Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-26795

Published : May 14, 2025, 11:16 a.m. | 51 minutes ago

Description : Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.

This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3833

Published : May 14, 2025, 11:16 a.m. | 51 minutes ago

Description : Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-26864

Published : May 14, 2025, 11:16 a.m. | 51 minutes ago

Description : Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.

This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3834

Published : May 14, 2025, 11:16 a.m. | 18 minutes ago

Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47292

Published : May 14, 2025, 11:16 a.m. | 51 minutes ago

Description : Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4430

Published : May 14, 2025, 11:16 a.m. | 51 minutes ago

Description : Unauthorized access to “/api/Token/gettoken” endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-52290

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim’s browser. Version 2.1.0 fixes the issue.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0020

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS (Authentication) allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation.

The ArcGIS client_credentials OAuth 2.0 API implementation does not adhere to the RFC/standards; This hidden (known and by-design, but undocumented) functionality enables a requestor (Referred to as client in RFC 6749) to request an, undocumented, custom token expiration from ArcGIS (Referred to as authorization server in RFC 6749).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4520

Published : May 14, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47891

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47892

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47893

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47894

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47895

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47896

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47897

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47898

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47899

Published : May 14, 2025, 4:16 a.m. | 2 hours, 39 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3623

Published : May 14, 2025, 3:15 a.m. | 39 minutes ago

Description : The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20003

Published : May 13, 2025, 9:16 p.m. | 1 hour, 59 minutes ago

Description : Improper link resolution before file access (‘Link Following’) for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…