CVE-2025-20153 Cisco ESA mail Bypass

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling of email...

Netgear C7800 Missing Transport Encryption

Netgear C7800 suffers from a man-in-the-middle vulnerability...

CVE-2025-1283

The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page...

CVE-2025-25527

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.34b12 due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

Cisco Identity Services Engine Stored XSS (cisco-sa-ise-xss-42tgsdMG)

According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by a vulnerability: - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct...

CVE-2024-47256

Successful exploitation of this vulnerability could allow an attacker who needs to have Admin access privileges to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version...

CVE-2024-57080

A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2019-13334

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2025-20179

CVE-2025-20179 – Cisco Expressway Series XSS : The vulnerability affects the web-based management interface of Cisco Expressway Series (Expressway-C/Expressway-E). It stems from improper validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to lure a use...

CVE-2020-6320

SAP Marketing Servlet, version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiali...

CVE-2020-2844

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite component: Estimate and Actual Charges. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot...

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-22063

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices...

CVE-2025-22265

Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through = 1.1...

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Eclipse Lyo could allow a remote attacker to obtain sensitive information.

Summary Eclipse Lyo could allow a remote attacker to obtain sensitive information, caused by a flaw with not restrict DTD loading when working with RDF/XML when a TransformerFactory is initialized with the defaults. By sending a specially-crafted request, an attacker could exploit this...

CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

KLA79080 PE vulnerability in Microsoft Windows

An elevation of privilege vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-21325 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-10 Microsoft-Windows-11 CVE list CVE-2025-213...

CVE-2024-56219

The CVE-2024-56219 entry describes a Missing Authorization vulnerability in WordPress Widget Options plugin, affecting versions up to 4.0.6.1. The underlying issue is broken/authentication-guarded access control in the Widget Options configuration, enabling exploitation of insufficient access che...