CVE-2025-43743

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by...

CVE-2025-43731

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows ...

CVE-2025-9100

CVE-2025-9100 affects zhenfeng13 My-Blog 1.0.0, specifically the Frontend Blog Article Comment Handler in /blog/comment. The vulnerability allows authentication bypass via capture-replay and can be exploited remotely; public exploit information is available. Connected data indicate a PROOF-OF-CON...

CVE-2025-9004 mtons mblog password excessive authentication

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...

F5 Access 信任管理问题漏洞

F5 Access is a U.S.-based F5 company that uses VPN and optimization technologies to protect and accelerate mobile device access to corporate networks and applications. A trust management issue vulnerability exists in F5 Access for Android prior to version 3.1.2, which stems from failure to...

CVE-2025-53744

An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...

CVE-2025-49813

An improper neutralization of special elements used in an OS Command "OS Command Injection" vulnerability CWE-78 in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters...

CVE-2025-8796

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/deleteproject/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack...

CVE-2025-8838

WinterChenS my-site (Backend Interface) is affected in the preHandle function for /admin/. The flaw arises from manipulating the uri argument, causing improper authentication. Exploitation is described as remote and publicly disclosed, with the real existence of the vulnerability doubted in some ...

Linux Distros Unpatched Vulnerability : CVE-2016-6801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6,...

PT-2025-32414 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall version 1.0.3 Description: A problematic issue exists within the Admin Login component, leading to improper restriction of excessive authentication attempts. The attack can be launched remotely and is considered difficult to...

CVE-2014-125121 Array Networks vAPV and vxAG Default Credential Privilege Escalation

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

CVE-2025-8348

A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2024-53288

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in NTP Region functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

CVE-2025-7574 LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to...

PT-2025-28483 · Ivanti · Ivanti Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 Ivanti Policy Secure versions prior to 22.7R1.5 Description: The issue allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk through CLRF...

ROS-20250703-05

A vulnerability in the cross-platform software development framework Qt is related to the fact that QAbstractOAuth in Qt Network Authorization uses only time to run PRNG Exploitation of this vulnerability could allow an attacker acting remotely to bypass authentication. of the vulnerability could...

PT-2025-27619 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to read and write OS files via SFTP connections. Account members of the Network Administrator profile can access the target machine via SFTP with the same...

PT-2025-27541 · Hikvision · Hikvision Streaming Media Management Server

Name of the Vulnerable Software and Affected Versions: Hikvision Streaming Media Management Server version 2.3.5 Description: The issue allows remote attackers to authenticate using default credentials and access restricted functionality. After authentication, an attacker can exploit an arbitrary...

Remote Authentication Bypass

github.com/gravitational/teleport is vulnerable to remote authentication bypass. The vulnerability is due to a flaw in the authentication mechanism that improperly handles or validates user credentials or session data, allowing an attacker to gain unauthorized access to infrastructure systems...