PT-2025-38487

Name of the Vulnerable Software and Affected Versions Cognex In-Sight Explorer and In-Sight Camera Firmware affected versions not specified Description The software exposes a telnet-based service on port 23 for management operations, including firmware upgrades and device reboot, which requires...

CVE-2025-30468

This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication...

CVE-2025-8575 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lwscldeletefile' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2025-34173

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

CVE-2025-34176

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

CVE-2025-40696

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This vulnerability could...

CVE-2025-43774

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...

Linux Distros Unpatched Vulnerability : CVE-2021-32644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code...

CVE-2025-34176

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34178

The CVE refers to pfSense CE with the Suricata package where the policy_name parameter is not sanitized of HTML-related strings before display, causing stored XSS. Connected sources specify this affects Netgate pfSense CE Suricata package (notably v7.0.8_2 in CVE-2025-34178 listings) and require ...

CVE-2025-34177

PfSense CE with Suricata package is affected by a stored XSS in suricata_flow_stream.php: the policy_name parameter is not sanitized, allowing reflected HTML/JS content to persist when displayed. Exploitation requires authentication with at least WebCfg - Services: suricata package permissions. T...

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34173

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

CVE-2025-34174

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

CVE-2025-34173

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

CVE-2025-34174

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

PT-2025-36745

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...