[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
[@CVEnew](/creator/twitter/CVEnew)
"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"
[X Link](https://x.com/CVEnew/status/1978562084729233876) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62669 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.T"
[X Link](https://x.com/CVEnew/status/1979409793291894950) [@CVEnew](/creator/x/CVEnew) 2025-10-18T04:50Z 55.7K followers, XXX engagements
"CVE-2025-11942 A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authenticatio"
[X Link](https://x.com/CVEnew/status/1979944891334447555) [@CVEnew](/creator/x/CVEnew) 2025-10-19T16:17Z 55.7K followers, XXX engagements
"CVE-2025-9274 Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbit"
[X Link](https://x.com/CVEnew/status/1962976549147124057) [@CVEnew](/creator/x/CVEnew) 2025-09-02T20:30Z 55.7K followers, XXX engagements
"CVE-2025-39897 In the Linux kernel the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error chec"
[X Link](https://x.com/CVEnew/status/1973302180074471690) [@CVEnew](/creator/x/CVEnew) 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-56382 A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbit"
[X Link](https://x.com/CVEnew/status/1975255440075190543) [@CVEnew](/creator/x/CVEnew) 2025-10-06T17:42Z 55.7K followers, XXX engagements
"CVE-2025-60312 Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field allowing a remote attacker to inject arbit"
[X Link](https://x.com/CVEnew/status/1975615164264169931) [@CVEnew](/creator/x/CVEnew) 2025-10-07T17:32Z 55.7K followers, XXX engagements
"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"
[X Link](https://x.com/CVEnew/status/1978085840044577251) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"
[X Link](https://x.com/CVEnew/status/1978102613196345737) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:16Z 55.7K followers, XXX engagements
"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"
[X Link](https://x.com/CVEnew/status/1978123679381835852) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"
[X Link](https://x.com/CVEnew/status/1978123683458658688) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"
[X Link](https://x.com/CVEnew/status/1978123685056729150) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"
[X Link](https://x.com/CVEnew/status/1978123690895122586) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications"
[X Link](https://x.com/CVEnew/status/1978926540558573952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11853 A vulnerability was determined in Sismics Teedy up to XXXX. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulati"
[X Link](https://x.com/CVEnew/status/1978926541825270116) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11852 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service"
[X Link](https://x.com/CVEnew/status/1978926543003922843) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11493 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server such as updates dependencies and integrations. This creat"
[X Link](https://x.com/CVEnew/status/1978926544111243356) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11492 In the ConnectWise Automate Agent communications could be configured to use HTTP instead of HTTPS. In such cases an on-path threat actor with a man-in-the-middle ne"
[X Link](https://x.com/CVEnew/status/1978926545268776961) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62428 Drawing-Captcha APP provides interactive engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm"
[X Link](https://x.com/CVEnew/status/1978926546363597018) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34253 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when"
[X Link](https://x.com/CVEnew/status/1978926547433107621) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34255 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Forgot Password' endpoint returns dis"
[X Link](https://x.com/CVEnew/status/1978926548586496385) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34254 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Login' endpoint returns distinct JSON"
[X Link](https://x.com/CVEnew/status/1978926549740007797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62427 The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution me"
[X Link](https://x.com/CVEnew/status/1978926550729801771) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62425 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers written and maintained by Element. A logic flaw in matrix-"
[X Link](https://x.com/CVEnew/status/1978926551732203868) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62423 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier a Blind SQL injection vulnerability exists in the Admin Areas /admin_"
[X Link](https://x.com/CVEnew/status/1978926552722100546) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
[X Link](https://x.com/CVEnew/status/1978926553745498523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
[X Link](https://x.com/CVEnew/status/1978926554802495772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62414 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the Create New Customer feature (in the admin panel) is vulnerable to Cross-Site Scripting"
[X Link](https://x.com/CVEnew/status/1978926555783959017) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being proces"
[X Link](https://x.com/CVEnew/status/1978926556840878099) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62417 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example = + - or @) is accepted and l"
[X Link](https://x.com/CVEnew/status/1978926557885321681) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62413 MQTTX is an MQTT XXX desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT"
[X Link](https://x.com/CVEnew/status/1978926558929687002) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34517 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an absolute path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitr"
[X Link](https://x.com/CVEnew/status/1978926560095752293) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34514 Ilevia EVE X1 Server firmware versions 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exe"
[X Link](https://x.com/CVEnew/status/1978926561177850368) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34519 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function w"
[X Link](https://x.com/CVEnew/status/1978926562201235484) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34512 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attack"
[X Link](https://x.com/CVEnew/status/1978926563199496459) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34518 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a relative path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitra"
[X Link](https://x.com/CVEnew/status/1978926564239634611) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34515 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.shthat allows an attacker to es"
[X Link](https://x.com/CVEnew/status/1978926565246259542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62412 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized and can be used"
[X Link](https://x.com/CVEnew/status/1978926566324220207) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34513 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.phpthat allows an unauthenticated attacke"
[X Link](https://x.com/CVEnew/status/1978926567339233587) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34516 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a use of default credentials vulnerabilitythat allows an unauthenticated attacker to obtain remote acc"
[X Link](https://x.com/CVEnew/status/1978926568333283592) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62411 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Tran"
[X Link](https://x.com/CVEnew/status/1978926569335706057) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62409 Envoy is a cloud-native open source edge and service proxy. Prior to 1.36.1 1.35.5 1.34.9 and 1.33.10 large requests and responses can potentially trigger TCP co"
[X Link](https://x.com/CVEnew/status/1978926570333945971) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62407 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0 an open redirect was possible through the redirect argument on the login page if a s"
[X Link](https://x.com/CVEnew/status/1978926571315405154) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the Target PayPal merchant account hij"
[X Link](https://x.com/CVEnew/status/1978926572305260888) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the backoffice is missing validation o"
[X Link](https://x.com/CVEnew/status/1978926573358100620) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 missing validation on the Express Chec"
[X Link](https://x.com/CVEnew/status/1978926574339530840) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61909 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 the safe-reload script (also used during systemctl reload icinga2) an"
[X Link](https://x.com/CVEnew/status/1978926575342047686) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62586 OPEXUS FOIAXpress allows a remote unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0"
[X Link](https://x.com/CVEnew/status/1978926576340242661) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61908 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 when creating an invalid reference such as a reference to null dere"
[X Link](https://x.com/CVEnew/status/1978926577372078553) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61907 Icinga X is an open source monitoring system. In Icinga X versions XXX through 2.15.0 filter expressions provided to the various /v1/objects endpoints could access v"
[X Link](https://x.com/CVEnew/status/1978926578412195863) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61789 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3 an authorized user with access to Icinga DB Web can use a custom variable"
[X Link](https://x.com/CVEnew/status/1978926579427221772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-36128 IBM MQ XXX XXX XXX XXX LTS and XXX XXX CD is vulnerable to a denial of service caused by improper enforcement of the timeout on individual read operations. By co"
[X Link](https://x.com/CVEnew/status/1978926580433850378) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58051 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6 0.8.8 and 0.9.5 when importing a table a user was able to specify files"
[X Link](https://x.com/CVEnew/status/1978926581448847582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53092 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. B"
[X Link](https://x.com/CVEnew/status/1978926582438695069) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hash"
[X Link](https://x.com/CVEnew/status/1978926583411851569) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2024-56143 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2 the lookup operator provided by the document service does not pro"
[X Link](https://x.com/CVEnew/status/1978926584380694654) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11851 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument"
[X Link](https://x.com/CVEnew/status/1978926585374728495) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62496 A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessivel"
[X Link](https://x.com/CVEnew/status/1978926586456904040) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62495 An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. *"
[X Link](https://x.com/CVEnew/status/1978926587446763849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62494 A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand ope"
[X Link](https://x.com/CVEnew/status/1978926588411380091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62493 A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits"
[X Link](https://x.com/CVEnew/status/1978926589355114750) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62492 A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negati"
[X Link](https://x.com/CVEnew/status/1978926590336585849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62491 A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts-rejected_"
[X Link](https://x.com/CVEnew/status/1978926591523635471) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62490 In quickjs in js_print_object when printing an array the function first fetches the array length and then loops over it.The issue is printing a value is not side"
[X Link](https://x.com/CVEnew/status/1978926592517685500) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11842 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulat"
[X Link](https://x.com/CVEnew/status/1978926593583071507) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11840 A weakness has been identified in GNU Binutils XXXX. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bound"
[X Link](https://x.com/CVEnew/status/1978926594736447934) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dat"
[X Link](https://x.com/CVEnew/status/1978926595654967412) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55035 Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from acces"
[X Link](https://x.com/CVEnew/status/1978926596665810945) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-36002 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5 and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5 and 6.2.1.0 stores user credentials in configu"
[X Link](https://x.com/CVEnew/status/1978926597806629065) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41254 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions"
[X Link](https://x.com/CVEnew/status/1978926598775570866) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An"
[X Link](https://x.com/CVEnew/status/1978926599794770226) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11839 A security flaw has been discovered in GNU Binutils XXXX. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked retur"
[X Link](https://x.com/CVEnew/status/1978926600776192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9152 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Cl"
[X Link](https://x.com/CVEnew/status/1978926606052667453) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9804 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System"
[X Link](https://x.com/CVEnew/status/1978926606971203627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9955 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services relate"
[X Link](https://x.com/CVEnew/status/1978926607952699739) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10611 Due to an insufficient access control implementation in multiple WSO2 Products authentication and authorization checks for certain REST APIs can be bypassed allowin"
[X Link](https://x.com/CVEnew/status/1978926608938381383) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-3930 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation the JWT is not invalidated which allows an attacker who has stolen or inter"
[X Link](https://x.com/CVEnew/status/1978926609940799941) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58426 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key which allows an attacker to create malicious AppSuite applications"
[X Link](https://x.com/CVEnew/status/1978926610918076755) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58079 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications"
[X Link](https://x.com/CVEnew/status/1978926611845013797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55072 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926612809703502) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54859 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926613786968357) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54760 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926614768476572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-52583 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926615699554498) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-24833 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926616618090988) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-6338 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt"
[X Link](https://x.com/CVEnew/status/1978926617603850695) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58115 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited an arbitrary script may be executed on the web browser of the user who is"
[X Link](https://x.com/CVEnew/status/1978926618555900251) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54461 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited an uninvited guest user may register itself"
[X Link](https://x.com/CVEnew/status/1978926619533148271) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53858 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited an arbitrary script may be executed on the web browser of the user who is accessin"
[X Link](https://x.com/CVEnew/status/1978926620464369839) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58073 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
[X Link](https://x.com/CVEnew/status/1978926621441642682) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61581 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all ver"
[X Link](https://x.com/CVEnew/status/1978926622406213967) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41410 Mattermost versions 10.10.x = 10.10.2 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to c"
[X Link](https://x.com/CVEnew/status/1978926623341588746) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0277 HCL BigFix Mobile XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing"
[X Link](https://x.com/CVEnew/status/1978926624318910882) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to an"
[X Link](https://x.com/CVEnew/status/1978926625258353003) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0276 HCL BigFix Modern Client Management (MCM) XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could tri"
[X Link](https://x.com/CVEnew/status/1978926626206335454) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10545 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add"
[X Link](https://x.com/CVEnew/status/1978926627137507674) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58075 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
[X Link](https://x.com/CVEnew/status/1978926628081107079) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54499 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timi"
[X Link](https://x.com/CVEnew/status/1978926628974510477) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41443 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users"
[X Link](https://x.com/CVEnew/status/1978926629960192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41021 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0 consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request usi"
[X Link](https://x.com/CVEnew/status/1978926630878790136) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers thr"
[X Link](https://x.com/CVEnew/status/1978926631818231871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41019 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve create update and delete databases through the 'id' parameter in '/ind"
[X Link](https://x.com/CVEnew/status/1978926633126912410) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55091 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ip_packet_receive() funct"
[X Link](https://x.com/CVEnew/status/1978926634087375273) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41018 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve create update and delete databases through the 'cat' parameter in '/publ"
[X Link](https://x.com/CVEnew/status/1978926635018543157) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62585 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926635987431871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62584 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926636922782184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62583 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926638030037472) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10849 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function"
[X Link](https://x.com/CVEnew/status/1978926638969594302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to and including 1.1.4. This is due to the hardcoded password in th"
[X Link](https://x.com/CVEnew/status/1978926639942648200) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10742 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to and including 1.8.6. This is due to the plugin providing"
[X Link](https://x.com/CVEnew/status/1978926640894808281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10706 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' functi"
[X Link](https://x.com/CVEnew/status/1978932548286976151) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55090 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ipv4_packet_receive() fun"
[X Link](https://x.com/CVEnew/status/1978932549377495208) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55089 In FileX before 6.4.2 the file support module for Eclipse Foundation ThreadX there was a possible buffer overflow in the FileX RAM disk driver. It could cause a rem"
[X Link](https://x.com/CVEnew/status/1978932550379933952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55084 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions"
[X Link](https://x.com/CVEnew/status/1978932551688544582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58778 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual and enabled in the initial configurat"
[X Link](https://x.com/CVEnew/status/1978932552686801152) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-0275 HCL BigFix Mobile XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions potentially allowing access"
[X Link](https://x.com/CVEnew/status/1978932553861218528) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-0274 HCL BigFix Modern Client Management (MCM) XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions pot"
[X Link](https://x.com/CVEnew/status/1978932554855219232) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11814 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input"
[X Link](https://x.com/CVEnew/status/1978932555866083768) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10700 The Ally Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.8.0. This is due to"
[X Link](https://x.com/CVEnew/status/1978932556994351254) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62580 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
[X Link](https://x.com/CVEnew/status/1978932558252642760) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62579 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
[X Link](https://x.com/CVEnew/status/1978932559137640744) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11683 YAML::Syck versions before XXXX for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators i"
[X Link](https://x.com/CVEnew/status/1978932560177828097) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-22381 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality allowing an attacker to reset a user's password"
[X Link](https://x.com/CVEnew/status/1978932561356427505) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-56699 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version XXX allows an unauthenticated user to execute arbitrary"
[X Link](https://x.com/CVEnew/status/1978932562409197853) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-56700 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version XXX allows a low level priviliged user that has access"
[X Link](https://x.com/CVEnew/status/1978932563424260420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60358 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations"
[X Link](https://x.com/CVEnew/status/1978932564409880835) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60639 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26)"
[X Link](https://x.com/CVEnew/status/1978932565429080111) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60641 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST'mexcel')) where $_POST'mexcel' is user-controll"
[X Link](https://x.com/CVEnew/status/1978932566481867145) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60855 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images r"
[X Link](https://x.com/CVEnew/status/1978932567446557130) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61330 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems fro"
[X Link](https://x.com/CVEnew/status/1978932568704823447) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61514 An arbitrary file upload vulnerability in SageMath Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file"
[X Link](https://x.com/CVEnew/status/1978932569862476001) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61536 FelixRiddle dev-jobs-handlebars XXX uses absolute password-reset (magic) links using the untrusted header and forces the http:// scheme. An attac"
[X Link](https://x.com/CVEnew/status/1978932571070513218) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61539 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php"
[X Link](https://x.com/CVEnew/status/1978932572215480562) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61540 SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php"
[X Link](https://x.com/CVEnew/status/1978932573226307722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61541 Webmin XXXXX is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTT"
[X Link](https://x.com/CVEnew/status/1978932574350393431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61543 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $_SERVER'HTTP_HOST' directly to construct"
[X Link](https://x.com/CVEnew/status/1978932575554146697) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61553 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a"
[X Link](https://x.com/CVEnew/status/1978932576548221184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61554 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial"
[X Link](https://x.com/CVEnew/status/1978932577668076013) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37141 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
[X Link](https://x.com/CVEnew/status/1978932578834096610) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37140 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
[X Link](https://x.com/CVEnew/status/1978932579773616473) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render"
[X Link](https://x.com/CVEnew/status/1978932580889301432) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37138 An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. E"
[X Link](https://x.com/CVEnew/status/1978932582273421629) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37137 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932583292637450) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37136 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932584458653732) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37135 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932585410805982) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37134 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
[X Link](https://x.com/CVEnew/status/1978932586492875073) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-8430 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuratio"
[X Link](https://x.com/CVEnew/status/1978932587721822431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37133 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
[X Link](https://x.com/CVEnew/status/1978932588799758438) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37132 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Su"
[X Link](https://x.com/CVEnew/status/1978932589777031523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11548 A remote unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated R"
[X Link](https://x.com/CVEnew/status/1978932590892716206) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS XX could allow an unauthenticated remote attacker to conduct a denial of service attack. Su"
[X Link](https://x.com/CVEnew/status/1978932591991624075) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only"
[X Link](https://x.com/CVEnew/status/1978932593103094020) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote co"
[X Link](https://x.com/CVEnew/status/1978932594235576379) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to th"
[X Link](https://x.com/CVEnew/status/1978932595162595572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37149 A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware"
[X Link](https://x.com/CVEnew/status/1978932596110397665) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11577 Clevos UEFI firmware update packages including B10717.exe inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. T"
[X Link](https://x.com/CVEnew/status/1978932596978716917) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-31366 An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 in FortiOS 7.6.0 through 7.6.3 7.4.0 through 7.4.7 XXX all versions XXX all v"
[X Link](https://x.com/CVEnew/status/1978932601235857584) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-25253 An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below version 7.4.8 and below XXX all versions 7.0"
[X Link](https://x.com/CVEnew/status/1978932603328827420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57740 An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below version 7.4.7 and below version 7.2.10 and below XXX all versions XXX all"
[X Link](https://x.com/CVEnew/status/1978932604402569281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-47890 An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2 7.4.0 through 7.4.8 XXX all versions XXX all versions XXX all versio"
[X Link](https://x.com/CVEnew/status/1978932605530837305) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57741 An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may all"
[X Link](https://x.com/CVEnew/status/1978932606671687885) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2.5 through 7.2.10 7.0.0 through 7.0.15 XXX all v"
[X Link](https://x.com/CVEnew/status/1978932609028886955) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58324 An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSIEM 7.2.0 through 7.2.2 XXX all versions XXX all versions XXX all ve"
[X Link](https://x.com/CVEnew/status/1978932610031325630) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2024-48891 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1 7.5.0 through 7"
[X Link](https://x.com/CVEnew/status/1978932612183056467) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1 the energy dashboard is vuln"
[X Link](https://x.com/CVEnew/status/1978932613105750140) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users"
[X Link](https://x.com/CVEnew/status/1978932614057857343) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57563 A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files"
[X Link](https://x.com/CVEnew/status/1978932615093850355) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57618 A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability it is"
[X Link](https://x.com/CVEnew/status/1978932616037638542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET"
[X Link](https://x.com/CVEnew/status/1978932616985481551) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration"
[X Link](https://x.com/CVEnew/status/1978932618126332192) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplyi"
[X Link](https://x.com/CVEnew/status/1978932619074273722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of"
[X Link](https://x.com/CVEnew/status/1978932620181537160) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF)"
[X Link](https://x.com/CVEnew/status/1978932621133648302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62504 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2 1.35.6 1.34.10 and 1.33.12 contain a use-after-free vulnerability in the Lua fil"
[X Link](https://x.com/CVEnew/status/1978938148857221173) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-62506 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z a privilege escalation vulnerability allows service accounts"
[X Link](https://x.com/CVEnew/status/1978938150061064545) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-11864 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component"
[X Link](https://x.com/CVEnew/status/1978938151059230861) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-11900 The iSherlock developed by HGiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them"
[X Link](https://x.com/CVEnew/status/1979045627360370824) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11899 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability allowing unauthenticated remote attackers to exploit the fixed key to genera"
[X Link](https://x.com/CVEnew/status/1979045628366983601) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11898 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability allowing unauthenticated remote attackers to exploit Relative Path Traversal to download"
[X Link](https://x.com/CVEnew/status/1979045629214277753) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign"
[X Link](https://x.com/CVEnew/status/1979045630061482207) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6949 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API a"
[X Link](https://x.com/CVEnew/status/1979045630887837755) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6894 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of t"
[X Link](https://x.com/CVEnew/status/1979045631739203934) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6893 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been i"
[X Link](https://x.com/CVEnew/status/1979045632603205942) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6892 An Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauth"
[X Link](https://x.com/CVEnew/status/1979045633437897141) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-55097 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_"
[X Link](https://x.com/CVEnew/status/1979063785785852044) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55096 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get"
[X Link](https://x.com/CVEnew/status/1979063786641506327) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55094 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_icmpv6_validate_options("
[X Link](https://x.com/CVEnew/status/1979063787593637904) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55087 In NextX Duo's snmp addon versions before 6.4.4 a part of the Eclipse Foundation ThreadX an attacker could cause an out-of-bound read by a crafted SNMPv3 security p"
[X Link](https://x.com/CVEnew/status/1979087859127849402) [@CVEnew](/creator/x/CVEnew) 2025-10-17T07:31Z 55.7K followers, XXX engagements
"CVE-2023-28815 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation resulting in a command injection vulnerability. Attackers may exploit t"
[X Link](https://x.com/CVEnew/status/1979147277211181491) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2023-28814 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded attac"
[X Link](https://x.com/CVEnew/status/1979147278167478627) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-48087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stor"
[X Link](https://x.com/CVEnew/status/1979198254953959750) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11903 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of th"
[X Link](https://x.com/CVEnew/status/1979198255948009709) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11902 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Perform"
[X Link](https://x.com/CVEnew/status/1979198256967291176) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-48044 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex an"
[X Link](https://x.com/CVEnew/status/1979198257915183159) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-60359 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new"
[X Link](https://x.com/CVEnew/status/1979198258867245122) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-60360 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init"
[X Link](https://x.com/CVEnew/status/1979198259769020584) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11904 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument I"
[X Link](https://x.com/CVEnew/status/1979204791030149289) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-62515 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior the FlightServer class directly uses pickle.loads() to deserialize ac"
[X Link](https://x.com/CVEnew/status/1979289008208220293) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11914 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.doActi"
[X Link](https://x.com/CVEnew/status/1979289009365942428) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62508 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the st"
[X Link](https://x.com/CVEnew/status/1979289010670350624) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11913 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do"
[X Link](https://x.com/CVEnew/status/1979289012071243981) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11912 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.doAction=Query. This manipulatio"
[X Link](https://x.com/CVEnew/status/1979289013153407183) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11925 Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.Thi"
[X Link](https://x.com/CVEnew/status/1979289014109663233) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62511 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version XXX contains a Time-of-Check to Time-of-Use (TOCTO"
[X Link](https://x.com/CVEnew/status/1979289015078490164) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11911 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.doAction=Query. The mani"
[X Link](https://x.com/CVEnew/status/1979289016240370039) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11910 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.doAction=Q"
[X Link](https://x.com/CVEnew/status/1979289017234420220) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34282 ThingsBoard versions 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a mali"
[X Link](https://x.com/CVEnew/status/1979289018299756989) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34281 ThingsBoard versions 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG"
[X Link](https://x.com/CVEnew/status/1979289019482521834) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11909 A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.doActi"
[X Link](https://x.com/CVEnew/status/1979289020627587505) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11908 A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.doAct"
[X Link](https://x.com/CVEnew/status/1979289021755871541) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62505 LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.searc"
[X Link](https://x.com/CVEnew/status/1979289022645067978) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62430 ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo me"
[X Link](https://x.com/CVEnew/status/1979289023630766252) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62424 ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier the /admin_area/template_editor.php endpoint is vulnerable to path t"
[X Link](https://x.com/CVEnew/status/1979289024931008747) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62419 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC URL injection vulnerability exists in the DB2 and MongoDB data s"
[X Link](https://x.com/CVEnew/status/1979289026239594690) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62420 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC driver bypass vulnerability exists in the H2 database connection"
[X Link](https://x.com/CVEnew/status/1979289027388813489) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62421 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a stored cross-site scripting vulnerability exists due to improper file"
[X Link](https://x.com/CVEnew/status/1979289028458426546) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62422 DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier the /de2api/datasetData/tableField interface is vulnerable to S"
[X Link](https://x.com/CVEnew/status/1979289029561438509) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62171 ImageMagick is an open source software suite for displaying converting and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32 an in"
[X Link](https://x.com/CVEnew/status/1979289030672998674) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59043 OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1 JSON objects after decoding may use significantly more memory"
[X Link](https://x.com/CVEnew/status/1979289032648478809) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58747 Dify is an LLM application development platform. In Dify versions through 1.9.1 the MCP OAuth component is vulnerable to cross-site scripting when a victim connects"
[X Link](https://x.com/CVEnew/status/1979289034569458128) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62356 A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an"
[X Link](https://x.com/CVEnew/status/1979289035748045169) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11905 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file appmodulescmscontrollergather.js. Th"
[X Link](https://x.com/CVEnew/status/1979289036687618333) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0 when populating a Git repository's working tree with the contents of G"
[X Link](https://x.com/CVEnew/status/1979289037811720236) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60279 A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal servic"
[X Link](https://x.com/CVEnew/status/1979289039736820130) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56218 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file"
[X Link](https://x.com/CVEnew/status/1979289041741791725) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56221 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack"
[X Link](https://x.com/CVEnew/status/1979289042626703520) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56316 A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries"
[X Link](https://x.com/CVEnew/status/1979289043549511974) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56320 Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute"
[X Link](https://x.com/CVEnew/status/1979289044451303672) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-57164 Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field"
[X Link](https://x.com/CVEnew/status/1979289045348818982) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-57567 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor specifically in the minify.php file located under the default theme directory (/the"
[X Link](https://x.com/CVEnew/status/1979289046451888370) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60514 Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts"
[X Link](https://x.com/CVEnew/status/1979289047311806946) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62642 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creat"
[X Link](https://x.com/CVEnew/status/1979289048351985864) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62643 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages"
[X Link](https://x.com/CVEnew/status/1979289049270481305) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62644 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated user"
[X Link](https://x.com/CVEnew/status/1979289050138759223) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62645 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privilege"
[X Link](https://x.com/CVEnew/status/1979289051145408762) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62646 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates"
[X Link](https://x.com/CVEnew/status/1979289052525285813) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60169 Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form X to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact For"
[X Link](https://x.com/CVEnew/status/1971499176489013261) [@CVEnew](/creator/x/CVEnew) 2025-09-26T08:56Z 55.7K followers, XXX engagements
"CVE-2025-60361 radare2 v5.9.8 and before contains a memory leak in the function bochs_open"
[X Link](https://x.com/CVEnew/status/1979204793097949338) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-62647 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to retur"
[X Link](https://x.com/CVEnew/status/1979289053481533530) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53950 An Exposure of Private Personal Information ('Privacy Violation') vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5"
[X Link](https://x.com/CVEnew/status/1978926602726547706) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54658 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11"
[X Link](https://x.com/CVEnew/status/1978926605033476302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2023-46718 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 thro"
[X Link](https://x.com/CVEnew/status/1978932599017107932) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-22258 A heap-based buffer overflow in Fortinet FortiSRA 1.5.0 1.4.0 through 1.4.2 FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1"
[X Link](https://x.com/CVEnew/status/1978932602225725627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1.0.0 through 1.0.3 FortiSwitchManager 7.2.0"
[X Link](https://x.com/CVEnew/status/1978932607888036033) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58903 An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null P"
[X Link](https://x.com/CVEnew/status/1978932611046347193) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
[X Link](https://x.com/CVEnew/status/1970765350166794690) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
[X Link](https://x.com/CVEnew/status/1970765351089508559) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951257556537836) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951258571444548) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951259594919983) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951260601557053) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"
[X Link](https://x.com/CVEnew/status/1976328920585863334) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328921689006461) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"
[X Link](https://x.com/CVEnew/status/1976328922796261806) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"
[X Link](https://x.com/CVEnew/status/1976328923811283138) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328924826395042) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328925908537552) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328926977982919) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328927963721982) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328929037386232) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328930127917096) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328931155579001) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328932157948288) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328933269479449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328934318080315) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328935265927285) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328936247468488) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328937249947852) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328938331963879) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328939267326295) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328940244566057) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328941226066043) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328942220083348) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328943293903087) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328944275362239) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328945340645614) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328946397610312) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"
[X Link](https://x.com/CVEnew/status/1976328947454574715) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"
[X Link](https://x.com/CVEnew/status/1976328948494827792) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"
[X Link](https://x.com/CVEnew/status/1976328949530808449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"
[X Link](https://x.com/CVEnew/status/1976328950541586798) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"
[X Link](https://x.com/CVEnew/status/1976328952479350983) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"
[X Link](https://x.com/CVEnew/status/1976328953515344256) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"
[X Link](https://x.com/CVEnew/status/1976328954488422767) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"
[X Link](https://x.com/CVEnew/status/1976328959618056562) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"
[X Link](https://x.com/CVEnew/status/1976328960679240009) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"
[X Link](https://x.com/CVEnew/status/1976328961727861041) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"
[X Link](https://x.com/CVEnew/status/1976328963707597056) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"
[X Link](https://x.com/CVEnew/status/1976328964663804152) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to XXX a failure to redact HTTP authentication credentials in error handling allows information disclos"
[X Link](https://x.com/CVEnew/status/1979289031549575361) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2024-31573 XMLUnit for Java before 2.10.0 in the default configuration might allow code execution via an untrusted stylesheet (used for an XSLT transformation) because XSLT e"
[X Link](https://x.com/CVEnew/status/1979289040663797763) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62648 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume"
[X Link](https://x.com/CVEnew/status/1979289054517588013) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62652 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension all"
[X Link](https://x.com/CVEnew/status/1979314691949146430) [@CVEnew](/creator/x/CVEnew) 2025-10-17T22:32Z 55.7K followers, XXX engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew
"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62669 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.T"
X Link @CVEnew 2025-10-18T04:50Z 55.7K followers, XXX engagements
"CVE-2025-11942 A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authenticatio"
X Link @CVEnew 2025-10-19T16:17Z 55.7K followers, XXX engagements
"CVE-2025-9274 Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbit"
X Link @CVEnew 2025-09-02T20:30Z 55.7K followers, XXX engagements
"CVE-2025-39897 In the Linux kernel the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error chec"
X Link @CVEnew 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-56382 A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbit"
X Link @CVEnew 2025-10-06T17:42Z 55.7K followers, XXX engagements
"CVE-2025-60312 Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field allowing a remote attacker to inject arbit"
X Link @CVEnew 2025-10-07T17:32Z 55.7K followers, XXX engagements
"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"
X Link @CVEnew 2025-10-14T14:16Z 55.7K followers, XXX engagements
"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11853 A vulnerability was determined in Sismics Teedy up to XXXX. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulati"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11852 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11493 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server such as updates dependencies and integrations. This creat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11492 In the ConnectWise Automate Agent communications could be configured to use HTTP instead of HTTPS. In such cases an on-path threat actor with a man-in-the-middle ne"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62428 Drawing-Captcha APP provides interactive engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34253 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34255 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Forgot Password' endpoint returns dis"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34254 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Login' endpoint returns distinct JSON"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62427 The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution me"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62425 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers written and maintained by Element. A logic flaw in matrix-"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62423 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier a Blind SQL injection vulnerability exists in the Admin Areas /admin_"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62414 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the Create New Customer feature (in the admin panel) is vulnerable to Cross-Site Scripting"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being proces"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62417 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example = + - or @) is accepted and l"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62413 MQTTX is an MQTT XXX desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-34517 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an absolute path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitr"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34514 Ilevia EVE X1 Server firmware versions 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exe"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34519 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function w"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34512 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attack"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34518 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a relative path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitra"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34515 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.shthat allows an attacker to es"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62412 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized and can be used"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34513 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.phpthat allows an unauthenticated attacke"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34516 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a use of default credentials vulnerabilitythat allows an unauthenticated attacker to obtain remote acc"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62411 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Tran"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62409 Envoy is a cloud-native open source edge and service proxy. Prior to 1.36.1 1.35.5 1.34.9 and 1.33.10 large requests and responses can potentially trigger TCP co"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62407 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0 an open redirect was possible through the redirect argument on the login page if a s"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the Target PayPal merchant account hij"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the backoffice is missing validation o"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 missing validation on the Express Chec"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61909 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 the safe-reload script (also used during systemctl reload icinga2) an"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62586 OPEXUS FOIAXpress allows a remote unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61908 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 when creating an invalid reference such as a reference to null dere"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61907 Icinga X is an open source monitoring system. In Icinga X versions XXX through 2.15.0 filter expressions provided to the various /v1/objects endpoints could access v"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61789 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3 an authorized user with access to Icinga DB Web can use a custom variable"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-36128 IBM MQ XXX XXX XXX XXX LTS and XXX XXX CD is vulnerable to a denial of service caused by improper enforcement of the timeout on individual read operations. By co"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58051 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6 0.8.8 and 0.9.5 when importing a table a user was able to specify files"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53092 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. B"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hash"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2024-56143 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2 the lookup operator provided by the document service does not pro"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11851 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62496 A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessivel"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62495 An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. *"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62494 A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand ope"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62493 A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62492 A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negati"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62491 A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts-rejected_"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62490 In quickjs in js_print_object when printing an array the function first fetches the array length and then loops over it.The issue is printing a value is not side"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11842 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11840 A weakness has been identified in GNU Binutils XXXX. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bound"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55035 Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from acces"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-36002 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5 and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5 and 6.2.1.0 stores user credentials in configu"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41254 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11839 A security flaw has been discovered in GNU Binutils XXXX. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked retur"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9152 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Cl"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9804 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-9955 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services relate"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10611 Due to an insufficient access control implementation in multiple WSO2 Products authentication and authorization checks for certain REST APIs can be bypassed allowin"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-3930 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation the JWT is not invalidated which allows an attacker who has stolen or inter"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58426 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key which allows an attacker to create malicious AppSuite applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58079 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55072 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54859 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54760 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-52583 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-24833 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-6338 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58115 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited an arbitrary script may be executed on the web browser of the user who is"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54461 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited an uninvited guest user may register itself"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53858 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited an arbitrary script may be executed on the web browser of the user who is accessin"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58073 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61581 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all ver"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41410 Mattermost versions 10.10.x = 10.10.2 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to c"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0277 HCL BigFix Mobile XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to an"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0276 HCL BigFix Modern Client Management (MCM) XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could tri"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10545 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58075 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54499 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timi"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41443 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41021 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0 consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request usi"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers thr"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41019 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve create update and delete databases through the 'id' parameter in '/ind"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55091 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ip_packet_receive() funct"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41018 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve create update and delete databases through the 'cat' parameter in '/publ"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62585 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62584 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62583 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10849 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to and including 1.1.4. This is due to the hardcoded password in th"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10742 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to and including 1.8.6. This is due to the plugin providing"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10706 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' functi"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55090 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ipv4_packet_receive() fun"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55089 In FileX before 6.4.2 the file support module for Eclipse Foundation ThreadX there was a possible buffer overflow in the FileX RAM disk driver. It could cause a rem"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55084 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58778 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual and enabled in the initial configurat"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-0275 HCL BigFix Mobile XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions potentially allowing access"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-0274 HCL BigFix Modern Client Management (MCM) XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions pot"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11814 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10700 The Ally Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.8.0. This is due to"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62580 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62579 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11683 YAML::Syck versions before XXXX for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators i"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-22381 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality allowing an attacker to reset a user's password"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-56699 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version XXX allows an unauthenticated user to execute arbitrary"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-56700 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version XXX allows a low level priviliged user that has access"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60358 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60639 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26)"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60641 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST'mexcel')) where $_POST'mexcel' is user-controll"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60855 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images r"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61330 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems fro"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61514 An arbitrary file upload vulnerability in SageMath Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61536 FelixRiddle dev-jobs-handlebars XXX uses absolute password-reset (magic) links using the untrusted header and forces the http:// scheme. An attac"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61539 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61540 SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61541 Webmin XXXXX is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTT"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61543 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $_SERVER'HTTP_HOST' directly to construct"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61553 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61554 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37141 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37140 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37138 An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. E"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37137 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37136 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37135 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37134 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-8430 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuratio"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37133 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37132 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Su"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11548 A remote unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated R"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS XX could allow an unauthenticated remote attacker to conduct a denial of service attack. Su"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote co"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to th"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37149 A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11577 Clevos UEFI firmware update packages including B10717.exe inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. T"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-31366 An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 in FortiOS 7.6.0 through 7.6.3 7.4.0 through 7.4.7 XXX all versions XXX all v"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-25253 An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below version 7.4.8 and below XXX all versions 7.0"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57740 An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below version 7.4.7 and below version 7.2.10 and below XXX all versions XXX all"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-47890 An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2 7.4.0 through 7.4.8 XXX all versions XXX all versions XXX all versio"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57741 An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may all"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2.5 through 7.2.10 7.0.0 through 7.0.15 XXX all v"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58324 An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSIEM 7.2.0 through 7.2.2 XXX all versions XXX all versions XXX all ve"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2024-48891 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1 7.5.0 through 7"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1 the energy dashboard is vuln"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57563 A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-57618 A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability it is"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplyi"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF)"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62504 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2 1.35.6 1.34.10 and 1.33.12 contain a use-after-free vulnerability in the Lua fil"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-62506 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z a privilege escalation vulnerability allows service accounts"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-11864 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-11900 The iSherlock developed by HGiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11899 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability allowing unauthenticated remote attackers to exploit the fixed key to genera"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11898 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability allowing unauthenticated remote attackers to exploit Relative Path Traversal to download"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6949 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API a"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6894 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of t"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6893 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been i"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-6892 An Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauth"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-55097 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in ux_host_class_audio_streaming_sampling"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55096 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55094 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_icmpv6_validate_options("
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55087 In NextX Duo's snmp addon versions before 6.4.4 a part of the Eclipse Foundation ThreadX an attacker could cause an out-of-bound read by a crafted SNMPv3 security p"
X Link @CVEnew 2025-10-17T07:31Z 55.7K followers, XXX engagements
"CVE-2023-28815 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation resulting in a command injection vulnerability. Attackers may exploit t"
X Link @CVEnew 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2023-28814 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded attac"
X Link @CVEnew 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-48087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stor"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11903 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of th"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11902 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Perform"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-48044 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex an"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-60359 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-60360 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11904 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument I"
X Link @CVEnew 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-62515 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior the FlightServer class directly uses pickle.loads() to deserialize ac"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11914 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.doActi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62508 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the st"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11913 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11912 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.doAction=Query. This manipulatio"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11925 Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.Thi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62511 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version XXX contains a Time-of-Check to Time-of-Use (TOCTO"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11911 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.doAction=Query. The mani"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11910 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.doAction=Q"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34282 ThingsBoard versions 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a mali"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34281 ThingsBoard versions 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11909 A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.doActi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11908 A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.doAct"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62505 LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.searc"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62430 ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo me"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62424 ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier the /admin_area/template_editor.php endpoint is vulnerable to path t"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62419 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC URL injection vulnerability exists in the DB2 and MongoDB data s"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62420 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC driver bypass vulnerability exists in the H2 database connection"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62421 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a stored cross-site scripting vulnerability exists due to improper file"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62422 DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier the /de2api/datasetData/tableField interface is vulnerable to S"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62171 ImageMagick is an open source software suite for displaying converting and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32 an in"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59043 OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1 JSON objects after decoding may use significantly more memory"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58747 Dify is an LLM application development platform. In Dify versions through 1.9.1 the MCP OAuth component is vulnerable to cross-site scripting when a victim connects"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62356 A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11905 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file appmodulescmscontrollergather.js. Th"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0 when populating a Git repository's working tree with the contents of G"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60279 A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal servic"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56218 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56221 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56316 A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56320 Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-57164 Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-57567 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor specifically in the minify.php file located under the default theme directory (/the"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60514 Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62642 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creat"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62643 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62644 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated user"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62645 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privilege"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62646 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60169 Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form X to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact For"
X Link @CVEnew 2025-09-26T08:56Z 55.7K followers, XXX engagements
"CVE-2025-60361 radare2 v5.9.8 and before contains a memory leak in the function bochs_open"
X Link @CVEnew 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-62647 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to retur"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53950 An Exposure of Private Personal Information ('Privacy Violation') vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54658 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2023-46718 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 thro"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-22258 A heap-based buffer overflow in Fortinet FortiSRA 1.5.0 1.4.0 through 1.4.2 FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1.0.0 through 1.0.3 FortiSwitchManager 7.2.0"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58903 An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null P"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to XXX a failure to redact HTTP authentication credentials in error handling allows information disclos"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2024-31573 XMLUnit for Java before 2.10.0 in the default configuration might allow code execution via an untrusted stylesheet (used for an XSLT transformation) because XSLT e"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62648 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62652 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension all"
X Link @CVEnew 2025-10-17T22:32Z 55.7K followers, XXX engagements
/creator/twitter::821806287461740544/posts