Skip to main content
CVE-2025-49853 CRITICAL Act Now

ControlID iDSecure On-premises versions 4.7.48.0 and prior contain SQL injection vulnerabilities that allow unauthenticated remote attackers to execute arbitrary SQL queries, potentially leaking sensitive information or modifying database contents. The CVSS 9.1 score reflects the critical nature (high confidentiality and integrity impact), though availability is not directly affected. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the unauthenticated, network-accessible attack vector makes this a high-priority vulnerability.

Information Disclosure Control Id Idsecure SQLi
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-52568 HIGH PATCH This Week

CVE-2025-52568 is a critical memory safety vulnerability in NeKernal (an open-source OS stack) prior to version 0.0.3 that enables memory corruption, disk image corruption, denial of service, and potential code execution through unchecked memory operations and unsafe typecasting. The vulnerability is remotely exploitable with no authentication or user interaction required (CVSS 8.8, AV:N/AC:L). All users running NeKernal versions before 0.0.3 are affected and should immediately upgrade to the patched version.

RCE Buffer Overflow Denial Of Service Memory Corruption
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-41427 HIGH This Week

A command injection vulnerability in Connection Diagnostics page (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Command Injection TP-Link RCE Authentication Bypass
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2025-32976 HIGH This Week

CVE-2025-32976 is a security vulnerability (CVSS 8.8) that allows authenticated users. High severity vulnerability requiring prompt remediation.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6426 HIGH PATCH This Week

CVE-2025-6426 is a missing executable file warning vulnerability in Firefox and Thunderbird on macOS that fails to alert users before opening files with the 'terminal' extension, potentially allowing attackers to execute arbitrary code. This affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12 on macOS only. An attacker can leverage this to trick users into executing malicious terminal scripts by bypassing the security warning mechanism that normally prevents automatic execution of executable files.

Information Disclosure Mozilla Apple
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-6432 HIGH PATCH This Week

CVE-2025-6432 is a DNS proxy bypass vulnerability in Firefox and Thunderbird when Mozilla's Multi-Account Containers extension is enabled. Under specific conditions-invalid domain names or unresponsive SOCKS proxies-DNS requests circumvent the configured SOCKS proxy, potentially exposing user browsing activity to network monitoring. This affects Firefox < 140 and Thunderbird < 140, has a high CVSS score of 8.6 reflecting significant confidentiality impact, and requires network-level access but no user interaction to exploit.

Information Disclosure Mozilla
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-6032 HIGH PATCH This Week

CVE-2025-6032 is a TLS certificate validation bypass in Podman's machine init command that fails to verify certificates when downloading VM images from OCI registries, enabling Man-in-the-Middle (MITM) attacks. This affects users running Podman machine initialization on networked systems where attackers can intercept traffic. While the CVSS score of 8.3 indicates high severity with potential for confidentiality, integrity, and availability impact, real-world exploitation requires specific network positioning (AC:H - high attack complexity) and user interaction (UI:R), suggesting moderate practical risk despite the high base score.

Information Disclosure
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-6428 MEDIUM POC PATCH This Month

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Google Mozilla Open Redirect
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3090 HIGH PATCH This Week

CVE-2025-3090 is a critical authentication bypass vulnerability affecting network devices that exposes a missing authentication requirement for sensitive functions. The vulnerability allows unauthenticated remote attackers to obtain limited sensitive information and trigger denial-of-service conditions without requiring any user interaction or special privileges. If actively exploited (KEV status pending confirmation), this represents an immediate threat to exposed devices as the attack vector is network-based with low complexity.

Authentication Bypass Denial Of Service Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-6436 HIGH PATCH This Week

CVE-2025-6436 is a collection of memory safety vulnerabilities in Firefox and Thunderbird versions 139 that demonstrate evidence of memory corruption with potential for arbitrary code execution. The vulnerability affects Firefox < 140 and Thunderbird < 140, and requires network access but moderate attack complexity. While no active exploitation in the wild has been confirmed, the high CVSS score of 8.1 and memory corruption evidence indicate this is a critical patch requiring immediate deployment.

RCE Mozilla Buffer Overflow
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-6435 HIGH PATCH This Week

CVE-2025-6435 is a file handling vulnerability in Firefox and Thunderbird's Developer Tools where saved network responses may lack the `.download` file extension, potentially allowing attackers to trick users into executing malicious executables. This affects Firefox versions below 140 and Thunderbird versions below 140. The vulnerability requires user interaction (saving and executing a file) but carries high severity (CVSS 8.1) due to potential for arbitrary code execution.

Mozilla File Upload
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-5318 HIGH PATCH This Week

CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison check in the sftp_handle function that allows authenticated remote attackers to access memory beyond the valid handle list and retrieve invalid pointers for further processing. This vulnerability enables exposure of sensitive information or denial of service, with a CVSS score of 8.1 indicating high severity. The vulnerability requires authentication and network access but has high confidentiality and availability impact.

Buffer Overflow Enterprise Linux Openshift Container Platform Libssh Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-23265 HIGH This Week

CVE-2025-23265 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers with low privileges to execute arbitrary code by providing a malicious file. Successful exploitation enables code execution, privilege escalation, information disclosure, and data tampering. This vulnerability affects all platforms running Megatron-LM and poses significant risk to machine learning infrastructure, particularly in multi-tenant or shared compute environments.

RCE Python Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23264 HIGH This Week

CVE-2025-23264 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers with limited privileges to execute arbitrary code through malicious file inputs. This vulnerability affects all platforms running Megatron-LM and can lead to complete system compromise including code execution, privilege escalation, information disclosure, and data tampering. The attack requires local access and user interaction is not needed, making it a significant risk for multi-tenant environments and shared compute resources.

RCE Python Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6206 HIGH This Week

The Aiomatic WordPress plugin (versions ≤2.5.0) contains an arbitrary file upload vulnerability in the 'aiomatic_image_editor_ajax_submit' AJAX function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and potentially achieve remote code execution. Exploitation requires a valid (though arbitrary) Stability.AI API key to be configured. This is a high-impact vulnerability affecting WordPress sites using this plugin, with CVSS 7.5 reflecting the combination of high confidentiality/integrity/authentication bypass risk despite high attack complexity.

WordPress RCE Aiomatic PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32978 HIGH This Week

CVE-2025-32978 is an unauthenticated license replacement vulnerability in Quest KACE Systems Management Appliance that allows attackers to replace valid licenses with expired or trial licenses via a web interface, causing denial of service. The vulnerability affects KACE SMA versions 13.0.x through 14.1.x across multiple release branches. This is a network-accessible, zero-privilege exploitation requiring no user interaction, making it a high-impact availability threat to organizations relying on KACE for systems management.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-3091 HIGH PATCH This Week

CVE-2025-3091 is an authentication bypass vulnerability allowing a low-privileged remote attacker to hijack another user's account by possessing only that user's second factor (2FA), completely bypassing password authentication. This affects multi-factor authentication implementations where the second factor can be used independently to establish a session. The vulnerability has a CVSS score of 7.5 (High) with moderate attack complexity, and represents a critical weakness in MFA architecture since attackers need only compromise one authentication factor rather than all factors.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-49852 HIGH This Week

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary requests from the vulnerable server to internal or external systems, potentially exposing sensitive information. The CVSS 7.5 score reflects the high confidentiality impact and network-accessible attack vector, though integrity and availability are not compromised. This vulnerability requires immediate patching as it requires no authentication or user interaction.

SSRF Control Id Idsecure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52574 HIGH PATCH This Week

SysmonElixir versions prior to 1.0.1 contain a path traversal vulnerability in the /read endpoint that allows unauthenticated remote attackers to read arbitrary files from the server, including sensitive system files like /etc/passwd. The vulnerability was patched in version 1.0.1 by implementing a whitelist restricting file reads to the priv/data directory. This is a high-severity information disclosure issue (CVSS 7.5) with no authentication required and network-accessible attack surface.

Path Traversal Information Disclosure Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3092 HIGH PATCH This Week

CVE-2025-3092 is an unauthenticated user enumeration vulnerability affecting an unprotected endpoint that allows remote attackers to discover valid usernames without authentication or user interaction. The vulnerability has a CVSS score of 7.5 (High) with a vector indicating network-based attack with low complexity and no privileges required, resulting in high confidentiality impact. While the description does not specify affected product versions, CPE strings, or KEV/EPSS data, the high CVSS and information disclosure nature suggest this requires urgent patching in affected systems where user enumeration could enable follow-up attacks like credential brute-forcing or targeted social engineering.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-2403 HIGH This Week

