Skip to main content
CVE-2025-49589 MEDIUM PATCH This Month

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Buffer Overflow Stack Overflow RCE Ubuntu Debian +1
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-40592 MEDIUM This Month

A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.

Path Traversal
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-6006 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6009 LOW POC Monitor

A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6008 LOW POC Monitor

A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6007 LOW POC Monitor

A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6005 LOW POC Monitor

A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-49185 MEDIUM This Month

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

XSS Field Analytics
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4417 MEDIUM This Month

A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit affected pages.

XSS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-45256 MEDIUM This Month

Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.

PHP SQLi
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-49195 MEDIUM This Month

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.

Information Disclosure Media Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-49188 MEDIUM This Month

CVE-2025-49188 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Field Analytics
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-49187 MEDIUM This Month

CVE-2025-49187 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Field Analytics
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49186 MEDIUM This Month

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

Information Disclosure Field Analytics Baggage Analytics Logistic Diagnostic Analytics Media Server +2
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6003 MEDIUM This Month

The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49189 MEDIUM PATCH This Month

CVE-2025-49189 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Media Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-9512 MEDIUM PATCH This Month

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Gitlab Information Disclosure Debian
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-4233 MEDIUM PATCH This Month

CVE-2025-4233 is a security vulnerability (CVSS 5.1) that allows users. Remediation should follow standard vulnerability management procedures.

Paloalto Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-49081 MEDIUM PATCH This Month

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.

Information Disclosure Secure Access
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-49191 MEDIUM This Month

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

RCE XSS Field Analytics
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-4418 MEDIUM This Month

A privilege escalation vulnerability in AVEVA PI Connector for CygNet (CVSS 4.4) that allows a miscreant with elevated privileges. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-49190 MEDIUM This Month

The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.

SSRF Field Analytics
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49192 MEDIUM PATCH This Month

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.

XSS Media Server Field Analytics
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49193 MEDIUM PATCH This Month

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

XSS Baggage Analytics Package Analytics Field Analytics Logistic Diagnostic Analytics +2
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-5982 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Gitlab Information Disclosure Debian
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-49198 LOW Monitor

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.

Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-48699 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49822 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49821 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49820 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49819 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49818 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49817 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49816 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49815 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49814 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy