Skip to main content
CVE-2025-59752 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LXA.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59751 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DJO.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59750 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59749 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/TRACK_REQUEST.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59748 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in '/clt/changepassword.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59747 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/resetPassword.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59746 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40646 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

XSS PHP Energy Crm
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-40991 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40990 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40989 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40992 MEDIUM This Month

Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-41010 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.1) that allows browsers. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-57443 MEDIUM This Month

FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.

Privilege Escalation macOS
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-54468 MEDIUM PATCH This Month

A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-11239 MEDIUM PATCH This Month

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

Authentication Bypass Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54089 LOW PATCH Monitor

Cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

XSS
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-54086 LOW PATCH Monitor

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.

Privilege Escalation Java
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-54087 LOW PATCH Monitor

Server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

SSRF
NVD
CVSS 3.1
2.6
EPSS
0.0%
CVE-2025-61588 PATCH This Week

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program. Other affected packages include risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1. This issue has been fixed in the following versions: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3.

RCE Code Injection
NVD GitHub
EPSS
0.1%
CVE-2025-61595 PATCH Monitor

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.

Denial Of Service
NVD GitHub
EPSS
0.1%
CVE-2025-10895 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61855 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61854 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61853 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61852 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61851 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61850 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61849 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy