Skip to main content
CVE-2025-48924 MEDIUM PATCH This Month

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Apache Buffer Overflow Ubuntu Debian Commons Lang +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52985 MEDIUM PATCH This Month

CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52958 MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario. Continued session establishment failures leads to a sustained DoS condition.  This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 22.2R3-S6-EVO, * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52989 MEDIUM PATCH This Month

A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-48496 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-52994 MEDIUM This Month

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

PHP Command Injection
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-53642 MEDIUM PATCH This Month

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.

PHP Information Disclosure Haxcms Php Haxcms Nodejs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-46704 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server.

Path Traversal Iview
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-6838 MEDIUM This Month

A remote code execution vulnerability in for WordPress is vulnerable to CSV Injection in all (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

RCE WordPress PHP
NVD
CVSS 3.1
4.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy