Skip to main content
CVE-2025-5990 HIGH POC PATCH This Week

Stored cross-site scripting (XSS) vulnerability in Crafty Controller that allows authenticated attackers to inject malicious JavaScript through the Server Name form and API Key form components. An attacker with valid credentials can craft malicious input that persists in the application, executing arbitrary scripts in other users' browsers with the same security context. While CVSS 7.6 indicates high severity and the vulnerability requires low attack complexity with network accessibility, real-world risk is constrained by the requirement for prior authentication and user interaction.

XSS Crafty Controller
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-6091 HIGH This Week

A critical buffer overflow vulnerability exists in H3C GR-3000AX V100R007L50 within the UpdateWanParamsMulti/UpdateIpv6Params functions of /routing/goform/aspForm that allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability is actively exploitable; however, the vendor has assessed the risk as low and has not committed to immediate patching, despite confirmed existence of the issue.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6090 HIGH This Week

Critical buffer overflow vulnerability in H3C GR-5400AX V100R009L50 routers affecting the UpdateWanparamsMulti and UpdateIpv6params functions. An authenticated remote attacker can manipulate the 'param' argument to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, availability impact). A public proof-of-concept exists and the vulnerability is confirmed by the vendor, though they have deprioritized remediation despite the CVSS 8.8 score and active disclosure.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1411 HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker Security Verify Directory
NVD
CVSS 3.1
7.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy