CVE ID : CVE-2025-29686
Published : May 14, 2025, 10:15 p.m. | 52 minutes ago
Description : A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29691
Published : May 14, 2025, 10:15 p.m. | 52 minutes ago
Description : A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29689
Published : May 14, 2025, 10:15 p.m. | 52 minutes ago
Description : A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29690
Published : May 14, 2025, 10:15 p.m. | 52 minutes ago
Description : A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-45067
Published : May 14, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47705
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44184
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44186
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47701
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47702
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47703
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47704
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47706
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47707
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47708
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47710
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47709
Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Missing Authorization vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0130
Published : May 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30663
Published : May 14, 2025, 6:15 p.m. | 1 hour, 14 minutes ago
Description : Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30664
Published : May 14, 2025, 6:15 p.m. | 51 minutes ago
Description : Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…