2025-07-24
2025-07-24 13:15Z
CRIT

CVE-2025-5243 — Upload: Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025. CVSSv3.1 10.0 (CRITICAL) · EPSS 85th percentile

CWECWE 434CWECWE 78TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-24
2025-07-24 13:15Z
CRIT

CVE-2025-4822 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4822

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-24
2025-07-24 10:15Z
CRIT

CVE-2025-6441 — Webinar: The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-6441

The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.32. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under CVSSv3.1 9.8 (CRITICAL)

CWECWE 862VNDWebinarTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-23
2025-07-23 05:15Z
HIGH

CVE-2025-8020 — All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8020

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code. CVSSv3.1 8.2 (HIGH) · EPSS 7th percentile

CWECWE 918TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8044 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8043 — Mozilla Firefox: Focus incorrectly truncated URLs towards the beginning instead of around the origin.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141. CVSSv3.1 9.8 (CRITICAL)

CWECWE 451VNDMozillaVNDFocusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8040 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8039 — Mozilla Firefox: In some cases search terms persisted in the URL bar even after navigating away

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. CVSSv3.1 8.1 (HIGH)

CWECWE 200VNDMozillaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8038 — Mozilla Firefox: Thunderbird ignored paths when checking the validity of navigations in a frame.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 345VNDMozillaVNDThunderbirdTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8037 — Mozilla Firefox: Setting a nameless cookie with an equals sign in the value shadowed other cookies.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. CVSSv3.1 9.1 (CRITICAL)

CWECWE 614VNDMozillaVNDSettingTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8036 — Mozilla Firefox: Thunderbird cached CORS preflight responses across IP address changes.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. CVSSv3.1 8.1 (HIGH)

CWECWE 350VNDMozillaVNDThunderbirdTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8035 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8035

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8034 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8034

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderb CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8032 — Mozilla Firefox: XSLT document loading did not correctly propagate the source document which bypassed its CSP.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 8.1 (HIGH)

CWECWE 693VNDMozillaVNDXsltTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8031 — Mozilla Firefox: The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8031

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 276VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8030 — Mozilla Firefox: Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8030

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 8.1 (HIGH)

CWECWE 94VNDMozillaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
HIGH

CVE-2025-8029 — Mozilla Firefox: Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8029

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 8.1 (HIGH)

CWECWE 80VNDMozillaVNDThunderbirdTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-22
2025-07-22 21:15Z
CRIT

CVE-2025-8028 — Mozilla Firefox: On arm64, a WASM `br_table` instruction with a lot of entries could lead to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8028

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 1332VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-22
2025-07-22 12:15Z
CRIT

CVE-2025-4285 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4285

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32. CVSSv3.1 10.0 (CRITICAL) · EPSS 48th percentile

CWECWE 89TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-21
2025-07-21 18:15Z
CRIT

CVE-2025-44654 — Linksys E2500_firmware: This could lead to unauthorized access to system files, privilege escalation, or use of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-44654

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. CVSSv3.1 9.8 (CRITICAL) · EPSS 61th percentile

CWECWE 284VNDLinksysTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-21
2025-07-21 16:15Z
CRIT

CVE-2025-44655 — Totolink A7100ru_firmware: This could lead to unauthorized access to system files, privilege escalation, or use of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-44655

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. CVSSv3.1 9.8 (CRITICAL) · EPSS 26th percentile

CWECWE 266VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-18
2025-07-18 19:15Z
HIGH

CVE-2025-50585 — Daycloud Studentmanage: v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50585

StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl. CVSSv3.1 8.8 (HIGH) · EPSS 28th percentile

CWECWE 89VNDDaycloudVNDStudentmanageTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-18
2025-07-18 18:15Z
HIGH

CVE-2025-52164 — Software: GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52164

Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. CVSSv3.1 8.2 (HIGH) · EPSS 16th percentile

CWECWE 256VNDSoftwareTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-07-18
2025-07-18 06:15Z
HIGH

CVE-2025-6718 — WordPress: The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-6718

The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDWordpressTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-17
2025-07-17 22:15Z
CRIT

CVE-2025-7398 — Broadcom Brocade_active_support_connectivity_gateway: Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-7398

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. CVSSv3.1 9.1 (CRITICAL)

CWECWE 326VNDBroadcomVNDBrocadeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score