7.2

CVSS3.1

CVE-2025-30349 -

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2025-30346 - varnish: Client-Side Desynchronization in Varnish Cache

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 3, 2025, 1:05 p.m.

3.5

CVSS3.1

CVE-2025-30345 -

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when del…

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: March 27, 2025, 2:38 p.m.

5.3

CVSS3.1

CVE-2025-30344 -

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: March 27, 2025, 2:40 p.m.

3

CVSS3.1

CVE-2025-30343 -

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or …

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: March 27, 2025, 2 p.m.

6.3

CVSS3.1

CVE-2025-29223 -

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:21 p.m.

6.3

CVSS3.1

CVE-2025-29227 -

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:28 p.m.

7.7

CVSS3.1

CVE-2024-57490 -

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:23 p.m.

9.8

CVSS3.1

CVE-2024-53351 -

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:21 p.m.

7.4

CVSS3.1

CVE-2024-53350 -

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.

πŸ“… Published: March 21, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:21 p.m.
Total resulsts: 348202
Page 6162 of 34,821
Β« previous page Β» next page
Filters