CVE-2025-2403 is a network-based denial-of-service vulnerability affecting ABB Relion 670/650 and SAM600-IO series devices, caused by improper prioritization of network traffic over protection mechanisms. An unauthenticated attacker can remotely trigger this vulnerability to malfunction critical functions such as the Line Distance Communication Module (LDCM), potentially causing service disruption in power distribution systems. With a CVSS score of 7.5 and network-accessible attack vector, this represents a significant threat to industrial control systems, particularly in electrical grid infrastructure.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52888 HIGH PATCH This Week

Allure 2 versions prior to 2.34.1 contain a critical XML External Entity (XXE) injection vulnerability in the xunit-xml-plugin that allows unauthenticated remote attackers to read arbitrary files from the server's filesystem and potentially trigger SSRF attacks. The vulnerability stems from insecure XML parser configuration in the DocumentBuilderFactory and is exploitable by uploading or providing malicious test result XML files without any authentication or user interaction required.

XXE SSRF Information Disclosure Java
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-39202 HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure Path Traversal Microscada X Sys600
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-27827 HIGH This Week

CVE-2025-27827 is an information disclosure vulnerability in Mitel MiContact Center Business legacy chat component (versions through 10.2.0.3) that allows unauthenticated attackers to access sensitive chat data and session information through improper session handling. An attacker can exploit this to read active chat messages, join chat rooms without authorization, and send messages as legitimate users, requiring only user interaction to succeed. The CVSS 7.1 score reflects high confidentiality impact with limited integrity risk, though real-world exploitability depends on whether this is actively exploited (KEV status unknown from provided data) and patch availability from Mitel.

Information Disclosure Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-27828 HIGH This Week

CVE-2025-27828 is a reflected cross-site scripting (XSS) vulnerability in the legacy chat component of Mitel MiContact Center Business that allows unauthenticated attackers to execute arbitrary scripts in victim browsers through maliciously crafted URLs. The vulnerability affects multiple versions (10.0.0.4 and earlier, 10.1.0.0-10.1.0.5, and 10.2.0.0-10.2.0.4) and requires user interaction to exploit. While the CVSS score of 7.1 is moderate-to-high, the impact is limited to confidentiality and integrity with no availability impact, and exploitation requires social engineering to trick users into clicking malicious links.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-36537 HIGH PATCH This Week

CVE-2025-36537 is a local privilege escalation vulnerability in TeamViewer Client (Full and Host) and Tensor prior to version 15.67 on Windows that allows an unprivileged local user to delete arbitrary files with SYSTEM privileges by exploiting improper permission assignment in the MSI rollback mechanism. The vulnerability is limited to Remote Management features (Backup, Monitoring, and Patch Management), has a CVSS score of 7.0, and requires local access with medium attack complexity but no user interaction. This vulnerability represents a significant elevation-of-privilege risk for organizations relying on TeamViewer for remote management.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-6533 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Authentication Bypass
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-6429 MEDIUM PATCH This Month

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

Authentication Bypass Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1718 MEDIUM PATCH This Month

CVE-2025-1718 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39204 MEDIUM This Month

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39203 MEDIUM This Month

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Denial Of Service Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6431 MEDIUM PATCH This Month

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Mozilla Google Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-39205 MEDIUM This Month

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48467 MEDIUM This Month

Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.

Denial Of Service Wise 4050lan Firmware Wise 4060lan Firmware Wise 4010lan Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5258 MEDIUM This Month

The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-48468 MEDIUM This Month

A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.

Code Injection Wise 4010lan Firmware Wise 4060lan Firmware Wise 4050lan Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-47943 MEDIUM PATCH This Month

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.

RCE XSS Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-6430 MEDIUM PATCH This Month

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

XSS Mozilla
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-6552 LOW POC Monitor

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Open Redirect
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6569 LOW POC Monitor

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6532 LOW POC Monitor

A security vulnerability in NOYAFA/Xiami LF9 Pro (CVSS 4.3). Risk factors: public PoC available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6581 LOW POC Monitor

A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/details/dob/marriage_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6570 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-39201 MEDIUM This Month

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

Privilege Escalation Microscada X Sys600
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-6535 LOW POC Monitor

A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort/order leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6551 LOW POC Monitor

A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-5087 MEDIUM PATCH This Month

Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-6557 MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Microsoft Google XSS RCE Ubuntu +4
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-6555 MEDIUM PATCH This Month

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Use After Free Memory Corruption Denial Of Service Ubuntu +3
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-43877 MEDIUM This Month

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy