Lucene search
K
RedhatcveRecent

206309 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-52611

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-70994

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

7.3CVSS5.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

7.5CVSS5.5AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-56537

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter...

6.1CVSS5.6AI score0.00185EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-52641

HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...

5.3CVSS5.5AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-70950

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

7.3CVSS7.9AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-61309

A reflected cross-site scripted XSS vulnerability in the dfm-menudepartments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•12 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-69689

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...

8.8CVSS5.4AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•13 views

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

6.1CVSS5.6AI score0.00185EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

4.7CVSS5.5AI score0.00221EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-56534

A cross-site scripting XSS vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.6AI score0.00185EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.6AI score0.00354EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS5.5AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•12 views

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS5.6AI score0.00185EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-56352

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-65417

docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application...

6.1CVSS4.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-65136

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

6.1CVSS5.5AI score0.00181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-65132

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting XSS in /public/admin/editroom.php which allows an attacker to inject and execute arbitrary JavaScript via the roomid GET parameter...

6.1CVSS5.8AI score0.00181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-14545

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

6.5CVSS5.6AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

5.6CVSS5.8AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS5.9AI score0.01028EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

7.3CVSS5.9AI score0.01186EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-65416

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

6.5CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•16 views

CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

6.5CVSS5.5AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

7.5CVSS5.5AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-27852

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

5CVSS5.5AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS5.6AI score0.00743EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-9957

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.5AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...

7.5CVSS5.5AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•17 views

CVE-2025-65415

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application...

5.4CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS5.6AI score0.00136EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-63547

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field...

7.5CVSS5.5AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-10908

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

7.3CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6.8CVSS5.7AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

9.8CVSS5.4AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-60477

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-15632

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

5.1CVSS3.6AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-59852

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

9.1CVSS5.5AI score0.00088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-59854

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

6.1CVSS5.5AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.7CVSS5.5AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•6 views

CVE-2025-24818

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application...

8CVSS5.5AI score0.01006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-46280

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination...

5.5CVSS5.4AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

5.3CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

7.5CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•13 views

CVE-2025-46307

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.0015EPSS
Exploits0References1
Total number of security vulnerabilities206309