Security

CVE ID : CVE-2025-40580

Published : May 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow.
This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40582

Published : May 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters.
This could allow a non-privileged local attacker to execute root commands on the device.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40583

Published : May 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext.
This could allow a privileged local attacker to retrieve this sensitive information.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40628

Published : May 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4648

Published : May 13, 2025, 10:15 a.m. | 29 minutes ago

Description : Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4647

Published : May 13, 2025, 10:15 a.m. | 29 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon web allows Reflected XSS.

A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.

This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4646

Published : May 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32917

Published : May 13, 2025, 11:15 a.m. | 52 minutes ago

Description : Privilege escalation in jar_signature agent plugin in Checkmk versions
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47858

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47862

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47860

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47863

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47864

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4396

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and
Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47859

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47861

Published : May 13, 2025, 4:16 a.m. | 4 hours, 22 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-22246

Published : May 13, 2025, 6:15 a.m. | 2 hours, 23 minutes ago

Description : Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

Severity: 3.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4632

Published : May 13, 2025, 6:15 a.m. | 2 hours, 23 minutes ago

Description : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-22249

Published : May 13, 2025, 6:15 a.m. | 2 hours, 23 minutes ago

Description : VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3107

Published : May 13, 2025, 7:15 a.m. | 1 hour, 23 minutes ago

Description : The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…