scip AG [Security - Consulting - Information - Process]

CVE-2025-27636 | Apache Camel up to 3.22.3/4.8.4/4.10.1 Default Header Filtering injection

09.03.2025 15:51

A vulnerability, which was classified as problematic, has been found in Apache Camel up to 3.22.3/4.8.4/4.10.1. Affected by this issue is some unknown functionality of the component Default Header Fil...

CVE-2025-2133 | ftcms 2.1 edit title cross site scripting

09.03.2025 08:17

A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument ti...

CVE-2025-2132 | ftcms 2.1 Search ajax_all_lists name sql injection

09.03.2025 08:16

A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the arg...

CVE-2025-2131 | dayrui XunRuiCMS up to 4.6.3 Friendly Links Website Address cross site scripting

09.03.2025 08:10

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the...

CVE-2025-2130 | OpenXE up to 1.12 Ticket Bearbeiten Page Notizen cross site scripting

09.03.2025 08:05

A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument N...

CVE-2025-2129 | Mage AI 0.9.75 insecure default initialization of resource

09.03.2025 07:58

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. This vulnerabi...

CVE-2023-52971 | MariaDB Server up to 10.11.x/11.4.x fix_all_splittings_in_plan insecure automated optimizations

09.03.2025 07:47

A vulnerability was found in MariaDB Server up to 10.11.x/11.4.x and classified as problematic. Affected by this issue is the function JOIN::fix_all_splittings_in_plan. The manipulation leads to insec...

CVE-2025-1382 | Contact Us by Lord Linus Plugin up to 2.6 on WordPress cross-site request forgery

09.03.2025 07:47

A vulnerability has been found in Contact Us by Lord Linus Plugin up to 2.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation lea...

CVE-2023-52970 | MariaDB Server up to 10.4.x/10.5.x/11.x/11.3.x derived_field_transformer_for_where insecure automated optimizations

09.03.2025 07:46

A vulnerability, which was classified as problematic, was found in MariaDB Server up to 10.4.x/10.5.x/11.x/11.3.x. Affected is the function Item_direct_view_ref::derived_field_transformer_for_where. T...

CVE-2023-52969 | MariaDB Server up to 10.4.x/10.5.x/10.10.x/11.x make_aggr_tables_info/optimize_stage2 insecure automated optimizations

09.03.2025 07:46

A vulnerability, which was classified as problematic, has been found in MariaDB Server up to 10.4.x/10.5.x/10.10.x/11.x. This issue affects the function make_aggr_tables_info/optimize_stage2. The mani...

CVE-2023-52968 | MariaDB Server up to 11.1.3 fix_fields_if_needed incorrect behavior order

09.03.2025 07:45

A vulnerability classified as problematic was found in MariaDB Server up to 11.1.3. This vulnerability affects the function fix_fields_if_needed. The manipulation leads to incorrect behavior order. T...

CVE-2025-1363 | WooCommerce URL Shortener Plugin up to 9.0.2 on WordPress Setting cross site scripting

09.03.2025 07:45

A vulnerability classified as problematic has been found in WooCommerce URL Shortener Plugin up to 9.0.2 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation l...

CVE-2025-1362 | WooCommerce URL Shortener Plugin up to 9.0.2 on WordPress cross-site request forgery

09.03.2025 07:45

A vulnerability was found in WooCommerce URL Shortener Plugin up to 9.0.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads t...

CVE-2025-27840 | Espressif ESP32 2025-03-06 backdoor

08.03.2025 22:51

A vulnerability was found in Espressif ESP32 2025-03-06. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to backdoor. This vuln...

CVE-2025-2127 | JoomlaUX JUX Real Estate 3.4.0 on Joomla realties Itemid/jp_yearbuilt cross site scripting

08.03.2025 16:03

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/li...

CVE-2025-2126 | JoomlaUX JUX Real Estate 3.4.0 on Joomla GET Parameter realties title sql injection

08.03.2025 16:03

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/lis...

CVE-2025-2125 | Control iD RH iD 25.2.25.0 PDF Document ?companyId=1 nsr resource injection

08.03.2025 15:52

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the ...

CVE-2025-2124 | Control iD RH iD 25.2.25.0 API change_password message cross site scripting

08.03.2025 15:52

A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API H...

CVE-2025-2123 | GeSHi up to 1.0.9.1 CSS /contrib/cssgen.php get_var cross site scripting (Issue 159)

08.03.2025 15:32

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler...

CVE-2025-2122 | Thinkware Car Dashcam F800 Pro up to 20250226 Connection denial of service

08.03.2025 15:28

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. Th...

CVE-2025-2121 | Thinkware Car Dashcam F800 Pro up to 20250226 File Storage access control

08.03.2025 15:28

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to imprope...

CVE-2025-2120 | Thinkware Car Dashcam F800 Pro up to 20250226 Configuration File /tmp/hostapd.conf cleartext storage in a file or on disk

08.03.2025 15:28

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component ...

CVE-2025-2119 | Thinkware Car Dashcam F800 Pro up to 20250226 Device Registration default credentials

08.03.2025 15:28

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. T...

CVE-2025-1261 | devitemsllc HT Mega Plugin up to 2.8.2 on WordPress Countdown Widget cross site scripting

08.03.2025 15:15

A vulnerability was found in devitemsllc HT Mega Plugin up to 2.8.2 on WordPress. It has been classified as problematic. This affects an unknown part of the component Countdown Widget. The manipulatio...

CVE-2024-13924 | fancywp Starter Templates Plugin up to 2.0.0 on WordPress http_request_host_is_external server-side request forgery

08.03.2025 15:14

A vulnerability was found in fancywp Starter Templates Plugin up to 2.0.0 on WordPress and classified as critical. Affected by this issue is the function http_request_host_is_external. The manipulatio...

CVE-2025-1664 | wpdevteam Essential Blocks Plugin up to 5.3.1 on WordPress cross site scripting

08.03.2025 15:14

A vulnerability has been found in wpdevteam Essential Blocks Plugin up to 5.3.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation...

CVE-2024-13675 | amans2k SlingBlocks Plugin up to 1.5.0 on WordPress Gutenberg Block cross site scripting

08.03.2025 15:14

A vulnerability, which was classified as problematic, was found in amans2k SlingBlocks Plugin up to 1.5.0 on WordPress. Affected is an unknown function of the component Gutenberg Block Handler. The ma...

CVE-2024-13649 | xpro 140+ Widgets Plugin up to 1.4.6.7 on WordPress cross site scripting

08.03.2025 15:14

A vulnerability, which was classified as problematic, has been found in xpro 140+ Widgets Plugin up to 1.4.6.7 on WordPress. This issue affects some unknown processing. The manipulation leads to cross...

CVE-2025-1783 | kometschuh Gallery Styles Plugin up to 1.3.4 on WordPress cross site scripting

08.03.2025 15:14

A vulnerability classified as problematic was found in kometschuh Gallery Styles Plugin up to 1.3.4 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scriptin...

CVE-2025-1324 | wppost WP-Recall Plugin up to 16.26.10 on WordPress Shortcode public-form cross site scripting

08.03.2025 15:13

A vulnerability classified as problematic has been found in wppost WP-Recall Plugin up to 16.26.10 on WordPress. This affects the function public-form of the component Shortcode Handler. The manipulat...

CVE-2025-1287 | posimyththemes The Plus Addons for Elementor Plugin up to 6.2.2 on WordPress cross site scripting

08.03.2025 15:13

A vulnerability was found in posimyththemes The Plus Addons for Elementor Plugin up to 6.2.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The m...

CVE-2024-11640 | e4jvikwp VikRentCar Car Rental Management System Plugin up to 1.4.2 on WordPress cross-site request forgery

08.03.2025 15:13

A vulnerability was found in e4jvikwp VikRentCar Car Rental Management System Plugin up to 1.4.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functio...

CVE-2024-10326 | rometheme RomethemeKit for Elementor Plugin up to 1.5.3 on WordPress Setting save_options authorization

08.03.2025 15:13

A vulnerability was found in rometheme RomethemeKit for Elementor Plugin up to 1.5.3 on WordPress. It has been classified as problematic. Affected is the function save_options of the component Setting...

CVE-2025-0177 | javothemes Javo Core Plugin up to 3.0.0.080 on WordPress privileges management

08.03.2025 15:13

A vulnerability was found in javothemes Javo Core Plugin up to 3.0.0.080 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper privile...

CVE-2024-13816 | CodeRevolution Aiomatic Plugin up to 2.3.6 on WordPress authorization

08.03.2025 15:13

A vulnerability has been found in CodeRevolution Aiomatic Plugin up to 2.3.6 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authori...

CVE-2025-1323 | wppost WP-Recall Plugin up to 16.26.10 on WordPress Registration databeat sql injection

08.03.2025 15:13

A vulnerability, which was classified as critical, was found in wppost WP-Recall Plugin up to 16.26.10 on WordPress. This affects an unknown part of the component Registration Handler. The manipulatio...

CVE-2025-1322 | wppost WP-Recall Plugin up to 16.26.10 on WordPress Shortcode feed information disclosure

08.03.2025 15:13

A vulnerability, which was classified as problematic, has been found in wppost WP-Recall Plugin up to 16.26.10 on WordPress. Affected by this issue is the function feed of the component Shortcode Hand...

CVE-2025-1325 | wppost WP-Recall Plugin up to 16.26.10 on WordPress AJAX Endpoint rcl_preview_post authorization

08.03.2025 15:13

A vulnerability classified as critical was found in wppost WP-Recall Plugin up to 16.26.10 on WordPress. Affected by this vulnerability is the function rcl_preview_post of the component AJAX Endpoint....

CVE-2024-13882 | CodeRevolution Aiomatic Plugin up to 2.3.8 on WordPress aiomatic_generate_featured_image unrestricted upload

08.03.2025 15:12

A vulnerability classified as critical has been found in CodeRevolution Aiomatic Plugin up to 2.3.8 on WordPress. Affected is the function aiomatic_generate_featured_image. The manipulation leads to u...

CVE-2024-10321 | themesgrove All-in-One Addons for Elementor Plugin up to 2.5.4 on WordPress Template Data view.php information disclosure

08.03.2025 15:12

A vulnerability was found in themesgrove All-in-One Addons for Elementor Plugin up to 2.5.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file eleme...

CVE-2024-13359 | tychesoftwares Product Input Fields for WooCommerce Plugin up to 1.12.1 on WordPress Double Extension add_product_input_fields_to_order_item_meta unrestricted upload

08.03.2025 15:11

A vulnerability was found in tychesoftwares Product Input Fields for WooCommerce Plugin up to 1.12.1 on WordPress. It has been declared as critical. This vulnerability affects the function add_product...

CVE-2025-2118 | Quantico Tecnologia PRMV 6.48 Login Endpoint /admin/login.php username sql injection

08.03.2025 08:42

A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulat...

CVE-2025-2117 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection

08.03.2025 08:40

A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Affected by this issue is the function electricDocList ...

CVE-2025-2116 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery

08.03.2025 08:39

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown fu...

CVE-2025-2115 | zzskzy Warehouse Refinement Management System 3.1 /AcceptZip.ashx ProcessRequest file unrestricted upload

08.03.2025 08:35

A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation...

CVE-2025-2114 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7 Reset Password Interface OperatorStop.asp OperId improper authorization

08.03.2025 08:33

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the fil...

CVE-2024-13908 | bestwebsoft SMTP Plugin up to 1.1.9 on WordPress save_options unrestricted upload

08.03.2025 08:30

A vulnerability classified as critical was found in bestwebsoft SMTP Plugin up to 1.1.9 on WordPress. This vulnerability affects the function save_options. The manipulation leads to unrestricted uploa...

CVE-2024-11087 | cyberlord92 miniOrange Social Login and Register Pro Addon Plugin improper authentication

08.03.2025 08:30

A vulnerability classified as critical has been found in cyberlord92 miniOrange Social Login and Register Pro Addon Plugin up to 200.3.9 on WordPress. This affects an unknown part. The manipulation le...

CVE-2025-2113 | AT Software Solutions ATSVD up to 3.4.1 Esqueceu a senha txtCPF sql injection

08.03.2025 08:29

A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Esqueceu a senha. The manipul...

CVE-2025-2112 | user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4 MediaInfoService.java getMediaLisByFilter typeId sql injection

08.03.2025 08:26

A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilt...

CVE-2024-13825 | Email Keep Plugin up to 1.1 on WordPress cross site scripting

08.03.2025 08:12

A vulnerability was found in Email Keep Plugin up to 1.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vul...

CVE-2025-1481 | mandooox Shortcode Cleaner Lite Plugin up to 1.0.9 on WordPress download_backup authorization

08.03.2025 08:12

A vulnerability was found in mandooox Shortcode Cleaner Lite Plugin up to 1.0.9 on WordPress and classified as problematic. This issue affects the function download_backup. The manipulation leads to m...

CVE-2024-13826 | Email Keep Plugin up to 1.1 on WordPress Setting cross-site request forgery

08.03.2025 08:09

A vulnerability has been found in Email Keep Plugin up to 1.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation lea...

CVE-2025-27839 | Tangem SDK up to 5.18.2 on Android AttestationTask.kt comparison using wrong factors

08.03.2025 08:09

A vulnerability, which was classified as problematic, was found in Tangem SDK up to 5.18.2 on Android. This affects an unknown part of the file operations/attestation/AttestationTask.kt. The manipulat...

CVE-2024-12460 | laurencebahiirwa Years Since Plugin up to 1.4.1 on WordPress Shortcode years-since cross site scripting

08.03.2025 08:08

A vulnerability, which was classified as problematic, has been found in laurencebahiirwa Years Since Plugin up to 1.4.1 on WordPress. Affected by this issue is the function years-since of the componen...

CVE-2024-12119 | bradvin FooGallery Plugin up to 2.4.29 on WordPress default_gallery_title_size cross site scripting

08.03.2025 08:07

A vulnerability classified as problematic was found in bradvin FooGallery Plugin up to 2.4.29 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument...

CVE-2024-13774 | wpcodefactory Wishlist for WooCommerce Plugin up to 3.1.7 on WordPress Setting save_to_multiple_wishlist cross-site request forgery

08.03.2025 08:07

A vulnerability classified as problematic has been found in wpcodefactory Wishlist for WooCommerce Plugin up to 3.1.7 on WordPress. Affected is the function save_to_multiple_wishlist of the component ...

CVE-2025-1504 | andyexeter Post Lockdown Plugin up to 4.0.2 on WordPress pl_autocomplete authorization

08.03.2025 08:04

A vulnerability was found in andyexeter Post Lockdown Plugin up to 4.0.2 on WordPress. It has been rated as problematic. This issue affects the function pl_autocomplete. The manipulation leads to miss...

CVE-2024-13835 | gandhihitesh9 Post Meta Data Manager Plugin up to 1.4.3 on WordPress privileges management

08.03.2025 08:03

A vulnerability was found in gandhihitesh9 Post Meta Data Manager Plugin up to 1.4.3 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component Post Meta ...

CVE-2024-13844 | saadiqbal Post SMTP Plugin up to 3.1.2 on WordPress columns sql injection

08.03.2025 08:03

A vulnerability was found in saadiqbal Post SMTP Plugin up to 3.1.2 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument columns leads to sq...

CVE-2024-12114 | bradvin FooGallery Plugin up to 2.4.29 on WordPress Setting foogallery_attachment_modal_save img_id authorization

08.03.2025 08:03

A vulnerability was found in bradvin FooGallery Plugin up to 2.4.29 on WordPress and classified as problematic. Affected by this issue is the function foogallery_attachment_modal_save of the component...

CVE-2024-13895 | jtsternberg Code Snippets CPT Plugin up to 2.1.0 on WordPress Shortcode code injection

08.03.2025 08:03

A vulnerability has been found in jtsternberg Code Snippets CPT Plugin up to 2.1.0 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the component ...

CVE-2024-13640 | tychesoftwares Print Invoice & Delivery Notes for WooCommerce Plugin Setting wcdn/invoice information disclosure

08.03.2025 08:00

A vulnerability, which was classified as problematic, was found in tychesoftwares Print Invoice & Delivery Notes for WooCommerce Plugin up to 5.4.1 on WordPress. Affected is an unknown function of the...

CVE-2024-13890 | sksdev Allow PHP Execute Plugin up to 1.0 on WordPress code injection

08.03.2025 07:59

A vulnerability, which was classified as critical, has been found in sksdev Allow PHP Execute Plugin up to 1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to code ...

CVE-2025-22870 | Google Go up to 1.23.6/1.24.0 IPv6 Zone ID Privilege Escalation (Nessus ID 232161)

07.03.2025 23:26

A vulnerability classified as problematic was found in Google Go up to 1.23.6/1.24.0. This vulnerability affects unknown code of the component IPv6 Zone ID Handler. The manipulation leads to Privilege...

CVE-2025-27826 | Bootstrap Lite Theme prior 1.x-1.4.5 on Backdrop cross site scripting (core-2025-005)

07.03.2025 23:24

A vulnerability classified as problematic has been found in Bootstrap Lite Theme on Backdrop. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniqu...

CVE-2025-27825 | Bootstrap 5 Lite Theme prior 1.x-1.0.3 on Backdrop cross site scripting (trib-2025-004)

07.03.2025 23:24

A vulnerability was found in Bootstrap 5 Lite Theme on Backdrop. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting....

CVE-2025-27823 | Mail Disguise Module prior 1.x-1.0.5 on Backdrop cross site scripting (trib-2025-007)

07.03.2025 23:24

A vulnerability was found in Mail Disguise Module on Backdrop. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scr...

CVE-2024-42733 | Docmosis Tornado up to 2.9.7 UNC Path Privilege Escalation (Issue 14)

07.03.2025 23:24

A vulnerability was found in Docmosis Tornado up to 2.9.7. It has been classified as critical. Affected is an unknown function of the component UNC Path Handler. The manipulation leads to Privilege Es...

CVE-2025-27824 | Link iframe Formatter Module prior 1.x-1.1.1 on Backdrop iFrame Field cross site scripting (trib-2025-003)

07.03.2025 23:23

A vulnerability was found in Link iframe Formatter Module on Backdrop and classified as problematic. This issue affects some unknown processing of the component iFrame Field Handler. The manipulation ...

CVE-2025-27822 | Masquerade Module prior 1.x-1.0.1 on Backdrop authorization (trib-2025-006)

07.03.2025 23:23

A vulnerability has been found in Masquerade Module on Backdrop and classified as problematic. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnera...

CVE-2025-26643 | Microsoft Edge up to 133.0.3065.69 the ui performs the wrong action (Nessus ID 232301)

07.03.2025 20:59

A vulnerability, which was classified as critical, was found in Microsoft Edge. This affects an unknown part. The manipulation leads to the ui performs the wrong action. This vulnerability is uniquel...

CVE-2025-24043 | dotnet-debugger-extensions/dotnet-dump/dotnet-sos prior 9.0.607501 WinDbg signature verification

07.03.2025 18:15

A vulnerability, which was classified as critical, has been found in dotnet-debugger-extensions, dotnet-dump and dotnet-sos. Affected by this issue is some unknown functionality of the component WinDb...

CVE-2023-43052 | IBM Control Center up to 6.3.1 improper interaction between multiple correctly-behaving entities

07.03.2025 18:15

A vulnerability classified as problematic was found in IBM Control Center up to 6.3.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper interaction betwee...

CVE-2023-35894 | IBM Control Center up to 6.3.1 Header Host http headers for scripting syntax

07.03.2025 18:15

A vulnerability classified as problematic has been found in IBM Control Center up to 6.3.1. Affected is an unknown function of the component Header Handler. The manipulation of the argument Host leads...

CVE-2024-12975 | Silicon Labs Simplicity SDK prior 2024.12.1 SPI Interface array index

07.03.2025 18:14

A vulnerability was found in Silicon Labs Simplicity SDK. It has been rated as problematic. This issue affects some unknown processing of the component SPI Interface. The manipulation leads to imprope...

CVE-2025-27597 | intlify vue-i18n up to 9.14.2/10.0.5/11.1.1 handleFlatJson prototype pollution (GHSA-p2ph-7g93-hw3m)

07.03.2025 18:14

A vulnerability was found in intlify vue-i18n up to 9.14.2/10.0.5/11.1.1. It has been declared as critical. This vulnerability affects the function handleFlatJson. The manipulation leads to improperly...

CVE-2024-53696 | QNAP Systems QuLog Center/QTS/QuTS hero server-side request forgery (qsa-24-53)

07.03.2025 18:13

A vulnerability was found in QNAP Systems QuLog Center, QTS and QuTS hero. It has been classified as problematic. This affects an unknown part. The manipulation leads to server-side request forgery. ...

CVE-2024-53694 | QNAP Systems QVPN Device Client/Qsync/Qfinder Pro on macOS toctou (qsa-24-51)

07.03.2025 18:13

A vulnerability was found in QNAP Systems QVPN Device Client, Qsync and Qfinder Pro on macOS and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to...

CVE-2025-27604 | XWiki Confluence Migrator Pro up to 1.11.6 information disclosure

07.03.2025 18:13

A vulnerability has been found in XWiki Confluence Migrator Pro up to 1.11.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inform...

CVE-2024-53700 | QNAP Systems QuRouter 2.4.5.032 QHora command injection (qsa-25-07)

07.03.2025 18:12

A vulnerability, which was classified as critical, was found in QNAP Systems QuRouter 2.4.5.032. Affected is an unknown function of the component QHora. The manipulation leads to command injection. T...

CVE-2024-50394 | QNAP Systems Helpdesk up to 3.3.2 certificate validation (qsa-25-05)

07.03.2025 18:12

A vulnerability, which was classified as critical, has been found in QNAP Systems Helpdesk up to 3.3.2. This issue affects some unknown processing. The manipulation leads to improper certificate valid...

CVE-2025-27603 | XWiki Confluence Migrator Pro up to 1.1.x Migration Page Template neutralization of directives (GHSA-6qvp-39mm-95v8)

07.03.2025 18:12

A vulnerability classified as problematic was found in XWiki Confluence Migrator Pro up to 1.1.x. This vulnerability affects unknown code of the component Migration Page Template. The manipulation lea...

CVE-2024-50390 | QNAP Systems QuRouter 2.4.5.032 QHora insecure default initialization of resource (qsa-25-01)

07.03.2025 18:12

A vulnerability classified as very critical has been found in QNAP Systems QuRouter 2.4.5.032. This affects an unknown part of the component QHora. The manipulation leads to insecure default initializ...

CVE-2024-53695 | QNAP Systems HBS 3 Hybrid Backup Sync prior 25.1.4.952 buffer overflow (qsa-25-06)

07.03.2025 18:12

A vulnerability was found in QNAP Systems HBS 3 Hybrid Backup Sync. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. Thi...

CVE-2024-48864 | QNAP Systems File Station 5 prior 5.5.6.4741 file access (qsa-24-55)

07.03.2025 18:11

A vulnerability was found in QNAP Systems File Station 5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to files or directorie...

CVE-2024-13086 | QNAP Systems QTS/QuTS hero prior 5.2.0.2851 Build 20240808 information disclosure (qsa-25-03)

07.03.2025 18:10

A vulnerability was found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120. It has been classified as problematic. Affected is an unknown function. The manipulatio...

CVE-2024-53699 | QNAP Systems QTS/QuTS hero prior 5.2.3.3006 Build 20250108 out-of-bounds write (qsa-24-54)

07.03.2025 18:09

A vulnerability was found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120 and classified as problematic. This issue affects some unknown processing. The manipulat...

CVE-2024-53698 | QNAP Systems QTS/QuTS hero prior 5.2.3.3006 Build 20250108 double free (qsa-24-54)

07.03.2025 18:09

A vulnerability has been found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120 and classified as problematic. This vulnerability affects unknown code. The manipul...

CVE-2024-53697 | QNAP Systems QTS/QuTS hero prior 5.2.3.3006 Build 20250108 out-of-bounds write (qsa-24-54)

07.03.2025 18:09

A vulnerability, which was classified as problematic, was found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120. This affects an unknown part. The manipulation le...

CVE-2024-53693 | QNAP Systems QTS/QuTS hero prior 5.2.3.3006 Build 20250108 crlf injection (qsa-24-54)

07.03.2025 18:09

A vulnerability, which was classified as problematic, has been found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120. Affected by this issue is some unknown funct...

CVE-2024-53692 | QNAP Systems QTS/QuTS hero prior 5.2.3.3006 Build 20250108 command injection (qsa-24-54)

07.03.2025 18:08

A vulnerability classified as critical was found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128/5.1.9.2954 Build 20241120. Affected by this vulnerability is an unknown functionality. The ...

CVE-2024-38638 | QNAP Systems QTS/QuTS hero 5.1.4.2596 Build 20231128 out-of-bounds write (qsa-24-52)

07.03.2025 18:08

A vulnerability classified as critical has been found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128. Affected is an unknown function. The manipulation leads to out-of-bounds write. This...

CVE-2024-50405 | QNAP Systems QTS/QuTS hero 5.1.4.2596 Build 20231128 crlf injection (qsa-24-54)

07.03.2025 18:07

A vulnerability was found in QNAP Systems QTS and QuTS hero 5.1.4.2596 Build 20231128. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to crlf inje...

CVE-2025-27607 | nhairs python-json-logger up to 3.2.x inclusion of functionality from untrusted control sphere

07.03.2025 18:07

A vulnerability was found in nhairs python-json-logger up to 3.2.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to inclusion of functionality from...

CVE-2025-0162 | IBM Aspera Shares up to 1.10.0 PL7 xml external entity reference

07.03.2025 18:07

A vulnerability was found in IBM Aspera Shares up to 1.10.0 PL7. It has been classified as critical. This affects an unknown part. The manipulation leads to xml external entity reference. This vulner...

CVE-2025-25617 | Unifiedtransform 2.x Syllabus access control

07.03.2025 17:01

A vulnerability was found in Unifiedtransform 2.x and classified as critical. Affected by this issue is some unknown functionality of the component Syllabus Handler. The manipulation leads to improper...

CVE-2025-27519 | truefoundry cognita Environment Variable upload-to-local-directory path traversal (GHSL-2024-193)

07.03.2025 17:01

A vulnerability has been found in truefoundry cognita and classified as critical. Affected by this vulnerability is an unknown functionality of the file /v1/internal/upload-to-local-directory of the c...

CVE-2025-27518 | truefoundry cognita cross site scripting (GHSL-2024-193)

07.03.2025 17:01

A vulnerability, which was classified as problematic, was found in truefoundry cognita. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded a...

CVE-2025-2097 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setRptWizardCfg loginpass stack-based overflow

07.03.2025 16:50

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The mani...