Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue affects GoldenHorn: before 4.25.1121.1. More information...
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected....
Direct Object Reference Vulnerability (IDOR) in i2A’s CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users’ documents by manipulating the ‘documentCode’ parameter in ‘/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas’. More...
Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not...
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. More information : https://certvde.com/de/advisories/VDE-2025-095
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. More information : https://certvde.com/de/advisories/VDE-2025-095
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:ProgramDataAtcFeedback) without proper symbolic link validation, enabling arbitrary...
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade...
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted...
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. More information : https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004
Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025. More information : https://www.usom.gov.tr/bildirim/tr-25-0440
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant...
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint. More information : https://access.redhat.com/security/cve/CVE-2025-14082