1305 matches found
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-11889 AIO Forms <= 1.3.15 - Authenticated (Admin+) Arbitrary File Upload via Zip Import
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
EUVD-2025-35687
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-10047
CVE-2025-10047 refers to a SQL Injection vulnerability in the WordPress plugin Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails . The issue exists in all versions up to and including 5.3.12 and stems from insufficient escaping of the user-sup...
CVE-2025-7850 Authenticated OS command execution
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...
CVE-2025-10187
CVE-2025-10187 concerns the GSpeech TTS – WordPress Text To Speech Plugin. Wordfence reports an SQL injection via the field parameter in all versions up to 3.17.13, enabling authenticated users with Administrator-level access (and above) to inject additional SQL into existing queries to extract d...
WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Demo Import Kit versions = 1.1.0...
F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K000154647)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K000154647 advisory. A vulnerability exists in the iHealth utility of the TMOS Shell tmsh that may allow an...
CVE-2025-10242
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-10985
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-10986
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk...
CVE-2025-10985
CVE-2025-10985 is an OS command injection flaw in Ivanti Endpoint Manager Mobile (EPMM) admin panel. A remote authenticated attacker with admin privileges can execute arbitrary OS commands, enabling remote code execution. Affected versions are Ivanti EPMM prior to 12.6.0.2, 12.5.0.4, and 12.4.0.4...
CVE-2025-10985
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-10243
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-10242
CVE-2025-10242 affects Ivanti Endpoint Manager Mobile (EPMM) via an OS command injection vulnerability in the admin panel. The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution. Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.x before 12...
CVE-2025-10242
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
PT-2025-41927
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.0.2 Ivanti EPMM versions prior to 12.5.0.4 Ivanti EPMM versions prior to 12.4.0.4 Description A flaw exists in the admin panel of Ivanti EPMM that allows a remote authenticated attacker with admin privileges ...