TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function. More information : https://github.com/ilovekeer/IOT/blob/main/TOTOLINK/X18/setEasyMeshAgentCfg/1.md
Kazaar 1.25.12 allows a JWT with none in the alg field. More information : https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-59685
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id. More information : https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-59686
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization. More information : https://aurora-impaqtr.com/
Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK – lib/nvmf. More information : https://github.com/spdk/spdk/commit/f786c6d75f5c5162363a621b24f5449c729679c9
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking. More information : https://digisign.ro/products-services/signing-applications/
In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter. More...
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter. More...
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter. More information...
In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter. More...
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to...
Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the ’email’ parameter in ‘/index.php?menu=address_book’. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-issabel-products
Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the ‘numero_conferencia’ parameter in ‘/index.php?menu=conferencia’. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-issabel-products
DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. More information...