THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — June 02, 2025

117 CVEs tracked today. 13 Critical, 33 High, 67 Medium, 3 Low.

CVE-2025-5086 CRITICAL CVSS 9.0
Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes.

Deserialization RCE Delmia Apriso
CVE-2025-49113 CRITICAL CVSS 9.9
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes.

Roundcube PHP RCE Deserialization Authentication Bypass
CVE-2025-37096 CRITICAL CVSS 9.8
Command Injection Rce (3Rd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
CVE-2025-37095 CRITICAL CVSS 9.8
Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Information Disclosure Path Traversal Storeonce System
CVE-2025-37093 CRITICAL CVSS 9.8
Auth Bypass in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Authentication Bypass Storeonce System
CVE-2025-37092 CRITICAL CVSS 9.8
Command Injection Rce (2Nd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
CVE-2025-37090 CRITICAL CVSS 9.8
Ssrf in HPE StoreOnce backup storage software. One of 6 critical CVEs.

SSRF Storeonce System
CVE-2025-37089 CRITICAL CVSS 9.8
Command Injection Rce in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
CVE-2025-23099 CRITICAL CVSS 9.1
OOB write in Samsung Exynos 1480/2400 processors.

Buffer Overflow Samsung Exynos 1480 Firmware Exynos 2400 Firmware
CVE-2025-20674 CRITICAL CVSS 9.8
Remote privilege escalation in Android WLAN AP driver via packet injection.

Privilege Escalation Code Injection Software Development Kit Openwrt
CVE-2025-20672 CRITICAL CVSS 9.8
Heap OOB write in Android Bluetooth driver via incorrect bounds check.

Bluetooth Privilege Escalation Buffer Overflow Mt7902 Firmware Mt7927 Firmware
CVE-2025-1750 CRITICAL CVSS 9.8
SQL injection in llama_index DuckDB vector store v0.12.19. PoC and patch available.

SQLi RCE Llamaindex
CVE-2025-0324 CRITICAL CVSS 9.4
Privilege escalation in Axis VAPIX framework.

Privilege Escalation Axis Os 2024 Axis Os
CVE-2025-48990 HIGH CVSS 8.6
1-byte heap buffer overflow in NeKernal OS version 0.0.2's `rt_copy_memory` function, where a null terminator is unconditionally written beyond the destination buffer boundary when the copy length equals the buffer size (256 bytes). This vulnerability affects local attackers with no privilege requirements and can result in high-impact compromise of confidentiality, integrity, and availability. The patch (commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee) removes the overflow-causing null terminator write; no active exploitation or public POC is currently documented, but the CVSS 8.6 score reflects significant severity.

Buffer Overflow Heap Overflow Denial Of Service
CVE-2025-48957 HIGH CVSS 7.5
AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allows unauthenticated remote attackers to disclose sensitive information including LLM provider API keys, account passwords, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact and no authentication requirements. Patch is available in version 3.5.13 and later via Pull Request #1676.

Information Disclosure Path Traversal Astrbot
CVE-2025-48940 HIGH CVSS 7.2
MyBB versions prior to 1.8.39 contain a local file inclusion (LFI) vulnerability in the upgrade component due to improper input validation (CWE-22). This vulnerability allows authenticated administrators or unauthenticated attackers with access to an unlocked installer to read arbitrary files from the server filesystem. The vulnerability requires either the installer to be accessible via re-installation or the attacker to have administrative privileges, significantly limiting real-world exploitability despite the CVSS 7.2 score.

PHP Information Disclosure Mybb
CVE-2025-48866 HIGH CVSS 7.5
ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

Apache Denial Of Service Nginx Modsecurity Redhat
CVE-2025-48387 HIGH CVSS 8.7
tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5 contain a path traversal vulnerability (CWE-22) that allows attackers to extract tar archives outside the intended directory using specially crafted tarballs. This affects all users of vulnerable tar-fs versions with network-accessible extraction endpoints; the high CVSS 8.7 score reflects the integrity impact and network-accessible attack vector, though no KEV status or widespread public exploits have been confirmed at this time.

Information Disclosure Redhat
CVE-2025-46807 HIGH CVSS 8.7
A remote code execution vulnerability in A Allocation of Resources Without Limits or Throttling vulnerability in sslh (CVSS 8.7) that allows attackers. High severity vulnerability requiring prompt remediation.

