Skip to main content
CVE-2025-52983 HIGH PATCH This Week

CVE-2025-52983 is a critical authentication bypass vulnerability in Juniper Networks Junos OS on VM Host Routing Engines where public keys configured for root access are not properly validated, allowing users possessing the corresponding private key to gain unauthorized root-level access even after the public key has been administratively removed from the system. This network-accessible vulnerability affects multiple Junos OS release branches and requires high privileges to configure but enables complete system compromise once exploited. While the CVSS score of 7.2 reflects significant impact, the practical risk depends on KEV designation and active exploitation status.

Juniper Authentication Bypass Privilege Escalation Junos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-50123 HIGH This Week

CVE-2025-50123 is a code injection vulnerability (CWE-94) in an unspecified server product that allows remote command execution when accessed via console by a privileged account through malicious hostname input. The vulnerability has a CVSS 4.0 score of 7.2 and requires physical access and high privileges, significantly limiting real-world exploitability despite the high impact potential. KEV status and EPSS scoring data are unavailable in provided intelligence, but the physical attack vector and high privilege requirement suggest this poses limited risk in typical network environments.

RCE Code Injection Privilege Escalation Command Injection
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-50124 HIGH This Week

CVE-2025-50124 is a privilege escalation vulnerability (CWE-269: Improper Privilege Management) affecting server systems with a CVSS score of 7.2. The vulnerability exists in a setup script that can be exploited when accessed by a privileged account via console, allowing attackers to escalate privileges and gain high-impact control over confidentiality, integrity, and availability. This is a physical/local attack vector requiring high privileges and significant effort, limiting widespread exploitation but representing critical risk in restricted access environments.

Privilege Escalation
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-30024 MEDIUM PATCH This Month

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

Information Disclosure Device Manager
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-5028 MEDIUM This Month

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-52988 MEDIUM PATCH This Month

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Juniper Command Injection Junos Junos Os Evolved
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-53509 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.

Information Disclosure Iview
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52949 MEDIUM PATCH This Month

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS:  * all versions before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2;  Junos OS Evolved:  * all versions before 22.2R3-S7-EVO,  * from 22.4-EVO before 22.4R3-S7-EVO,  * from 23.2-EVO before 23.2R2-S4-EVO,  * from 23.4-EVO before 23.4R2-S5-EVO,  * from 24.2-EVO before 24.2R2-S1-EVO,  * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52953 MEDIUM PATCH This Month

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-4593 MEDIUM This Month

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52955 MEDIUM PATCH This Month

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash.  When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart.  Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved:  * All versions of 21.2-EVO,  * All versions of 21.4-EVO,  * All versions of 22.2-EVO,  * from 22.4 before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S4-EVO,  * from 24.2 before 24.2R2-EVO.

Denial Of Service Juniper Buffer Overflow Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52459 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6549 MEDIUM PATCH This Month

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-3631 MEDIUM This Month

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Information Disclosure Use After Free Memory Corruption IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52952 MEDIUM PATCH This Month

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Denial Of Service Buffer Overflow Memory Corruption Juniper Junos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52947 MEDIUM PATCH This Month

An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS). On ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices, FEB0 will crash when the primary path port of the L2 circuit IGP (Interior Gateway Protocol) on the local device goes down. This issue is seen only when 'hot-standby' mode is configured for the L2 circuit. This issue affects Junos OS on ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096:  * all versions before 21.2R3-S9.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52964 MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6716 MEDIUM This Month

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery - Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][title]' parameter in all versions up to, and including, 26.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5530 MEDIUM PATCH This Month

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Wpc Smart Compare For Woocommerce PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6068 MEDIUM This Month

The FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Foogallery PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-50125 MEDIUM This Month

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.

RCE SSRF
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-47963 MEDIUM PATCH This Month

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-38329 MEDIUM PATCH This Month

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without sanitization.

PHP XSS Debian Egroupware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7435 LOW POC Monitor

A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /site_admin/lhcphpresque/list/ of the component List Handler. The manipulation of the argument queue name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2. It is recommended to apply a patch to fix this issue.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6438 MEDIUM This Month

CVE-2025-6438 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

XXE
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-52984 MEDIUM PATCH This Month

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.

Juniper Null Pointer Dereference Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-52982 MEDIUM PATCH This Month

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions from 21.4R1, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6. As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected. This issue does not affect MX-SPC3 or SRX Series devices.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-52948 MEDIUM PATCH This Month

An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart. BPF provides a raw interface to data link layers in a protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race condition), when a BPF instance is cloned, the newly created interface causes an internal structure leakage, leading to a system crash. The precise content and timing of the traffic patterns is indeterminate, but has been seen in a lab environment multiple times. This issue is more likely to occur when packet capturing is enabled.  See required configuration below. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S1, 24.2R2.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-53471 MEDIUM This Month

CVE-2025-53471 is a security vulnerability (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-52951 MEDIUM PATCH This Month

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as an 'accept' for all traffic on the interface destined for the control plane, even when used in combination with other match criteria. This issue only affects firewall filters protecting the device's control plane. Transit firewall filtering is unaffected by this vulnerability. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S2, 24.4R2. This is a more complete fix for previously published CVE-2024-21607 (JSA75748).

Juniper Authentication Bypass Junos
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-53864 MEDIUM PATCH This Month

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.

Denial Of Service Ubuntu Red Hat
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-47182 MEDIUM PATCH This Month

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-52986 MEDIUM PATCH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-52963 MEDIUM PATCH This Month

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS:  * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5,   * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2.

Juniper Authentication Bypass Junos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-53636 MEDIUM PATCH This Month

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

Denial Of Service
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-47964 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53519 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53397 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-41442 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5241 MEDIUM This Month

CVE-2025-5241 is a security vulnerability (CVSS 5.3) that allows a remote unauthenticated attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6788 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-6745 MEDIUM This Month

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38327 MEDIUM PATCH This Month

CVE-2023-38327 is a security vulnerability (CVSS 5.3) that allows unauthenticated remote attackers. Remediation should follow standard vulnerability management procedures.

PHP Information Disclosure Debian Egroupware
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48924 MEDIUM PATCH This Month

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Apache Buffer Overflow Ubuntu Debian Commons Lang +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52985 MEDIUM PATCH This Month

CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52958 MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario. Continued session establishment failures leads to a sustained DoS condition.  This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 22.2R3-S6-EVO, * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52989 MEDIUM PATCH This Month

A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-48496 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-52994 MEDIUM This Month

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

PHP Command Injection
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-53642 MEDIUM PATCH This Month

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.

PHP Information Disclosure Haxcms Php Haxcms Nodejs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy