Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-48069

Published : May 21, 2025, 6:15 p.m. | 2 hours, 26 minutes ago

Description : ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5020

Published : May 21, 2025, 6:15 p.m. | 2 hours, 26 minutes ago

Description : Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS
Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5033

Published : May 21, 2025, 6:15 p.m. | 2 hours, 26 minutes ago

Description : A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-57529

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27558

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2261

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user’s browser under the privileges of the web application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3751

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44083

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45752

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5049

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5050

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown processing of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36535

Published : May 21, 2025, 8:15 p.m. | 26 minutes ago

Description : The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41426

Published : May 21, 2025, 8:15 p.m. | 26 minutes ago

Description : Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45755

Published : May 21, 2025, 8:15 p.m. | 26 minutes ago

Description : A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46412

Published : May 21, 2025, 8:15 p.m. | 26 minutes ago

Description : Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5051

Published : May 21, 2025, 8:15 p.m. | 26 minutes ago

Description : A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48205

Published : May 21, 2025, 4:15 p.m. | 28 minutes ago

Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48201

Published : May 21, 2025, 4:15 p.m. | 28 minutes ago

Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48200

Published : May 21, 2025, 4:15 p.m. | 28 minutes ago

Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48207

Published : May 21, 2025, 4:15 p.m. | 28 minutes ago

Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…