EUVD-2025-203426

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

EUVD-2025-203436

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server...

EUVD-2025-203435

An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...

PT-2025-51248

FNT Command 13.4.0 is vulnerable to Directory Traversal...

EUVD-2025-202890

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

EUVD-2025-201242

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

EUVD-2025-200999

Interactive service agent in OpenVPN version 2.5.0 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service...

CERTFR-2025-ACT-051

creationtimestamp| type| source ---|---|--- 2025-11-27 09:18:51+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115620913416794951...

EUVD-2025-198348

Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1...

CVE-2025-13415

creationtimestamp| type| source ---|---|--- 2025-11-20 01:02:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5zl2ayw6d2x...

EUVD-2025-198200

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

EUVD-2025-198195

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

EUVD-2025-198215

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

EUVD-2025-136540

Malicious code in inda-foji-gisagun npm...

EUVD-2025-136977

Malicious code in imuay-agg-igaib npm...

EUVD-2025-145936

Malicious code in amjadusama npm...

EUVD-2025-97694

Malicious code in joko-kue90-riris npm...

EUVD-2025-102623

Malicious code in riana-rangginang64-riris npm...

CVE-2025-62482

creationtimestamp| type| source ---|---|--- 2025-11-11 11:28:54+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3m5dztyqpqt26 2025-11-13 15:37:40+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5jimis25oy2...

EUVD-2025-82826

Malicious code in arif-sate46-remi npm...