CVE ID : CVE-2025-46741
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46742
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : Users who were required to change their password could still access system information before changing their password
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46743
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated user’s token could be used by another source after the user had logged out prior to the token expiring.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46749
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46745
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated user without user-management permissions could view other users’ account information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46746
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An administrator could discover another account’s credentials.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46747
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated user without user-management permissions could identify other user accounts.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46748
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated user attempting to change their password could do so without using the current password.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46750
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46744
Published : May 12, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : An authenticated administrator could modify the Created By username for a user account
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-34732
Published : May 12, 2025, 6:15 p.m. | 1 hour, 27 minutes ago
Description : An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44175
Published : May 12, 2025, 6:15 p.m. | 1 hour, 27 minutes ago
Description : Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44176
Published : May 12, 2025, 6:15 p.m. | 1 hour, 27 minutes ago
Description : Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-4981
Published : May 12, 2025, 7:15 p.m. | 27 minutes ago
Description : A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-4982
Published : May 12, 2025, 7:15 p.m. | 27 minutes ago
Description : A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-55466
Published : May 12, 2025, 7:15 p.m. | 27 minutes ago
Description : An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47682
Published : May 12, 2025, 7:15 p.m. | 27 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45835
Published : May 12, 2025, 2:15 p.m. | 2 hours, 19 minutes ago
Description : A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56523
Published : May 12, 2025, 3:15 p.m. | 1 hour, 18 minutes ago
Description : Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56524
Published : May 12, 2025, 3:15 p.m. | 1 hour, 18 minutes ago
Description : Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…