CVE ID : CVE-2024-12378
Published : May 8, 2025, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-11186
Published : May 8, 2025, 7:15 p.m. | 56 minutes ago
Description : On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0505
Published : May 8, 2025, 7:16 p.m. | 56 minutes ago
Description : On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-8100
Published : May 8, 2025, 7:16 p.m. | 21 minutes ago
Description : On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27695
Published : May 8, 2025, 7:16 p.m. | 21 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2806
Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago
Description : The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3468
Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago
Description : The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3506
Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago
Description : Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3862
Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago
Description : Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4208
Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago
Description : The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes it possible for authenticated attackers, with Custom-level access, to execute arbitrary PHP functions that meet specific constraints (static methods or global functions accepting a single array parameter).
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-6648
Published : May 8, 2025, 1:15 p.m. | 2 hours, 21 minutes ago
Description : Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the ‘product_item_path’ within the ‘config’ JSON file, allowing them to read any file on the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47729
Published : May 8, 2025, 2:15 p.m. | 1 hour, 22 minutes ago
Description : The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive” documentation, as exploited in the wild in May 2025.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47730
Published : May 8, 2025, 2:15 p.m. | 1 hour, 22 minutes ago
Description : The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45818
Published : May 8, 2025, 3:15 p.m. | 21 minutes ago
Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45820
Published : May 8, 2025, 3:15 p.m. | 21 minutes ago
Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45819
Published : May 8, 2025, 3:15 p.m. | 21 minutes ago
Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4207
Published : May 8, 2025, 3:15 p.m. | 21 minutes ago
Description : Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1252
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1254
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1253
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…