Exposure of credentials in unintended requests in Devolutions Server.2.20, through 2025.3.8. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Emails sent by pretix can utilize placeholders that will be filled with customer data. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A shell command injection vulnerability exists in the network diagnostics tool of SDMC NE6037 routers running firmware versions prior to 7.1.12.2.44, allowing authenticated attackers with administrative access to execute arbitrary commands on the device. The vulnerability is classified as CWE-78 (OS Command Injection) and carries an EPSS score of 0.77% (73rd percentile), indicating a low empirical probability of exploitation in the wild. While no public proof-of-concept or active exploitation in the wild has been documented, the flaw requires administrative authentication via the LAN-only management interface, significantly limiting real-world attack surface.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.