CVE ID : CVE-2025-2261
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user’s browser under the privileges of the web application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3751
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44083
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45752
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5049
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5050
Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown processing of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36535
Published : May 21, 2025, 8:15 p.m. | 26 minutes ago
Description : The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41426
Published : May 21, 2025, 8:15 p.m. | 26 minutes ago
Description : Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45755
Published : May 21, 2025, 8:15 p.m. | 26 minutes ago
Description : A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46412
Published : May 21, 2025, 8:15 p.m. | 26 minutes ago
Description : Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5051
Published : May 21, 2025, 8:15 p.m. | 26 minutes ago
Description : A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48205
Published : May 21, 2025, 4:15 p.m. | 28 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48201
Published : May 21, 2025, 4:15 p.m. | 28 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48200
Published : May 21, 2025, 4:15 p.m. | 28 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48207
Published : May 21, 2025, 4:15 p.m. | 28 minutes ago
Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4524
Published : May 21, 2025, 7:16 a.m. | 7 hours, 26 minutes ago
Description : The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41232
Published : May 21, 2025, 12:16 p.m. | 2 hours, 26 minutes ago
Description : Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.
Your application may be affected by this if the following are true:
* You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and
* You have Spring Security method annotations on a private method
In that case, the target method may be able to be invoked without proper authorization.
You are not affected if:
* You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or
* You have no Spring Security-annotated private methods
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3750
Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago
Description : The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3781
Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago
Description : The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s raisely_donation_form shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48413
Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago
Description : The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system “root” user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…