CVE ID : CVE-2025-30173
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48368
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim’s browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM. Versions 6.8.119 and 25.0.20 contain a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48066
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary clients (marking the device as a public computer on login) and regular clients instructing the deletion of all personal information and conversations upon logout. Access to the machine is required to access the data. If encryption-at-rest is used, cryptographic material can’t be exported. The underlying issue has been fixed with wire-webapp version 2025-05-14-production.0. In order to mitigate potential impact, the database must be manually deleted on devices where the option “This is a public computer” was used prior to log in or a log out with the request to delete local data with the affected versions has happened before.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48075
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48366
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persistent JavaScript payloads, which are triggered in the context of another user when they view the Address Book. Successful exploitation enables actions such as forced redirects, unauthorized fetch requests, or other arbitrary JavaScript execution without user interaction. Versions 6.8.119 and 25.0.20 contain a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48369
Published : May 22, 2025, 6:15 p.m. | 36 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice’s tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an file with a crafted filename. When administrators or other users view the task containing this malicious file, the payload executes in their browser context. The application fails to sanitize image filenames before rendering them in the comment. By uploading an image with a crafted filename containing XSS payloads, attackers can steal sensitive information. Versions 6.8.119 and 25.0.20 contain a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13952
Published : May 22, 2025, 7:15 p.m. | 14 minutes ago
Description : Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13955
Published : May 22, 2025, 7:15 p.m. | 14 minutes ago
Description : 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-6914
Published : May 22, 2025, 7:15 p.m. | 14 minutes ago
Description : An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges.
This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the “/services” context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the “Security Guidelines for Production Deployment” by disabling exposure to untrusted networks.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3111
Published : May 22, 2025, 2:16 p.m. | 2 hours, 31 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4575
Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago
Description : Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected for
a particular use it will be instead marked as trusted for that use.
A copy & paste error during minor refactoring of the code introduced this
issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate
should be trusted only for the purpose of authenticating TLS servers but not
for CMS signature verification and the CMS signature verification is intended
to be marked as rejected with the -addreject option, the resulting CA
certificate will be trusted for CMS signature verification purpose instead.
Only users which use the trusted certificate format who use the openssl x509
command line application to add rejected uses are affected by this issue.
The issues affecting only the command line application are considered to
be Low severity.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue.
OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this
issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4979
Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5076
Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5078
Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5077
Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-54188
Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago
Description : Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-12093
Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0605
Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0993
Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32813
Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…