Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3635 matches found

CVE
CVEadded 2025/05/29 1:31 p.m.58 views

CVE-2025-5320

CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...

6.3CVSS4AI score0.00224EPSS
Exploits0References5
OSV
OSVadded 2025/05/28 9:15 p.m.3 views

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

4.9CVSS5.7AI score0.00258EPSS
Exploits0References1
OSV
OSVadded 2025/05/28 9:15 p.m.2 views

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

6CVSS5.7AI score0.00254EPSS
Exploits0References1
NVD
NVDadded 2025/05/28 9:15 p.m.15 views

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

7CVSS0.00254EPSS
Exploits0References1
NVD
NVDadded 2025/05/28 9:15 p.m.17 views

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

4.6CVSS0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/28 9:1 p.m.14 views

CVE-2025-27706 Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

4.6CVSS5.9AI score0.00205EPSS
Exploits0References1
CVE
CVEadded 2025/05/28 8:56 p.m.65 views

CVE-2025-27703

CVE-2025-27703 affects Absolute Secure Access prior to version 13.54, with a privilege-escalation in the management console. Attackers with administrative access to a subset of privileged features can elevate permissions to access additional console features. Reported impacts: confidentiality low...

7CVSS6.6AI score0.00254EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/05/28 8:42 p.m.14 views

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/28 8:42 p.m.14 views

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS6.7AI score0.00258EPSS
Exploits0References1
CVE
CVEadded 2025/05/28 8:42 p.m.61 views

CVE-2025-27702

CVE-2025-27702 affects Absolute Secure Access prior to 13.54. The vulnerability is a permissions bypass in the management console that allows attackers with administrative access (and a specific permission set) to bypass restrictions and improperly modify settings. It has low attack complexity, r...

6.9CVSS6.7AI score0.00258EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/27 2:35 p.m.9 views

CVE-2025-5149

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

8.1CVSS7AI score0.00517EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/26 11:36 p.m.18 views

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS6.5AI score0.00462EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/26 7:32 p.m.18 views

CVE-2025-5129

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...

7.3CVSS6.7AI score0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/26 10:0 a.m.11 views

CVE-2025-5180 Wondershare Filmora Installer NFWCHK.exe uncontrolled search path

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking...

7.3CVSS6.8AI score0.00244EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/05/26 2:0 a.m.25 views

CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

6.3CVSS0.0062EPSS
Exploits1References4
NVD
NVDadded 2025/05/25 12:15 a.m.11 views

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS0.00462EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/05/24 11:31 p.m.17 views

CVE-2025-5136 Tmall Demo Payment Identifier pay random values

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS0.00462EPSS
Exploits1References4
NVD
NVDadded 2025/05/24 5:15 p.m.14 views

CVE-2025-5129

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...

7.3CVSS0.0025EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/05/24 4:31 p.m.12 views

CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...

7.3CVSS6.9AI score0.0025EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/05/24 12:0 a.m.5 views

PT-2025-22851 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A vulnerability was found in Tmall Demo, affecting an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is...

6.3CVSS3.9AI score0.00462EPSS
Exploits1References9
Rows per page
Query Builder