity atβ¦
5.3
CVE-2025-32045 - Moodle: hidden grades shown to users without permission on some grade reports
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.
7.5
CVE-2025-32044 - Moodle: unauthenticated rest api user data exposure
A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user dataβincluding names, contact information, and hashed passwordsβvia stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the phpβ¦