jell.ie CVEs
Read at: 2025-05-17T16:13:06+00:00
CVE ID : CVE-2025-48187
Published : May 17, 2025, 1:15 p.m. | 1 hour, 29 minutes ago
Description : RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4101
Published : May 17, 2025, 1:15 p.m. | 1 hour, 29 minutes ago
Description : The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4669
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3888
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3527
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.9.6.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13613
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4826
Published : May 17, 2025, 11:15 a.m. | 3 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4825
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4824
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4823
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4610
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4819
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4391
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3812
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4389
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4190
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4818
Published : May 17, 2025, 5:15 a.m. | 9 hours, 29 minutes ago
Description : A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4817
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4816
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4194
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4189
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4815
Published : May 17, 2025, 3:17 a.m. | 11 hours, 28 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4814
Published : May 17, 2025, 3:17 a.m. | 11 hours, 28 minutes ago
Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1706
Published : May 17, 2025, 1:15 a.m. | 13 hours, 29 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47893
Published : May 17, 2025, 1:15 a.m. | 13 hours, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Catalin Iovita, David Bors, Alexandru Postolache' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nikolett Sipos & Nabeel Ahmed from NTT Belgium' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.3
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sharkkcode and Zeze with TeamT5' was reported to the affected vendor on: 2025-05-13, 4 days ago. The vendor is given until 2025-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vu Khanh Trinh (@_Sonicrr) from VNPT Cyber Immunity' was reported to the affected vendor on: 2025-05-13, 4 days ago. The vendor is given until 2025-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1883.
This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-3617.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-3618.
This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. Minimal user interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2025-46618.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-25254.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1884.
A CVSS score 10.0
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'NgockhanhC311' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Gwangun Jung at THEORI' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.5
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould (@bobbygould5) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
A CVSS score 7.0
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 3.3
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.0
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ccc' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20176.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20173.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20171.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.
This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-2774.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20169.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-20174.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20170.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-10445.
This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-2759.
A CVSS score 6.7
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by 'Slavin Liu' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 3.3
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6030.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-2082.
This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6032.
This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34099.
This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-6029.
This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13943.
This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6031.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-3887.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34098.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-29953.
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21113.
A CVSS score 6.8
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'adhkr - LuwakLab' was reported to the affected vendor on: 2025-04-29, 18 days ago. The vendor is given until 2025-08-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-04-28, 19 days ago. The vendor is given until 2025-08-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
count: 100