Information Disclosure Redhat Suse
CVE-2025-45542 HIGH CVSS 7.3
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0, where the 'pass' parameter fails to properly validate user input, allowing unauthenticated attackers to inject arbitrary SQL queries over the network. This vulnerability can lead to confidentiality, integrity, and availability compromise with a CVSS score of 7.3 (High), though active exploitation status and proof-of-concept availability could not be verified from the provided data.

SQLi PHP Cloudclassroom Php Project
CVE-2025-37091 HIGH CVSS 7.2
Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.

RCE Command Injection Hp Storeonce System
CVE-2025-29785 HIGH CVSS 7.5
Nil-pointer dereference vulnerability in quic-go's path probe loss recovery logic introduced in v0.50.0 that allows unauthenticated remote attackers to crash QUIC servers. A malicious client can trigger a denial-of-service by sending valid QUIC packets from multiple addresses to initiate path validation, then crafting specific ACKs to dereference a null pointer. The vulnerability affects quic-go versions from v0.50.0 through v0.50.0 (patched in v0.50.1), with a CVSS score of 7.5 and high availability impact but no known active exploitation or public POC at time of disclosure.

Golang Denial Of Service Null Pointer Dereference Redhat Suse
CVE-2025-27956 HIGH CVSS 7.5
Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.

Path Traversal Information Disclosure Weblaudos
CVE-2025-26396 HIGH CVSS 7.8
Local privilege escalation vulnerability in SolarWinds Dameware Mini Remote Control caused by incorrect permission assignments on system resources. An authenticated attacker with low-privilege local access can exploit this vulnerability to gain elevated privileges (SYSTEM/Administrator level), achieving complete system compromise including confidentiality, integrity, and availability violations. This vulnerability requires valid local credentials and user interaction is not required for exploitation, making it a significant risk for multi-user systems or those with shared access.

Privilege Escalation
CVE-2025-25179 HIGH CVSS 7.8
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.

Privilege Escalation Memory Corruption Ddk
CVE-2025-23105 HIGH CVSS 7.8
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.

Privilege Escalation Samsung Use After Free Exynos 1480 Firmware Exynos 2400 Firmware
CVE-2025-20298 HIGH CVSS 8.0
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Splunk Windows Microsoft Privilege Escalation Information Disclosure
CVE-2025-5455 HIGH CVSS 8.4
Denial-of-service vulnerability in Qt's private qDecodeDataUrl() function that triggers an assertion failure when processing malformed data URLs with incomplete charset parameters. This affects Qt versions up to 5.15.18, 6.0.0-6.5.8, 6.6.0-6.8.3, and 6.9.0, impacting applications using QTextDocument and QNetworkReply. An attacker can crash Qt-based applications by sending a specially crafted data URL, resulting in service disruption; the vulnerability requires user interaction (UI involvement) but has a high CVSS score of 8.4 due to integrity and availability impact.

Denial Of Service Redhat Suse
CVE-2025-5435 HIGH CVSS 7.3
Critical SQL injection vulnerability in Marwal Infotech CMS 1.0 affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has public exploit disclosure and proof-of-concept availability, but the vendor has not responded to early disclosure notifications, leaving affected deployments unpatched and at active risk.

PHP SQLi
CVE-2025-5434 HIGH CVSS 7.3
Critical SQL injection vulnerability in Aem Solutions CMS versions up to 1.0, affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands. With a CVSS score of 7.3, a publicly disclosed exploit, and unresponsive vendor engagement, this vulnerability poses significant risk to confidentiality, integrity, and availability of affected systems.

PHP SQLi
CVE-2025-5113 HIGH CVSS 8.6
Critical vulnerability in Diviotec professional series devices that combines arbitrary command injection via a web interface endpoint with hardcoded credentials, allowing authenticated attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The CVSS 8.6 score reflects the severity of command injection paired with hardcoded passwords that eliminate authentication barriers. This vulnerability affects network-accessible professional series devices and represents an immediate risk in environments where these devices are deployed, particularly where adjacent network access is possible.

Command Injection
CVE-2025-5036 HIGH CVSS 7.8
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.

RCE Information Disclosure Revit
CVE-2025-4010 HIGH CVSS 8.6
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.

RCE Command Injection
CVE-2025-3260 HIGH CVSS 8.3
CVE-2025-3260 is an authorization bypass vulnerability in Grafana's dashboard API endpoints (/apis/dashboard.grafana.app/*) that allows authenticated users to circumvent dashboard and folder permission controls across all API versions (v0alpha1, v1alpha1, v2alpha1). Affected users with viewer or editor roles can access, modify, or delete dashboards and folders they should not have permission to interact with, while organization isolation boundaries and datasource access controls remain unaffected. With a CVSS score of 8.3 and requiring only low-privilege authentication, this represents a significant risk to multi-tenant Grafana deployments and requires immediate patching.

Grafana Authentication Bypass Privilege Escalation Information Disclosure Redhat
CVE-2025-1246 HIGH CVSS 7.8
Buffer over-read vulnerability in Arm GPU userspace drivers (Bifrost, Valhall, and 5th Gen architectures) that allows unprivileged local users to access memory outside allocated buffer bounds through valid GPU operations including WebGL and WebGPU. The vulnerability affects multiple driver versions across three GPU architectures and has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability; exploitation status and POC availability are not documented in the provided data.

Information Disclosure Bifrost Gpu Userspace Driver 5th Gen Gpu Architecture Userspace Driver Valhall Gpu Userspace Driver
CVE-2025-1051 HIGH CVSS 8.8
Heap-based buffer overflow vulnerability in Sonos Era 300 speakers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high severity (CVSS 8.8). The flaw exists in ALAC (Apple Lossless Audio Codec) data processing where insufficient length validation enables buffer overflow conditions. This vulnerability poses significant risk as it requires no authentication, no user interaction, and can be exploited by any attacker on the local network segment to achieve remote code execution in the context of the anacapa user.

Buffer Overflow RCE Era 300 Firmware
CVE-2025-0819 HIGH CVSS 7.8
A security vulnerability in Arm Ltd Bifrost GPU Kernel Driver (CVSS 7.8) that allows a local non-privileged user process. High severity vulnerability requiring prompt remediation.

Denial Of Service Bifrost Gpu Kernel Driver 5th Gen Gpu Architecture Kernel Driver Valhall Gpu Kernel Driver
CVE-2025-0358 HIGH CVSS 8.8
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, authenticated user with lower privileges to escalate to administrator-level access. Discovered during a penetration test by Truesec, this flaw affects Axis network devices and cameras utilizing the vulnerable VAPIX framework. With a CVSS score of 8.8 and local attack vector, the vulnerability poses significant risk to organizations deploying Axis devices in multi-user or untrusted environments, though it requires prior authentication and local access to exploit.

Privilege Escalation Axis Os
CVE-2025-0073 HIGH CVSS 7.8
Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.

Use After Free Memory Corruption Privilege Escalation 5th Gen Gpu Architecture Kernel Driver Valhall Gpu Kernel Driver
CVE-2024-57783 HIGH CVSS 8.1
Cross-site scripting (XSS) vulnerability in Dot desktop application (versions through 0.9.3) that allows unauthenticated local attackers to execute arbitrary commands with high complexity due to unsafe DOM manipulation via innerHTML. The vulnerability chains user input and LLM output directly into the DOM without sanitization, combined with Electron's Node.js API access, enabling command execution. This is a local attack vector with high impact on confidentiality, integrity, and availability.

Node.js XSS
CVE-2024-57459 HIGH CVSS 7.3
Time-based SQL injection vulnerability in the mydetailsstudent.php file of CloudClassroom PHP Project version 1.0, where the 'myds' parameter fails to properly validate user input, allowing unauthenticated remote attackers to inject and execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 (High), indicating potential for data theft, modification, and service disruption. No KEV status or active exploitation data is provided in the current intelligence; however, the network-accessible nature (CVSS:3.1/AV:N) and low attack complexity suggest this represents a significant real-world risk if the affected application is internet-facing.

PHP SQLi Cloudclassroom Php Project
CVE-2024-54028 HIGH CVSS 8.4
Integer underflow vulnerability in catdoc 0.95's OLE Document DIFAT (Double-Indirect File Allocation Table) Parser that enables heap-based memory corruption through specially crafted malformed files. An attacker can exploit this local vulnerability (no privileges required) by providing a malicious OLE document to trigger the integer underflow, potentially achieving arbitrary code execution or denial of service. While no active KEV status or widespread POC is confirmed in this dataset, the CVSS 8.4 score and high impact ratings (confidentiality, integrity, availability all marked 'H') indicate this is a critical local code execution risk for users who process untrusted OLE documents.

Buffer Overflow Catdoc Debian Linux
CVE-2024-52035 HIGH CVSS 8.4
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.

Integer Overflow Heap Overflow Memory Corruption Debian Linux Catdoc
CVE-2024-48877 HIGH CVSS 8.4
Heap buffer overflow vulnerability in the Shared String Table Record Parser of xls2csv utility version 0.95, allowing unauthenticated local attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability is triggered by processing a specially crafted malformed Excel file, presenting significant risk to users who process untrusted spreadsheet inputs. No confirmed active exploitation in the wild has been reported at this time, though the local attack vector and lack of privilege requirements suggest moderate real-world exploitability.

Buffer Overflow Xls2csv
CVE-2024-12168 HIGH CVSS 7.8
DLL hijacking vulnerability in Yandex Telemost for Desktop versions before 2.7.0, where the application searches for dynamic libraries in untrusted paths, allowing local attackers with user-level privileges to execute arbitrary code through malicious DLL injection. The vulnerability has a high CVSS score of 7.8 and requires user interaction (running the application), but poses significant risk as DLL hijacking is a well-understood and commonly exploitable attack vector with publicly available proof-of-concept techniques.

Information Disclosure Yandex Telemost
CVE-2024-11857 HIGH CVSS 7.8
Local privilege escalation vulnerability in Realtek Bluetooth HCI adaptor drivers that exploits a symlink-following flaw (CWE-59) to enable arbitrary file deletion. Local attackers with standard user privileges can create symbolic links to trick the driver into deleting critical system files, subsequently leveraging file deletion to gain elevated privileges. The vulnerability has a CVSS score of 7.8 (High) with complete integrity and confidentiality impact; exploitation status and POC availability require vendor advisory correlation to assess active exploitation risk.

Privilege Escalation
CVE-2025-49069 MEDIUM CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.

CSRF
CVE-2025-48996 MEDIUM CVSS 5.3
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.

Information Disclosure
CVE-2025-48995 MEDIUM CVSS 6.9
A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Python Information Disclosure Ubuntu Debian
CVE-2025-48994 MEDIUM CVSS 6.9
A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Python Information Disclosure Ubuntu Debian
CVE-2025-48958 MEDIUM CVSS 5.5
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.

XSS Debian Froxlor
CVE-2025-48955 MEDIUM CVSS 6.2
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.

Information Disclosure
CVE-2025-48941 MEDIUM CVSS 5.3
A remote code execution vulnerability in MyBB (CVSS 5.3) that allows attackers. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Mybb
CVE-2025-48495 MEDIUM CVSS 5.4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.

XSS Gokapi Suse
CVE-2025-48494 MEDIUM CVSS 5.4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption.

XSS Gokapi Suse
CVE-2025-47585 MEDIUM CVSS 6.5
Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.

Authentication Bypass
CVE-2025-47289 MEDIUM CVSS 6.3
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker - potentially leading to account takeover. Version 1.1.0.3 fixes the issue.

XSS Ce Phoenix Cart
CVE-2025-47272 MEDIUM CVSS 5.5
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.

Authentication Bypass
CVE-2025-46806 MEDIUM CVSS 6.9
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.

Denial Of Service Memory Corruption Ubuntu Debian Suse
CVE-2025-45387 MEDIUM CVSS 5.4
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.

PHP XSS Osticket
CVE-2025-44172 MEDIUM CVSS 6.5
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

Buffer Overflow Stack Overflow Ac6 Firmware Tenda
CVE-2025-44115 MEDIUM CVSS 5.4
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.

PHP XSS Cotonti Siena
CVE-2025-37094 MEDIUM CVSS 5.5
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.

Path Traversal Storeonce System
CVE-2025-27955 MEDIUM CVSS 6.5
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.

RCE Clinical Collaboration Platform
CVE-2025-27954 MEDIUM CVSS 6.5
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.

RCE Command Injection Clinical Collaboration Platform
CVE-2025-27953 MEDIUM CVSS 6.5
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.

RCE Command Injection Clinical Collaboration Platform
CVE-2025-23104 MEDIUM CVSS 6.5
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 2200 Firmware
CVE-2025-20678 MEDIUM CVSS 6.5
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Denial Of Service Lr13 Lr12a Nr17 Nr15
CVE-2025-20677 MEDIUM CVSS 5.5
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.

Null Pointer Dereference Denial Of Service Nbiot Sdk
CVE-2025-20676 MEDIUM CVSS 5.5
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.

Null Pointer Dereference Denial Of Service Nbiot Sdk
CVE-2025-20675 MEDIUM CVSS 5.5
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

Null Pointer Dereference Denial Of Service Mt7927 Firmware Mt7902 Firmware Mt7925 Firmware
CVE-2025-20673 MEDIUM CVSS 5.5
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.

Null Pointer Dereference Denial Of Service Mt7927 Firmware Mt7921 Firmware Mt7925 Firmware
CVE-2025-20297 MEDIUM CVSS 4.3
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Splunk Cloud Platform
CVE-2025-20001 MEDIUM CVSS 6.5
An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.

Buffer Overflow Information Disclosure Fontcreator
CVE-2025-5447 MEDIUM CVSS 6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6250 Firmware Re6300 Firmware Re7000 Firmware Re9000 Firmware
CVE-2025-5446 MEDIUM CVSS 6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re7000 Firmware Re6250 Firmware Re6350 Firmware Re6300 Firmware
CVE-2025-5445 MEDIUM CVSS 6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re7000 Firmware Re6500 Firmware Re6350 Firmware
CVE-2025-5444 MEDIUM CVSS 6.3
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6500 Firmware Re6300 Firmware Re6250 Firmware
CVE-2025-5443 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6500 Firmware Re6350 Firmware Re7000 Firmware
CVE-2025-5442 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6350 Firmware Re7000 Firmware Re6250 Firmware Re6500 Firmware
CVE-2025-5441 MEDIUM CVSS 6.3
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6250 Firmware Re6300 Firmware Re7000 Firmware
CVE-2025-5440 MEDIUM CVSS 6.3
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re7000 Firmware Re9000 Firmware Re6300 Firmware Re6500 Firmware
CVE-2025-5439 MEDIUM CVSS 6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6350 Firmware Re6500 Firmware Re7000 Firmware Re6250 Firmware
CVE-2025-5438 MEDIUM CVSS 6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-5437 MEDIUM CVSS 5.3
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
CVE-2025-5436 MEDIUM CVSS 5.3
A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure
CVE-2025-5433 MEDIUM CVSS 6.3
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Microsoft PHP SQLi
CVE-2025-5432 MEDIUM CVSS 6.3
A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
CVE-2025-5431 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
CVE-2025-5430 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
CVE-2025-5429 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5428 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5427 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5426 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5425 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5424 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5423 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5422 MEDIUM CVSS 4.3
A security vulnerability in juzaweb CMS (CVSS 4.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-5421 MEDIUM CVSS 6.3
A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
CVE-2025-3951 MEDIUM CVSS 4.1
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.

WordPress SQLi Wp Optimize PHP
CVE-2025-3919 MEDIUM CVSS 6.4
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4

WordPress XSS PHP
CVE-2025-3454 MEDIUM CVSS 5.0
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.

Grafana Authentication Bypass Ubuntu Debian Redhat
CVE-2025-1485 MEDIUM CVSS 4.8
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

WordPress XSS Wordpress Real Cookie Banner PHP
CVE-2025-1235 MEDIUM CVSS 4.3
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

Information Disclosure Integer Overflow
CVE-2025-0325 MEDIUM CVSS 4.3
CVE-2025-0325 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2024-40114 MEDIUM CVSS 6.1
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.

XSS Wlx 2006 Firmware
CVE-2024-40113 MEDIUM CVSS 6.5
A security vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before (CVSS 6.5). Risk factors: public PoC available.

Information Disclosure Wlx 2006 Firmware
CVE-2024-40112 MEDIUM CVSS 5.9
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

PHP Lfi Information Disclosure Wlx 2006 Firmware
CVE-2024-8008 MEDIUM CVSS 5.2
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.

XSS Identity Server Open Banking Iam Open Banking Am Identity Server As Key Manager
CVE-2024-7074 MEDIUM CVSS 6.8
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.

File Upload RCE
CVE-2024-7073 MEDIUM CVSS 6.5
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

Information Disclosure SSRF Authentication Bypass Open Banking Km Open Banking Iam
CVE-2024-3509 MEDIUM CVSS 4.3
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users. While this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking.

XSS Enterprise Integrator Identity Server As Key Manager Api Manager Identity Server
CVE-2024-1440 MEDIUM CVSS 5.4
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.

Open Redirect Identity Server Identity Server As Key Manager Api Manager
CVE-2025-49112 LOW CVSS 3.1
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

Information Disclosure Integer Overflow Ubuntu Debian
CVE-2025-48745 None
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-5420 LOW CVSS 3.5
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS
CVE-2025-5412 LOW CVSS 3.5
A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The name of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

XSS

Today's Vulnerabilities Vulnerabilities