1582 matches found
CVE-2025-2493
CVE-2025-2493 describes a path traversal vulnerability in Softdial Contact Center (Sytel Ltd.). The flaw arises from insufficient validation of the id parameter in the /softdial/scheduler/load.php endpoint, allowing an attacker to navigate outside the intended directory and potentially access sen...
ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vulnerability
ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...
ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access
ABB Cylon FLXeon version 9.3.4 allows unauthenticated access to the Building Management System BMS or Building Automation System BAS dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate...
ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability
ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...
CVE-2024-43145
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...
CVE-2024-52440
Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through = 1.0.0...
CVE-2024-7358
A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure...
CVE-2024-29129
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4...
CVE-2025-24643
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through = 1.1.0...
CVE-2025-24643 WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through = 1.1.0...
CVE-2025-23591 WordPress blu Logistics plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through = 1.0.0...
CVE-2025-0015
CVE-2025-0015 describes a Use-After-Free vulnerability in ARM Mali Valhall GPU Kernel Driver and ARM 5th Gen GPU Architecture Kernel Driver. A local, non-privileged user can perform improper GPU processing operations to gain access to memory that has already been freed. Affected versions include ...
CVE-2025-0015 Mali GPU Kernel Driver allows improper GPU processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48...
CVE-2024-6790 Mali GPU Kernel Driver can cause the whole system to become unresponsive
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL o...
CVE-2024-56968
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload...
CVE-2025-24673
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...
CVE-2025-24673 WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...
CVE-2025-23701
CVE-2025-23701 describes a Reflected XSS in Lime Developer Login (Lime Developer Login by LimeSquare Pty Ltd) caused by improper neutralization of input during web page generation. Affected: Lime Developer Login, version range v1.0 through v1.4.0 (as stated). The Red Hat CVE record confirms the s...
CVE-2025-23899
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookalet Bookalet bookalet allows Stored XSS.This issue affects Bookalet: from n/a through = 1.0.3...
CVE-2025-23899 WordPress Bookalet plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookalet Bookalet bookalet allows Stored XSS.This issue affects Bookalet: from n/a through = 1.0.3...