Skip to main content
CVE-2025-10653 HIGH This Week

CVE-2025-10653 is a security vulnerability (CVSS 8.6) that allows access. High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-59835 HIGH PATCH This Week

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.

Information Disclosure
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-54292 MEDIUM POC PATCH This Month

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Path Traversal Ubuntu Lxd Suse
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-58267 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2023-28760 HIGH This Week

TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network).

Buffer Overflow TP-Link RCE Stack Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2025-61692 HIGH This Week

VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

Denial Of Service RCE Memory Corruption Use After Free Vt Studio
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61691 HIGH This Week

VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

Buffer Overflow Information Disclosure RCE Vt Studio
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61690 HIGH This Week

CVE-2025-61690 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58777 HIGH This Week

VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

RCE Memory Corruption Vt Studio
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58776 HIGH This Week

KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58775 HIGH This Week

KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-58260 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-61600 HIGH PATCH This Week

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and causing a denial of service. The CommandParser implementation enforces size limits on its dynamic buffer in most parsing states, but several state handlers omit these validation checks. This issue is fixed in version 0.13.4. A workaround for this issue is to implement rate limiting and connection monitoring at the network level, however this does not provide complete protection.

Denial Of Service Debian
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61733 HIGH PATCH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Authentication Bypass Apache Kylin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61734 HIGH PATCH This Week

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Information Disclosure Path Traversal Apache Kylin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59744 HIGH This Week

Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.

Path Traversal E Tms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59745 HIGH This Week

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.

Information Disclosure E Tms
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-61735 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

SSRF Apache Kylin
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-11240 HIGH PATCH This Week

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

Open Redirect Business Hub
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-32942 HIGH PATCH This Week

A security vulnerability in SSH Tectia Server before 6.6.6 sometimes (CVSS 7.2) that allows attackers. High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-49090 HIGH POC PATCH This Week

CVE-2025-49090 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54315 HIGH POC PATCH This Week

CVE-2025-54315 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53881 MEDIUM PATCH This Month

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Privilege Escalation Ubuntu Debian Suse
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-22862 MEDIUM This Month

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.

Authentication Bypass Fortinet
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-11182 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0642 MEDIUM This Month

Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54088 MEDIUM PATCH This Month

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate in the attack. Impact to confidentiality is low and there is no impact to integrity or availability. There are high severity impacts to confidentiality, integrity, availability in subsequent systems.

Open Redirect Secure Access
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56154 MEDIUM This Month

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59774 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_VON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59773 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_TP.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59772 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_SIL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59771 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MRK.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59770 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59769 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MOL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59768 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MNG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59767 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LVE.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59766 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59765 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59764 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59763 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59762 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59761 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59760 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DHL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59759 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DELCROIX.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59758 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CYLOG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CATOLD.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59756 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in 'SuppConn in /clt/LOGINFRM_CON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59755 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CAT.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59754 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_original.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59753 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_BET.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy