Skip to main content
CVE-2025-40675 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

XSS Bagisto
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-46452 MEDIUM This Month

A remote code execution vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Code Injection
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-49130 MEDIUM PATCH This Month

Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.

Information Disclosure XSS
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-5886 LOW POC Monitor

A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-5887 LOW POC Monitor

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Java XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-5879 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Java XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-25208 MEDIUM PATCH This Month

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-25207 MEDIUM PATCH This Month

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.

Red Hat Denial Of Service Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-25209 MEDIUM This Month

The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.

Red Hat Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-5916 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Integer Overflow Libarchive Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-5870 MEDIUM This Month

Critical authentication bypass vulnerability in TRENDnet TV-IP121W IP camera (version 1.1.1 Build 36) affecting the /admin/setup.cgi web interface endpoint. An unauthenticated remote attacker can bypass authentication controls to gain unauthorized administrative access, potentially allowing unauthorized configuration changes, data theft, or device compromise. A public exploit has been disclosed, the vendor has not responded to early disclosure, and the vulnerability exhibits moderate real-world exploitation probability given its network-accessible nature and lack of authentication requirements.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-47081 MEDIUM PATCH This Month

A security vulnerability in Requests (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-30507 MEDIUM PATCH This Month

CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.

SQLi 011209 Sip Emergency Intercom Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5876 MEDIUM This Month

A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5872 MEDIUM This Month

A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5871 MEDIUM This Month

A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5874 LOW POC Monitor

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards."

Python Privilege Escalation
NVD GitHub VulDB
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-5917 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Memory Corruption Libarchive Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-5890 MEDIUM This Month

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-41437 MEDIUM PATCH This Month

Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5873 LOW CISA Monitor

A security vulnerability in eCharge Hardy Barth Salia PLCC (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-5864 LOW Monitor

A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.

Information Disclosure Tenda
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-5880 LOW Monitor

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-5885 LOW Monitor

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-5884 LOW Monitor

A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-5899 LOW PATCH Monitor

A security vulnerability in A vulnerability classified as critical (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-5898 LOW PATCH Monitor

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-5889 LOW PATCH Monitor

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy