Skip to main content
CVE-2025-54288 MEDIUM POC PATCH This Month

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

Authentication Bypass Ubuntu Debian Lxd Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-56162 MEDIUM POC This Month

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modify database data, including dumping admin password hashes; (b) write web-shell files or invoke xp_cmdshell, leading to remote code execution on servers configured with sufficient DB privileges.

SQLi RCE Firefly Mall
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56019 MEDIUM POC This Month

An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.

Denial Of Service Easy Touch Plus Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57305 MEDIUM POC This Month

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.

SSRF Vitaracharts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54293 MEDIUM POC PATCH This Month

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

Path Traversal Ubuntu Debian Lxd Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54287 MEDIUM POC PATCH This Month

A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk factors: public PoC available.

Code Injection Ubuntu Debian Lxd Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-61096 MEDIUM POC This Month

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

SQLi PHP Online Shopping Portal Project
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-56381 MEDIUM POC This Month

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

SQLi Erpnext Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-56380 MEDIUM POC This Month

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

SQLi Erpnext Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59406 MEDIUM POC This Month

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Information Disclosure Flock Safety Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-61606 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61087 MEDIUM POC This Month

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.

XSS Pet Grooming Management Software
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-34210 MEDIUM POC This Month

CVE-2025-34210 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available.

Information Disclosure Virtual Appliance Host Virtual Appliance Application
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-56379 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field.

XSS Frappe Erpnext
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-60782 MEDIUM POC This Month

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates.

XSS PHP Php Education Management
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54290 MEDIUM POC PATCH This Month

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.

Information Disclosure Ubuntu Debian Lxd Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54291 MEDIUM POC PATCH This Month

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

Information Disclosure Debian Lxd Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60661 MEDIUM POC This Month

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.

Buffer Overflow Memory Corruption Ac18 Firmware Tenda
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54292 MEDIUM POC PATCH This Month

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Path Traversal Ubuntu Lxd Suse
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-53881 MEDIUM PATCH This Month

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Privilege Escalation Ubuntu Debian Suse
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-22862 MEDIUM This Month

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.

Authentication Bypass Fortinet
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-11182 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0642 MEDIUM This Month

Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54088 MEDIUM PATCH This Month

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate in the attack. Impact to confidentiality is low and there is no impact to integrity or availability. There are high severity impacts to confidentiality, integrity, availability in subsequent systems.

Open Redirect Secure Access
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56154 MEDIUM This Month

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59774 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_VON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59773 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_TP.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59772 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_SIL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59771 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MRK.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59770 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59769 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MOL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59768 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MNG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59767 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LVE.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59766 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59765 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59764 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59763 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59762 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59761 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59760 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DHL.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59759 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DELCROIX.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59758 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CYLOG.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CATOLD.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59756 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in 'SuppConn in /clt/LOGINFRM_CON.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59755 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CAT.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59754 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_original.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59753 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_BET.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59752 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LXA.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59751 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DJO.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59750 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy