6.8
CVE-2025-23059 - Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive daβ¦
8.8
CVE-2025-23058 - Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management β¦
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Succβ¦
9.8
CVE-2025-0364 - BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attβ¦
5.3
CVE-2024-45659 - IBM Security Verify Access information disclosure
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
9.8
CVE-2024-9644 - Four-Faith F3x36 bapply.cgi Auth Bypass
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote β¦
9.8
CVE-2024-9643 - Four-Faith F3x36 Hidden Debug Credentials
The Four-FaithΒ F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-326β¦
7.2
CVE-2024-23690 - EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
0.0
CVE-2025-22794 - WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through <= 1.9.8.
0.0
CVE-2025-22730 - WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.
0.0
CVE-2025-22675 - WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block β Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block β Display notice/alerts in the front end: from n/a through <= β¦