7.3
CVE-2025-3425 - Unauthenticated Remote Code Execution via .NET Deserialization
The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dβ¦
6.9
CVE-2025-3374 - PCMan FTP Server CCC Command buffer overflow
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public andβ¦
7.7
CVE-2025-3424 - 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific β¦
6.9
CVE-2025-3373 - PCMan FTP Server SITE CHMOD Command buffer overflow
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosedβ¦
6.9
CVE-2025-3372 - PCMan FTP Server MKDIR Command buffer overflow
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and mβ¦
6.9
CVE-2025-32014 - estree-util-value-to-estree allows prototype pollution in generated ESTree
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.
4.8
CVE-2025-31476 - tarteaucitron.js allows url scheme injection via unfiltered inputs
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert(). Before the fix, URL valiβ¦
5.5
CVE-2025-31475 - tarteaucitron.js allows prototype pollution via custom text injection
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code orβ¦
5.5
CVE-2025-31138 - tarteaucitron.js allows UI manipulation via unrestricted CSS injection
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height) were not properly validated. This allowed an attacker with direct access to the site's source codeβ¦
6.5
CVE-2025-30373 - Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has β¦
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP reβ¦