CVE Alert: CVE-2025-27024
Vulnerability Summary: CVE-2025-27024 Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated...
Vulnerability Summary: CVE-2025-27024 Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated...
Vulnerability Summary: CVE-2025-2330 The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Vulnerability Summary: CVE-2025-4946 The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation...
Vulnerability Summary: CVE-2024-35164 The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from...
Vulnerability Summary: CVE-2025-27023 Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated...
Vulnerability Summary: CVE-2025-39362 Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a...
Vulnerability Summary: CVE-2025-27026 A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an...
Vulnerability Summary: CVE-2025-52891 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx....
Vulnerability Summary: CVE-2025-53492 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki...
Vulnerability Summary: CVE-2025-46647 A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all...
Vulnerability Summary: CVE-2025-45029 WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi. Affected...
Vulnerability Summary: CVE-2025-6725 In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already...
Vulnerability Summary: CVE-2025-53493 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki...
Vulnerability Summary: CVE-2025-53494 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki...
Vulnerability Summary: CVE-2025-20310 A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated,...
Vulnerability Summary: CVE-2025-20308 A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute...
Vulnerability Summary: CVE-2025-53358 kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the...
Vulnerability Summary: CVE-2025-6942 The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited...
Vulnerability Summary: CVE-2025-20307 A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated,...
Vulnerability Summary: CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition...
Vulnerability Summary: CVE-2025-6943 Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an...
Vulnerability Summary: CVE-2025-52559 Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the...
Vulnerability Summary: CVE-2025-45424 Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication. Affected...
Vulnerability Summary: CVE-2025-45814 Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000...