CVE |
CVSS |
Git URL |
Published |
Description |
CVE-2025-62366 |
- |
https://github.com/eladnava/mailgen/commit/7279a983481d05c51aa451e86146f98aaa42fee9 |
2025-10-14T16:15:42.170 |
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts to remove HTML tags, but if tags are provided as encoded HTML entities they are not removed and are later decoded, resulting in active HTML (for example an img tag with an event handler) in the supposed plaintext output. In contexts where the generated plaintext string is subsequently rendered as HTML, this can allow execution of attacker‑controlled JavaScript. Versions 2.0.31 and later contain a fix. No known workarounds exist. |
CVE-2025-62174 |
3.5 |
https://github.com/mastodon/mastodon/commit/1631fb80e8029d2c5425a03a2297b93f7e225217 |
2025-10-13T21:15:34.770 |
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using `bin/tootctl accounts modify --reset-password`, active sessions and access tokens for that account are not revoked. This allows an attacker with access to a previously compromised session or token to continue using the account after the password has been reset. This issue has been patched in versions 4.2.27, 4.3.14, and 4.4.6. No known workarounds exist. |
CVE-2025-62170 |
7.5 |
https://github.com/rathena/rathena/commit/af2f3ba33fc03dc6dd510f8cfe84cd9185af748d |
2025-10-13T18:15:34.980 |
rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of service by crashing the map-server. This issue has been patched in commit af2f3ba. There are no known workarounds aside from manually applying the patch. |
CVE-2025-57618 |
7.3 |
remote,execution,unauthenticated |
2025-10-14T18:15:36.190 |
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints. |
CVE-2025-55340 |
7.0 |
remote,authentication,bypass |
2025-10-14T17:15:47.620 |
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
CVE-2025-55334 |
6.2 |
sensitive,bypass |
2025-10-14T17:15:46.610 |
Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. |
CVE-2025-53139 |
7.7 |
sensitive,bypass |
2025-10-14T17:15:43.423 |
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. |
CVE-2025-37148 |
6.5 |
remote,unauthenticated |
2025-10-14T17:15:41.897 |
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore functionality. |
CVE-2025-37146 |
7.2 |
remote,execution,command |
2025-10-14T17:15:41.633 |
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. |
CVE-2025-37137 |
6.5 |
remote,command |
2025-10-14T17:15:40.413 |
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. |
CVE-2025-37136 |
6.5 |
remote,command |
2025-10-14T17:15:40.280 |
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. |
CVE-2025-37135 |
6.5 |
remote,command |
2025-10-14T17:15:40.140 |
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. |
CVE-2025-11548 |
- |
remote,execution,unauthenticated |
2025-10-14T17:15:35.433 |
A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution |
CVE-2025-54973 |
5.3 |
execution,bypass |
2025-10-14T16:15:39.703 |
A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests. |
CVE-2025-53845 |
6.5 |
unauthenticated,authentication |
2025-10-14T16:15:39.010 |
An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests. |
CVE-2025-49201 |
8.1 |
authentication,command |
2025-10-14T16:15:38.840 |
A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests |
CVE-2025-31514 |
2.7 |
command,sensitive |
2025-10-14T16:15:37.587 |
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. |
CVE-2025-25252 |
4.8 |
remote,vpn |
2025-10-14T16:15:36.683 |
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record. |
CVE-2025-10985 |
7.2 |
remote,execution,command |
2025-10-14T15:16:01.610 |
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
CVE-2025-10243 |
7.2 |
remote,execution,command |
2025-10-14T15:16:01.280 |
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
CVE-2025-10242 |
7.2 |
remote,execution,command |
2025-10-14T15:16:01.087 |
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
CVE-2025-9063 |
- |
authentication,bypass |
2025-10-14T13:15:39.480 |
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. |
CVE-2025-40771 |
9.8 |
remote,unauthenticated |
2025-10-14T10:15:38.297 |
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data. |
CVE-2025-40765 |
9.8 |
remote,unauthenticated |
2025-10-14T10:15:38.127 |
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. |
CVE-2025-20720 |
8.8 |
remote,execution |
2025-10-14T10:15:36.777 |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569. |
CVE-2025-20719 |
8.8 |
remote,execution |
2025-10-14T10:15:36.637 |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570. |
CVE-2025-20712 |
8.8 |
remote,execution |
2025-10-14T10:15:35.717 |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810. |
CVE-2025-20711 |
8.8 |
remote,execution |
2025-10-14T10:15:35.580 |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748. |
CVE-2025-20710 |
8.8 |
remote,execution |
2025-10-14T10:15:35.443 |
In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515. |
CVE-2025-20709 |
8.8 |
remote,execution |
2025-10-14T10:15:35.300 |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415809; Issue ID: MSV-3405. |
CVE-2025-46581 |
9.8 |
remote,execution,unauthenticated,command |
2025-10-14T09:15:33.227 |
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges. |
CVE-2025-41718 |
7.5 |
remote,sensitive |
2025-10-14T09:15:33.040 |
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI. |
CVE-2025-41699 |
8.8 |
remote,command |
2025-10-14T09:15:32.830 |
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection'). |
CVE-2025-41707 |
5.3 |
remote,unauthenticated |
2025-10-14T08:15:36.000 |
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. |
CVE-2025-41706 |
5.3 |
remote,unauthenticated |
2025-10-14T08:15:35.820 |
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality. |
CVE-2025-41705 |
6.8 |
remote,unauthenticated |
2025-10-14T08:15:35.650 |
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend. |
CVE-2025-41703 |
7.5 |
remote,unauthenticated,command |
2025-10-14T08:15:34.763 |
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command. |
CVE-2025-59889 |
8.6 |
execution,authentication |
2025-10-14T06:15:34.810 |
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. |
CVE-2025-9713 |
8.8 |
remote,execution,unauthenticated |
2025-10-13T21:15:35.727 |
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. |
CVE-2025-62364 |
6.2 |
unauthenticated,sensitive |
2025-10-13T21:15:35.560 |
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the application processes the upload, it follows the symbolic link and serves the contents of the targeted file through the web interface. This allows an unauthenticated attacker to read sensitive files on the server, potentially exposing system configurations, credentials, and other confidential information. This vulnerability is fixed in 3.14. No known workarounds exist. |
CVE-2025-61688 |
8.6 |
sensitive,leak |
2025-10-13T21:15:34.613 |
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API. |
CVE-2025-59836 |
5.3 |
unauthenticated,sensitive |
2025-10-13T21:15:34.457 |
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. The vulnerability exists in the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. When a resource is created with an empty Metadata field, the CreateResource function attempts to access resource.Metadata.Version causing a segmentation fault. This vulnerability is fixed in 1.1.5 and 1.0.2. |
CVE-2025-37729 |
9.1 |
command,sensitive |
2025-10-13T14:15:34.533 |
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated. |
CVE-2025-10720 |
- |
unauthenticated,bypass |
2025-10-13T10:15:45.590 |
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser. |
CVE-2025-11675 |
7.2 |
remote,execution |
2025-10-13T08:15:41.137 |
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
CVE-2025-11672 |
5.3 |
remote,unauthenticated,authentication |
2025-10-13T08:15:40.550 |
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names. |
CVE-2025-11671 |
5.3 |
remote,unauthenticated,authentication |
2025-10-13T08:15:40.333 |
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses. |
CVE-2025-9265 |
- |
remote,unauthenticated |
2025-10-13T07:15:56.677 |
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects
Kiloview NDI N30
and was fixed in Firmware version later than 2.02.0246 |
CVE-2025-11665 |
4.7 |
remote,command |
2025-10-13T07:15:52.023 |
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. |
CVE-2025-0636 |
8.4 |
execution,command |
2025-10-13T07:15:48.883 |
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. |
CVE-2025-11645 |
2.4 |
authentication,sensitive |
2025-10-12T21:15:33.303 |
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
CVE-2025-31998 |
3.5 |
remote,execution,sensitive |
2025-10-12T03:15:34.557 |
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. |