Skip to main content
CVE-2025-11736 MEDIUM POC This Month

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11718 MEDIUM PATCH This Month

Firefox on Android allows remote attackers to display a fake address bar by exploiting the visibilitychange event when the legitimate address bar is hidden due to scrolling, enabling phishing attacks and user deception. The vulnerability affects Firefox versions prior to 144 and requires user interaction (clicking on the fake address bar). Mozilla released patched version Firefox 144 to address this issue, and there is no evidence of active exploitation at the time of analysis.

Mozilla Google Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11716 MEDIUM PATCH This Month

Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.

Mozilla Google Authentication Bypass Thunderbird Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11711 MEDIUM PATCH This Month

Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-31366 MEDIUM This Month

Reflected cross-site scripting (XSS) in FortiOS, FortiProxy, and FortiSASE allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser by tricking them into clicking a crafted HTTP request link. The vulnerability spans a wide range of FortiOS versions from 6.4 through 7.6.3 and all FortiProxy 7.x branches, meaning a large installed base of Fortinet network security appliances is affected. A Siemens CERT advisory (SSA-864900) indicates this vulnerability also affects Siemens products that embed Fortinet components, broadening organizational impact. No public exploit or CISA KEV listing has been identified at time of analysis.

Fortinet XSS Fortios Fortiproxy Fortisase
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-47890 MEDIUM This Month

Open redirect vulnerability in Fortinet FortiOS, FortiProxy, and FortiSASE enables unauthenticated attackers on an adjacent network segment to redirect authenticated users to attacker-controlled sites via crafted HTTP requests. The attack surface is substantially constrained by the adjacent-network-only vector (AV:A), high attack complexity (AC:H), and mandatory user interaction (UI:R), yielding a CVSS 2.6 Low severity score. No public exploit identified at time of analysis, and EPSS at 0.01% (1st percentile) confirms negligible observed exploitation pressure. A Siemens PSIRT advisory (SSA-864900) indicates this vulnerability also affects Siemens products embedding Fortinet components.

Fortinet Open Redirect Fortios Fortiproxy Fortisase
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-11712 MEDIUM PATCH This Month

Firefox and Thunderbird allow cross-site scripting (XSS) attacks when a malicious page uses the type attribute of an OBJECT tag to override default browser behavior for resources served without a content-type header. An attacker can craft a malicious webpage that exploits this flaw to execute arbitrary JavaScript in the context of a vulnerable site that unsafely omits content-type headers, affecting Firefox versions before 144, Firefox ESR before 140.4, Thunderbird before 144, and Thunderbird ESR before 140.4. No public exploit code or active exploitation has been identified at time of analysis.

Mozilla XSS Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54265 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.

Authentication Bypass Adobe
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-33044 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.

Buffer Overflow Aptio V
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-22832 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.

Buffer Overflow Memory Corruption Aptio V
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-22831 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.

Buffer Overflow Memory Corruption Aptio V
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-54196 MEDIUM This Month

Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.

Open Redirect Adobe Connect
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59214 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy