This CVE is a duplicate of another existing CVE, meaning it describes the same vulnerability that has already been reported and assigned a different CVE ID.
It's a problem because it can cause confusion and duplication of efforts in addressing the vulnerability, potentially leading to inefficiencies in cybersecurity efforts.
The CVE-2025-64336 vulnerability allows an authenticated user to upload a photo with a malicious title containing HTML/JavaScript code to the ClipBucket video sharing platform, which can then execute in the administrator's browser when viewed in the Admin → Manage Photos section.
This vulnerability is a problem because it enables an attacker to inject malicious code into the administrator's browser, potentially allowing them to steal sensitive information, perform unauthorized actions, or take control of the administrator's account.
The CVE-2025-64329 vulnerability is a bug in the containerd container runtime that allows a user to cause memory exhaustion on the host system due to goroutine leaks when using the CRI Attach implementation.
This vulnerability is a problem because it can be exploited to consume all available memory on the host system, potentially leading to system crashes, slowdowns, or other destabilizing effects, which can impact the availability and reliability of services running on the affected system.
The IDonate plugin for WordPress has a vulnerability that allows attackers to delete any user account, including administrators, by exploiting a flaw in the user deletion function. This can be done by providing a specific user ID to the function, which is not properly validated.
This vulnerability is a problem because it allows low-privileged users (those with Subscriber-level access or higher) to gain unauthorized control over the system by deleting important accounts, potentially disrupting the entire donation management system and causing data loss or security breaches.
The IDonate WordPress plugin has a vulnerability that allows authenticated users with Subscriber-level access or higher to reset the password of any user, including administrators, without proper authorization.
This vulnerability is a problem because it enables attackers to gain full control of a website by escalating their privileges, potentially leading to unauthorized access, data theft, and other malicious activities.
The Gravity Forms plugin for WordPress has a vulnerability that allows unauthorized users to upload any type of file to a site's server, potentially leading to remote code execution, due to a lack of file type validation in the plugin's copy_post_image() function.
This vulnerability is a significant issue because it enables attackers to upload malicious files, which could lead to taking control of the site, stealing sensitive data, or using the site for malicious activities, posing a substantial risk to the site's security and integrity.
The CVE-2025-64328 vulnerability allows an authenticated user to inject commands into the FreePBX Endpoint Manager system, potentially giving them remote access to the system as an asterisk user, by exploiting a flaw in the filestore module's testconnection function.
This vulnerability is a problem because it enables an attacker to gain unauthorized access to the system, potentially leading to data breaches, system compromise, or other malicious activities, even if they only have authenticated access to the system.
The CVE-2025-64323 vulnerability allows unauthorized access to sensitive configuration data in kgateway versions 2.0.4 and below, and 2.1.0-agw-cel-rbac through 2.1.0-rc.2, due to a lack of authentication. This enables any client with network access to the xDS port to retrieve confidential information, including certificate data, backend service details, routing rules, and cluster metadata.
This vulnerability is a problem because it exposes sensitive information that could be used to compromise the security and integrity of the kgateway and connected systems. An attacker could exploit this vulnerability to gain valuable insights into the system's configuration, potentially leading to further attacks or data breaches.
The CVE-2025-64187 vulnerability allows an attacker to inject arbitrary HTML and JavaScript into notifications and popups in OctoPrint, a web interface for controlling 3D printers, by convincing a victim to print a specially crafted file.
This vulnerability is a problem because it enables an attacker to disrupt ongoing prints, extract sensitive information, including configuration settings, or perform unauthorized actions on behalf of the targeted user within the OctoPrint instance.
The Dosage comic strip downloader and archiver has a vulnerability that allows a remote attacker to write arbitrary files outside the target directory when downloading comic images, by manipulating the HTTP Content-Type header to specify a malicious file extension.
This vulnerability is a problem because it enables an attacker to potentially overwrite or create malicious files on a user's system, leading to further exploitation or damage, especially if the comic is served over an insecure HTTP connection.
This vulnerability allows unauthorized access to internal network resources in Manager Desktop and Server versions 25.11.1.3085 and below, by exploiting a flaw in the DNS validation mechanism, enabling attackers to bypass network isolation and access sensitive services and data.
This vulnerability is a significant issue because it permits attackers to access internal network resources, including cloud metadata endpoints and protected network segments, without proper authorization, potentially leading to data breaches, unauthorized data access, and other malicious activities.
The LC Wizard plugin for WordPress has a vulnerability that allows unauthorized users to create new administrator accounts when the PRO functionality is enabled, due to a missing capability check in one of its files.
This vulnerability is a problem because it enables attackers to gain high-level access to a WordPress site, potentially leading to data theft, site defacement, or other malicious activities, without needing any prior authentication.
This vulnerability allows an attacker to send specially crafted network packets to NEC Corporation's UNIVERGE IX and UNIVERGE IX-R/IX-V products, which can execute arbitrary OS commands without requiring authentication.
This is a problem because it enables unauthorized access to the system, allowing attackers to execute commands and potentially gain control over the product, leading to data breaches, system compromise, and other malicious activities.
This vulnerability in Nuxt DevTools allows an attacker to extract Nuxt auth tokens via Cross-Site Scripting (XSS) attacks under specific configurations.
This is a problem because if an attacker can extract auth tokens, they can gain unauthorized access to sensitive information and systems, potentially leading to data breaches, identity theft, and other malicious activities.
The CVE-2025-48985 vulnerability allows users to bypass filetype whitelists when uploading files to Vercel's AI SDK, potentially allowing unauthorized file types to be uploaded.
This vulnerability is a problem because it can lead to security risks, such as the upload of malicious files, which can compromise the system or be used for malicious activities.
The CVE-2025-12789 vulnerability is an Open Redirect issue in Red Hat Single Sign-On that occurs during the logout process, allowing an attacker to manipulate the redirect_uri parameter and redirect users to a malicious URL.
This vulnerability is a problem because it can be exploited by attackers to phishing attacks, stealing user credentials, or installing malware, by tricking users into visiting a fake website that appears legitimate.
This vulnerability allows an attacker to cause a device error by entering malicious input into the dashboard label or path, potentially leading to the disclosure of sensitive information or manipulation of data.
This vulnerability is a problem because it can be exploited by attackers to gain unauthorized access to sensitive information or disrupt the normal functioning of the device, which can have serious consequences for the security and integrity of the system.
This vulnerability allows an attacker to upload a specially crafted configuration file that can traverse directories and execute code remotely with system-level permissions.
This is a problem because it enables an attacker to gain control over the system, potentially leading to unauthorized access, data breaches, and malicious activities, all with the highest level of system privileges.
This vulnerability allows an attacker to upload a specially crafted configuration file, which can then be used to access and execute system-level commands from remote locations, potentially giving them full control over the system.
This vulnerability is a problem because it enables attackers to bypass security measures and gain high-level access to a system, allowing them to steal sensitive data, install malware, or disrupt system operations, which can lead to significant financial and reputational damage.
This vulnerability allows an attacker to upload a specially crafted configuration file, which can cause the system to become unresponsive, allow the attacker to access files and directories they shouldn't have access to, or read and write files on the system.
This vulnerability is a problem because it gives an attacker the ability to disrupt the system, access sensitive information, and potentially make unauthorized changes to the system, all while acting as a local system account, which has elevated privileges.
The Ubia camera ecosystem has a vulnerability that exposes API credentials, allowing an attacker to connect to backend services and access cameras without authorization, potentially enabling them to view live feeds or modify camera settings.
This vulnerability is a problem because it could allow unauthorized individuals to gain access to sensitive information, such as live camera feeds, and potentially use this access for malicious purposes, including surveillance or disruption of camera functionality.
This vulnerability allows a remote attacker to access memory outside of its authorized boundaries in Google Chrome, by using a specially crafted HTML page, potentially leading to unauthorized data access or code execution.
This vulnerability is a problem because it could enable an attacker to crash the browser, steal sensitive information, or execute malicious code, compromising the security and integrity of the system and user data.
This vulnerability allows a remote attacker to access memory out of bounds by using a crafted HTML page, after compromising the renderer process in Google Chrome versions prior to 141.0.7390.107.
This is a problem because it enables an attacker to potentially execute malicious code, access sensitive information, or cause the browser to crash, which can lead to security breaches and data theft.
This vulnerability allows a remote attacker to execute arbitrary code on a user's device by using a specially crafted video file, taking advantage of a "use after free" flaw in Google Chrome's Storage component.
This vulnerability is a problem because it enables attackers to run malicious code on a user's device, potentially leading to data theft, malware installation, or other harmful activities, simply by tricking the user into opening a crafted video file.
This vulnerability allows a remote attacker to perform an out-of-bounds memory read by creating a specially crafted HTML page, which can cause a heap buffer overflow in the Sync feature of Google Chrome versions prior to 141.0.7390.65.
This vulnerability is a problem because it enables an attacker to potentially access sensitive information or disrupt the normal functioning of the browser, which could lead to security breaches or other malicious activities.
The CVE-2025-64179 vulnerability in lakeFS allows unauthorized access to the /api/v1/usage-report/summary endpoint, enabling anyone to retrieve aggregate API usage counts, including information about service activity or uptime.
This vulnerability is a problem because it discloses information about the service's activity and uptime, which could be used by attackers to plan and execute further attacks, even though no sensitive data is directly exposed.
The Jellysweep cleanup tool for the Jellyfin media server has a vulnerability that allows an authenticated user to download arbitrary content by manipulating the URL parameter in the /api/images/cache endpoint.
This vulnerability is a problem because it could be exploited to download malicious or unauthorized content, potentially leading to security breaches or other harmful activities, even though it requires authentication to access the affected API endpoint.
The CVE-2025-64177 vulnerability allows an attacker to inject malicious code into the ThinkDashboard bookmark dashboard through a stored Cross-Site Scripting (XSS) attack, which can be triggered when a user clicks on a malicious bookmark.
This vulnerability is a problem because it enables attackers to execute arbitrary code on the user's browser, potentially leading to unauthorized access, data theft, or other malicious activities, due to the lack of proper scheme filtering in ThinkDashboard versions 0.6.7 and below.
The CVE-2025-64176 vulnerability allows an attacker to upload any file to the /data directory of the ThinkDashboard web application by exploiting the backup import feature, bypassing client-side file-type verification by using a .zip file.
This vulnerability is a problem because it can lead to stored XSS attacks, allowing malicious scripts to be executed on the application, or be used for distributing malware, potentially compromising the security of the system and its users.
This vulnerability allows a remote attacker to access memory out of bounds by using a crafted HTML page, taking advantage of a "use after free" flaw in the V8 component of Google Chrome, prior to version 141.0.7390.54.
This vulnerability is a problem because it could potentially enable an attacker to execute malicious code, access sensitive information, or cause the browser to crash, which could compromise the security and stability of the user's system.
This vulnerability allows a remote attacker to trick users into thinking they are on a different website than they actually are, by using a specially crafted video file, when using Google Chrome on a Mac with a version prior to 141.0.7390.54.
This vulnerability is a problem because it can be used by attackers to spoof domains, potentially leading to phishing attacks, where users may unknowingly enter sensitive information, such as passwords or credit card numbers, into a fake website that looks like a legitimate one.
This vulnerability allows a remote attacker to perform an out-of-bounds memory read by creating a specially crafted HTML page, due to an "off by one" error in the V8 engine of Google Chrome versions prior to 141.0.7390.54.
This vulnerability is a problem because it could potentially allow an attacker to access sensitive information stored in memory, which could be used to exploit other vulnerabilities or gain unauthorized access to a system.
This vulnerability allows a remote attacker to trick users into performing specific actions on their Android device, using a malicious webpage to spoof the domain of a legitimate website, potentially leading to phishing or other malicious activities.
This vulnerability is a problem because it enables attackers to deceive users into revealing sensitive information or performing unintended actions, which could compromise the security of their personal data and device.
This vulnerability allows a remote attacker to spoof domains by tricking a user into performing specific actions on a crafted HTML page in Google Chrome on Windows, prior to version 141.0.7390.54.
This vulnerability is a problem because it enables attackers to deceive users into believing they are interacting with a legitimate website, when in fact they are being redirected to a malicious site, potentially leading to phishing attacks, data theft, or other malicious activities.
This vulnerability allows a remote attacker to potentially access memory outside of its allowed boundaries in Google Chrome's Media component by using a specially crafted HTML page.
This vulnerability is a problem because it could potentially allow an attacker to access sensitive information, disrupt the normal functioning of the browser, or even execute malicious code, which could compromise the security and integrity of the user's system.
This vulnerability allows a remote attacker to potentially trick users into revealing sensitive information through a crafted HTML page, exploiting a side-channel information leakage in Google Chrome's Tab feature, by convincing users to perform specific UI gestures.
This vulnerability is a problem because it enables attackers to perform UI spoofing, which can lead to phishing attacks, unauthorized access to user data, or other malicious activities, compromising user privacy and security.
This vulnerability allows a remote attacker to create a fake webpage that can trick Google Chrome on Android into displaying a false URL in the address bar, making it seem like the user is on a different website than they actually are.
This vulnerability is a problem because it can be used by attackers to phishing or deceive users into revealing sensitive information, such as passwords or credit card numbers, by making them believe they are on a legitimate website.
This vulnerability allows a remote attacker to trick users into performing unintended actions on a webpage by spoofing the user interface, using a specially crafted HTML page, if the user is convinced to engage in specific UI gestures.
This vulnerability is a problem because it can be used by attackers to deceive users into revealing sensitive information, performing unwanted actions, or installing malware, ultimately compromising the security and privacy of the user's data.
This vulnerability allows a remote attacker to access and manipulate sensitive information in Google Chrome's storage by using a specially crafted HTML page, potentially leading to unauthorized data access or modification.
This vulnerability is a problem because it enables attackers to bypass normal security controls and access sensitive data, which could lead to data theft, tampering, or other malicious activities, compromising user privacy and security.
This vulnerability allows a remote attacker to overflow the heap buffer in the Video component of Google Chrome, potentially leading to a sandbox escape when a user visits a maliciously crafted HTML page.
This vulnerability is a problem because it could enable an attacker to break out of the browser's sandbox, potentially allowing them to execute malicious code on the user's system, access sensitive data, or take control of the system.
This vulnerability allows a remote attacker to cause a heap buffer overflow in WebGPU within Google Chrome, potentially leading to heap corruption when a user visits a crafted HTML page, but only if the attacker has already compromised the renderer process.
This vulnerability is a problem because it could enable an attacker to execute arbitrary code or crash the system, potentially leading to unauthorized access or data breaches, especially since it's considered a high-severity issue by Chromium security.
The CVE-2024-12125 flaw allows attackers to alter hidden or read-only fields during account creation or updates in the 3scale developer portal, potentially accessing or modifying restricted information.
This vulnerability is a problem because it enables unauthorized access and modification of sensitive data, which can lead to security breaches, data tampering, and compromised account integrity.
The CVE-2025-64327 vulnerability allows an attacker to make arbitrary requests to internal or external hosts through the `/api/ping?url=` endpoint in ThinkDashboard versions 0.6.7 and below, enabling the discovery of open ports and hosts on local and internal networks.
This vulnerability is a problem because it enables attackers to gain unauthorized access to internal network information, potentially leading to further exploitation and compromise of sensitive data or systems.
The Weblate web-based localization tool leaks the IP address of a project member who invites a user to a project, recording this information in the audit log, which can then be viewed by the invited user.
This vulnerability is a problem because it exposes the IP address of the project member, potentially compromising their privacy and security, especially if the invited user is not trusted or has malicious intentions.
This vulnerability allows an attacker with admin access to inject malicious scripts into certain fields in Magento-lts versions 20.15.0 and below, potentially through unescaped translation strings and URLs in the admin notification feed.
This stored Cross-Site Scripting (XSS) vulnerability can be exploited by an admin or someone with direct database access to inject malicious scripts, which can lead to unauthorized actions, data theft, or further system compromise.
The CVE-2025-64173 vulnerability in Apollo Router Core allows unauthenticated queries to access data that should be restricted by additional access controls, due to incorrect handling of access control directives on interface types and their implementing object types.
This vulnerability is a problem because it enables unauthorized access to sensitive data, potentially leading to data breaches or other security incidents, especially for Apollo Router customers who have defined access control directives inconsistently on polymorphic types.
The CVE-2025-52881 vulnerability allows an attacker to trick the runc container runtime tool into misdirecting writes to /proc to other procfs files, potentially through symbolic links in a tmpfs or bind-mounts, by exploiting a racing condition with shared mounts in containers.
This vulnerability is a problem because it could enable an attacker to manipulate the container's behavior, potentially leading to unauthorized access, data tampering, or other malicious activities, by redirecting sensitive writes to unintended locations.
This vulnerability allows a remote attacker to inject malicious HTML code into IBM OpenPages, which is then executed in the victim's web browser when viewed.
This vulnerability is a problem because it enables attackers to execute malicious code within the security context of the hosting site, potentially leading to unauthorized access, data theft, or other malicious activities.
This vulnerability in Rubygem MQTT allows for a potential Man-in-the-Middle (MITM) attack because it lacks default hostname validation, enabling an attacker to intercept and alter communications.
This is a problem because it compromises the security and integrity of data transmitted over the network, potentially leading to eavesdropping, data tampering, or impersonation attacks, which can have serious consequences for confidentiality, integrity, and availability of sensitive information.
The CVE-2025-12489 vulnerability allows an attacker to inject commands and escalate privileges on systems running evernote-mcp-server, potentially executing arbitrary code with elevated privileges.
This vulnerability is a problem because it enables local attackers to gain higher-level access to a system, potentially leading to unauthorized data access, modification, or deletion, and allowing them to perform malicious actions that could compromise the security and integrity of the system.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui by exploiting a flaw in the handling of the trust_remote_code parameter, which lacks proper validation of user-supplied arguments.
This vulnerability is a problem because it enables unauthorized users to run malicious code on the system, potentially leading to data breaches, system compromise, or other harmful activities, all without requiring any authentication.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui by exploiting the lack of proper validation of user-supplied arguments in the trust_remote_code parameter.
This is a problem because it enables unauthorized users to run malicious code on the affected system without needing authentication, potentially leading to data breaches, system compromise, or other malicious activities.
This vulnerability allows a remote attacker to execute arbitrary code on Heimdall Data Database Proxy installations by injecting malicious scripts through the database event logs, due to a lack of proper validation of user-supplied data.
This vulnerability is a problem because it enables attackers to gain control of the application in the context of the target user, potentially leading to unauthorized access, data theft, or other malicious activities, all with minimal user interaction required.
The CVE-2025-52565 vulnerability affects the runc tool, which is used to run containers. It allows an attacker to trick runc into bind-mounting certain paths inside the container, potentially giving them access to sensitive files and directories, such as `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern`.
This vulnerability is a problem because it can be used to launch a denial-of-service attack on the host or escape the container, giving the attacker unauthorized access to sensitive resources. Although it cannot be used to write to host files directly, it can still have significant consequences, including disrupting system operations or gaining elevated privileges.
This vulnerability allows a low-privileged user to inject malicious SQL code into the WebAccess/VPN system through search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to extract or modify sensitive data from the database, compromising the security and confidentiality of the system, even if they only have limited access privileges.
This vulnerability allows a low-privileged user to inject SQL code into the Advantech WebAccess/VPN system by manipulating search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to extract or modify sensitive data from the database, even if they only have limited access to the system, which could lead to data breaches or other security issues.
This vulnerability allows a low-privileged user to inject SQL code into the Advantech WebAccess/VPN system by manipulating search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to extract or modify sensitive data from the database, even if they only have limited access to the system, which could lead to data breaches or disruption of service.
This vulnerability allows a low-privileged user to inject SQL code into the Advantech WebAccess/VPN system through search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to extract or modify sensitive data from the database, even if they only have limited access to the system, which could lead to data breaches or other security issues.
This vulnerability allows an authenticated user with low privileges to inject SQL code into the Advantech WebAccess/VPN system through search parameters in the datatable, potentially giving them access to sensitive database information.
This is a problem because it could allow unauthorized users to gain access to confidential data stored in the database, which could lead to data breaches, intellectual property theft, or other malicious activities.
This vulnerability allows a low-privileged user to inject malicious SQL code into the Advantech WebAccess/VPN system through search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to gain unauthorized access to confidential data, compromise the security of the system, and potentially use the obtained information for further malicious activities.
This vulnerability allows a low-privileged user to inject SQL code into the Advantech WebAccess/VPN system through search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to extract or modify sensitive data from the database, even if they only have limited access to the system, which could lead to data breaches or disruptions to the system.
This vulnerability allows a low-privileged user to inject SQL code into the Advantech WebAccess/VPN system through search parameters, potentially giving them access to sensitive database information.
This vulnerability is a problem because it could allow an attacker to gain unauthorized access to confidential data stored in the database, compromising the security and integrity of the system.
This vulnerability allows an authenticated system administrator to execute arbitrary commands on the web server by uploading a file with a specially crafted filename, potentially giving them unauthorized access to the system.
This vulnerability is a problem because it enables an attacker with administrative privileges to bypass normal security controls and execute malicious commands, which could lead to data breaches, system compromise, or other security incidents.
This vulnerability allows an authenticated network administrator to access and read the contents of arbitrary files on the system that the web user has permission to access, by exploiting an absolute path traversal flaw in the Advantech WebAccess/VPN application.
This vulnerability is a problem because it can lead to unauthorized access to sensitive information, potentially including confidential data, system configuration files, or other security-related files, which could be used for further malicious activities.
This vulnerability allows an attacker to inject and execute arbitrary scripts in a victim's browser by exploiting a stored cross-site scripting (XSS) flaw in Advantech WebAccess/VPN versions prior to 1.1.5, specifically through the StandaloneVpnClientsController.addStandaloneVpnClientAction() function.
This vulnerability is a problem because it enables attackers to execute malicious scripts on a victim's browser, potentially leading to unauthorized access, data theft, or other malicious activities, all due to insufficient validation or escaping of user-supplied input.
This vulnerability allows an attacker to inject and execute arbitrary scripts in a victim's browser by exploiting a stored cross-site scripting (XSS) flaw in Advantech WebAccess/VPN versions prior to 1.1.5, specifically through the NetworksController.addNetworkAction() function.
This vulnerability is a problem because it enables attackers to execute malicious scripts on a victim's browser, potentially leading to unauthorized access, data theft, or other malicious activities, all by exploiting insufficient validation or escaping of user-supplied input.
The CVE-2025-12490 vulnerability allows a remote attacker to create arbitrary files on a Netgate pfSense system by exploiting a flaw in the Suricata package, which fails to properly validate user-supplied file paths.
This vulnerability is a problem because it enables an attacker to create files in the context of the root user, potentially leading to remote code execution and allowing the attacker to gain control of the system, even though authentication is required to exploit it.
The D-Link DIR-1260 Wi-Fi router has a vulnerability that allows unauthorized users to inject commands into the device's web management interface, giving them the ability to execute arbitrary commands with root privileges.
This vulnerability is a problem because it allows attackers to take control of the router, potentially leading to unauthorized access to the network, theft of sensitive information, and other malicious activities, all without needing to authenticate themselves.
This vulnerability allows remote attackers to bypass authentication checks in Advantech iView's SNMP management tool, leading to a SQL injection vulnerability that can result in remote code execution with administrator privileges.
This vulnerability is a problem because it enables unauthorized access to the system, allowing attackers to execute malicious code with high-level privileges, potentially leading to data breaches, system compromise, and other malicious activities.
This vulnerability allows remote attackers to bypass authentication checks in Advantech iView's SNMP management tool and inject malicious SQL code, potentially leading to the theft of sensitive user data, including clear text passwords.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which can be used for malicious purposes, such as identity theft or further exploitation of the system, compromising the security and confidentiality of user data.
The CVE-2022-50593 vulnerability allows remote attackers to bypass authentication checks in Advantech iView's SNMP management tool and inject malicious SQL code through the 'search_term' parameter, potentially leading to remote code execution with administrator privileges.
This vulnerability is a problem because it enables unauthorized access to the system, allowing attackers to execute arbitrary code with high privileges, which can result in data breaches, system compromise, and other malicious activities.
The CVE-2022-50592 vulnerability allows remote attackers to bypass authentication checks in Advantech iView versions prior to v5.7.04 build 6425, and then exploit a SQL injection vulnerability to execute code remotely with administrator privileges.
This vulnerability is a problem because it enables unauthorized access to the system, allowing attackers to execute code with high-level privileges, potentially leading to data breaches, system compromise, and other malicious activities.
This vulnerability allows remote attackers to bypass authentication checks in Advantech iView's SNMP management tool and inject malicious SQL code, potentially leading to the theft of user data, including clear text passwords.
This vulnerability is a problem because it enables unauthorized access to sensitive user data, which can be used for malicious purposes, such as identity theft or further attacks on the system.
This vulnerability allows remote unauthenticated attackers to alter database objects, including changing the email address of the administrator, by exploiting a type confusion vulnerability in the 'deleteAttachment' functionality of SuiteCRM versions prior to 7.12.6.
This vulnerability is a problem because it enables attackers to make unauthorized changes to sensitive database information without needing to authenticate, potentially leading to further malicious activities such as taking control of administrator accounts or disrupting system operations.
This vulnerability allows remote attackers to inject malicious SQL code into the 'export' functionality of SuiteCRM versions prior to 7.12.6 by exploiting the 'uid' parameter, potentially leading to the execution of arbitrary code.
This vulnerability is a problem because it enables unauthorized attackers to access and manipulate sensitive data, and potentially take control of the system, without needing any authentication credentials.
This vulnerability allows an attacker to trick the MetInfo Content Management System (CMS) into making unauthorized requests to internal or external network addresses by injecting malicious XML code, potentially leading to the disclosure of sensitive information or internal network reconnaissance.
This vulnerability is a problem because it could enable attackers to scan internal networks, identify open ports, and retrieve sensitive data, which could be used for further malicious activities, compromising the security and confidentiality of the system and its data.
This vulnerability allows attackers to send crafted requests to the /api/proxy/ component of linshenkx prompt-optimizer, which can be used to scan and access internal resources that are not intended to be publicly accessible.
This is a problem because it enables attackers to bypass security controls and gain unauthorized access to sensitive internal systems and data, potentially leading to further exploitation and damage.
The CVE-2025-31133 vulnerability affects the runc tool, which is used to run containers. It allows an attacker to exploit a weakness in how the tool verifies the source of a bind-mount, specifically when using the container's /dev/null to mask files. This can lead to arbitrary mount gadget attacks.
This vulnerability is a problem because it can expose sensitive host information, cause a denial of service, allow an attacker to escape the container, or bypass masked paths, potentially giving an attacker unauthorized access to the host system.
The CVE-2025-22397 vulnerability allows a high-privileged attacker with remote access to exploit a path traversal flaw in certain versions of Dell Integrated Dell Remote Access Controller, potentially leading to unauthorized access to restricted directories.
This vulnerability is a problem because it could enable an attacker to access sensitive areas of the system, potentially allowing them to steal or modify data, disrupt operations, or gain further unauthorized access, all of which could have serious security and privacy implications.
The containerd container runtime has a vulnerability that gives overly broad default permissions to certain directory paths, including `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri`, and `/run/containerd/io.containerd.sandbox.controller.v1.shim`, allowing unauthorized access.
This vulnerability is a problem because it allows unauthorized users or groups to access and potentially modify sensitive container runtime data, which could lead to security breaches, data tampering, or other malicious activities.
This vulnerability allows a remotely connected user with "Control my device" permission in AnyDesk versions up to 9.0.4 to change settings and set a password for the Full Access profile without the other user's confirmation, enabling them to connect again without needing permission.
This vulnerability is a problem because it allows an attacker to gain unauthorized access to a device by manipulating settings and creating a password, bypassing the security measure that requires confirmation from the other user, potentially leading to unauthorized data access or device control.
This vulnerability allows an attacker to send a specially crafted UDP packet to an AnyDesk client before version 9.0.0, causing an integer overflow and a heap-based buffer overflow when the client processes an Identity user image or establishes a connection with another client.
This vulnerability is a problem because it can potentially allow an attacker to execute arbitrary code on the affected system, leading to unauthorized access, data theft, or other malicious activities.
The CVE-2025-27917 vulnerability allows an attacker to remotely cause a Denial of Service (DoS) in AnyDesk versions up to 9.0.4 by exploiting incorrect deserialization, which leads to failed memory allocation and a NULL pointer dereference, causing the system to crash.
This vulnerability is a problem because it enables attackers to disrupt the service, making it unavailable to legitimate users, which can lead to downtime, loss of productivity, and potential financial losses.
This vulnerability allows an attacker to manipulate data and spoof the AnyDesk ID when a connection is established between two clients using an IP address in AnyDesk versions up to 9.0.4.
This vulnerability is a problem because it enables attackers to impersonate legitimate users or devices, potentially leading to unauthorized access, data theft, or other malicious activities.
This vulnerability allows an authenticated remote user to view another user's active desktop session metadata, including periodic desktop preview screenshots, due to an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS.
This vulnerability is a problem because it compromises user privacy by allowing unauthorized access to sensitive information, such as desktop session metadata and screenshots, which could potentially contain confidential data.
This vulnerability allows an attacker to inject malicious JavaScript code into a website's HTML elements, such as navigation links and search forms, by manipulating the URL path. This can lead to the execution of arbitrary JavaScript code in the browsers of users who visit a crafted URL.
This vulnerability is a problem because it enables attackers to execute malicious code on a user's browser, potentially allowing them to steal sensitive information, hijack user sessions, or perform other malicious activities.
This vulnerability allows an attacker to inject and execute arbitrary JavaScript code in a victim's browser by sending a crafted request to a CMSimpleXH application, potentially through a malicious login request.
This vulnerability is a problem because it enables attackers to steal session cookies, disclose credentials, or cause other harmful client-side effects, which can lead to unauthorized access to sensitive information and compromised user accounts.
The CVE-2025-63560 vulnerability allows a remote attacker to crash the KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder system by exploiting an issue in the systemctrl API's System/reFactory component, resulting in a denial of service.
This vulnerability is a problem because it enables attackers to disrupt the normal functioning of the video encoder system, potentially causing significant disruptions to video streaming or recording services, and leading to downtime and loss of productivity.
The default configuration of WatchGuard Firebox devices allows administrative access via SSH on port 4118 using the readwrite password for the admin account.
This vulnerability is a problem because it allows unauthorized access to the device with administrative privileges, potentially leading to malicious activities such as data theft, device compromise, or disruption of network services.
This vulnerability allows a user with view-only access to Devolutions Server to retrieve sensitive information, including password lists and custom values, that they should not be able to access.
This is a problem because it can lead to password disclosure, where unauthorized users can obtain sensitive passwords, potentially allowing them to access secure systems or data.
This vulnerability allows a low-privileged user to impersonate another account by reusing a pre-MFA (Multi-Factor Authentication) cookie, even though it doesn't bypass the target account's MFA verification step.
This vulnerability is a problem because it enables an authenticated user with limited privileges to potentially access and manage another user's account, which could lead to unauthorized data access, modification, or other malicious activities.
This vulnerability allows a malicious file to escalate privileges to the highest level (NT AUTHORITY/SYSTEM) when executed on a victim's machine, due to inadequate validation of loaded binaries, enabling an attacker to execute code with system-level access.
This is a problem because it enables an attacker with limited access to a system to gain complete control over it, potentially leading to unauthorized data access, modification, or deletion, as well as the installation of malicious software.
The CVE-2025-6327 vulnerability allows an attacker to upload files of dangerous types, including web shells, to a web server using the King Addons for Elementor plugin, version 51.1.36 or earlier.
This vulnerability is a problem because it enables attackers to upload malicious files, potentially leading to unauthorized access, data breaches, or complete control of the web server, compromising the security and integrity of the affected website.
The CVE-2025-6325 vulnerability allows an attacker to escalate their privileges in the King Addons for Elementor plugin, potentially giving them unauthorized access to sensitive features and data.
This vulnerability is a problem because it enables attackers to gain higher levels of access than they should have, which can lead to unauthorized changes, data breaches, or other malicious activities, compromising the security and integrity of the affected system.
The CVE-2025-64287 vulnerability allows an attacker to include and execute local files on a server running the Alloggio - Hotel Booking theme, by exploiting improper control of filenames in PHP include/require statements.
This vulnerability is a problem because it enables attackers to access and execute sensitive files on the server, potentially leading to unauthorized data access, code execution, and system compromise, which can result in significant security breaches and data losses.
The CVE-2025-64232 vulnerability allows an attacker to inject malicious code into a web page through the "Import from YML" feature in icopydoc, enabling Reflected Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to trick users into executing malicious code, potentially leading to unauthorized access, data theft, or other malicious activities, by manipulating the web page content.
The CVE-2025-64224 vulnerability allows an attacker to inject malicious code into a website using the ThemeGoods Grand Conference Theme, specifically through the grandconference-custom-post custom post type, enabling reflected Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious scripts on a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the website and its users.
The CVE-2025-64198 vulnerability allows an attacker to inject malicious code into a website using the Easy Social Share Buttons plugin, specifically through a reflected Cross-site Scripting (XSS) attack, which can execute unwanted scripts on a user's browser.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform other malicious actions, potentially leading to unauthorized access, data breaches, or other security incidents.
The CVE-2025-64196 vulnerability allows an attacker to inject malicious code into a website using the Pluggabl Booster for WooCommerce plugin, specifically the woocommerce-jetpack module, through a reflected Cross-site Scripting (XSS) attack.
This vulnerability is a problem because it enables attackers to execute arbitrary code on a user's browser, potentially leading to unauthorized actions, data theft, or other malicious activities, compromising the security and integrity of the affected website and its users.
The alexusmai laravel-file-manager version 3.3.1 has a vulnerability that allows an attacker to upload, create, or rename files with HTML and SVG types without proper validation, potentially leading to Cross Site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to inject malicious scripts into the application, which can then be executed by other users, potentially stealing their data, taking control of their sessions, or performing other harmful actions.