Skip to main content
CVE-2025-46704 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server.

Path Traversal Iview
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-6838 MEDIUM This Month

A remote code execution vulnerability in for WordPress is vulnerable to CSV Injection in all (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

RCE WordPress PHP
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-51591 LOW PATCH Monitor

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.

SSRF
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-53862 LOW Monitor

A security vulnerability in A flaw (CVSS 3.5) that allows a malicious user. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-53861 LOW Monitor

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

XSS
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-7453 LOW PATCH Monitor

A security vulnerability in saltbo zpan (CVSS 3.7). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-5992 LOW PATCH Monitor

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

Denial Of Service Ubuntu Debian
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-7452 LOW Monitor

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/file_controller.go of the component Endpoint. The manipulation of the argument fileName leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7450 LOW Monitor

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-53852 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53851 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53850 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53849 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53848 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy