Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-2828

Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago

Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52562

Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago

Description : Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. This allows the attacker to include and execute arbitrary PHP files on the server. This issue has been patched in version 4.4.1. A temporary workaround involves implementing strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2172

Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago

Description : Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52542

Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-47297

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-48978

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-47298

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46101

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48700

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52875

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52876

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52877

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52878

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52879

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52968

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52967

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-47032

Published : June 23, 2025, 4:15 p.m. | 2 hours, 9 minutes ago

Description : Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-47295

Published : June 23, 2025, 4:15 p.m. | 2 hours, 9 minutes ago

Description : A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-50450

Published : June 23, 2025, 4:15 p.m. | 2 hours, 9 minutes ago

Description : An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-47294

Published : June 23, 2025, 4:15 p.m. | 2 hours, 9 minutes ago

Description : An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…