| CVE | CVSS | Git URL | Published | Description |
|---|---|---|---|---|
| CVE-2025-53106 | - | https://github.com/graylog2/graylog2-server/commit/9215b8f1fd32566c31e6f7447ed864df3590c157 | 2025-07-02T14:15:26.273 | Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens". |
| CVE-2025-6952 | 3.3 | https://github.com/open5gs/open5gs/commit/53e9e059ed96b940f7ddcd9a2b68cb512524d5db | 2025-07-01T12:15:24.343 | A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue. |
| CVE-2025-52996 | 3.1 | https://github.com/filebrowser/filebrowser/issues/5239 | 2025-06-30T20:15:25.690 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available. |
| CVE-2025-53076 | - | https://github.com/samsung/rlottie/pull/573 | 2025-06-30T03:15:25.843 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-53074 | - | https://github.com/samsung/rlottie/pull/571 | 2025-06-30T03:15:25.680 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-53075 | - | https://github.com/samsung/rlottie/pull/571 | 2025-06-30T02:15:21.237 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2. |
| CVE-2025-0634 | - | https://github.com/samsung/rlottie/pull/571 | 2025-06-30T02:15:20.920 | Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2. |
| CVE-2025-34073 | - | remote,unauthenticated,authentication,command | 2025-07-02T14:15:24.967 | An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input passed to subprocess.check_output() in core/http.py, allowing injection of shell metacharacters. Exploitation does not require authentication and commands are executed with the privileges of the Maltrail process. |
| CVE-2025-34071 | - | remote,execution | 2025-07-02T14:15:24.667 | A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access. |
| CVE-2025-34070 | - | remote,unauthenticated,authentication,sensitive,bypass | 2025-07-02T14:15:24.527 | A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs. |
| CVE-2025-34069 | - | unauthenticated,authentication,bypass | 2025-07-02T14:15:24.390 | An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance. |
| CVE-2025-34067 | - | remote,execution,unauthenticated,command | 2025-07-02T14:15:24.250 | An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. |
| CVE-2025-34057 | - | unauthenticated,authentication,sensitive | 2025-07-02T14:15:24.090 | An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker can retrieve administrative account credentials in plaintext. This flaw allows direct disclosure of sensitive user data due to improper authentication checks and insecure backend logic. |
| CVE-2025-4946 | 8.1 | remote,execution | 2025-07-02T10:15:23.227 | The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Note: Requires Vikinger Media plugin to be installed and active. |
| CVE-2025-27023 | 6.5 | remote,execution,command | 2025-07-02T10:15:22.540 | Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way. |
| CVE-2025-27021 | 7.0 | command,sensitive | 2025-07-02T09:15:25.117 | The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address. |
| CVE-2025-24333 | 6.4 | execution,command | 2025-07-02T09:15:24.800 | Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file. |
| CVE-2025-6464 | 7.5 | unauthenticated,sensitive | 2025-07-02T06:15:23.520 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' function. This makes it possible for unauthenticated attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Deserialization occurs when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings. |
| CVE-2025-6463 | 8.8 | remote,execution,unauthenticated | 2025-07-02T05:15:27.737 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. This makes it possible for unauthenticated attackers to include arbitrary file paths in a form submission. The file will be deleted when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings. This can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| CVE-2025-6437 | 7.5 | unauthenticated,sensitive | 2025-07-02T04:15:58.987 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| CVE-2025-5746 | 9.8 | remote,execution,unauthenticated | 2025-07-02T04:15:58.013 | The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The execution of PHP is disabled via a .htaccess file but is still possible in certain server configurations. |
| CVE-2025-5339 | 7.5 | unauthenticated,sensitive | 2025-07-02T04:15:57.677 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| CVE-2025-5014 | 8.8 | remote,execution | 2025-07-02T04:15:56.833 | The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wp_rem_cs_widget_file_delete' function in all versions up to, and including, 2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| CVE-2025-4689 | 9.8 | remote,execution,unauthenticated | 2025-07-02T04:15:55.587 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability. |
| CVE-2025-4381 | 7.5 | unauthenticated,sensitive | 2025-07-02T04:15:53.837 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| CVE-2025-4380 | 8.1 | execution,unauthenticated,sensitive,bypass | 2025-07-02T04:15:52.710 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases .php files can can be uploaded and included, or already exist on the site. |
| CVE-2025-52101 | - | authentication,bypass | 2025-07-01T21:15:25.533 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-force cracking. |
| CVE-2025-53107 | 7.5 | remote,execution,command | 2025-07-01T18:15:25.990 | @cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.). An MCP Client can be instructed to execute additional actions for example via indirect prompt injection when asked to read git logs. This issue has been patched in version 2.1.5. |
| CVE-2025-37099 | 9.8 | remote,execution | 2025-07-01T18:15:24.763 | A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
| CVE-2025-34081 | - | unauthenticated,sensitive | 2025-07-01T18:15:24.627 | The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7. |
| CVE-2025-6297 | 8.2 | execution,command | 2025-07-01T17:15:30.177 | It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. |
| CVE-2025-34065 | - | unauthenticated,authentication,bypass | 2025-07-01T15:15:25.187 | An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls. |
| CVE-2025-34064 | - | sensitive,leak | 2025-07-01T15:15:25.050 | A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation. |
| CVE-2025-34063 | - | authentication,bypass | 2025-07-01T15:15:24.913 | A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment. |
| CVE-2025-34060 | - | remote,execution,bypass | 2025-07-01T15:15:24.620 | A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation. MIME type checks using PHP’s finfo can be bypassed via crafted stream filter chains that prepend spoofed headers, allowing access to internal Laravel configuration files. An attacker can extract the APP_KEY from config/app.php, forge encrypted cookies, and trigger unsafe unserialize() calls, leading to reliable remote code execution. |
| CVE-2025-34059 | - | unauthenticated,sensitive | 2025-07-01T15:15:24.477 | An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. |
| CVE-2025-34058 | - | remote,sensitive | 2025-07-01T15:15:24.340 | Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files. |
| CVE-2025-34056 | - | execution,command | 2025-07-01T15:15:24.203 | An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges. |
| CVE-2025-34054 | - | unauthenticated,command | 2025-07-01T15:15:23.910 | An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. |
| CVE-2025-34053 | - | authentication,bypass | 2025-07-01T15:15:23.760 | An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. |
| CVE-2025-34052 | - | unauthenticated,authentication,sensitive | 2025-07-01T15:15:23.623 | An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication. |
| CVE-2025-34051 | - | authentication,sensitive | 2025-07-01T15:15:23.467 | A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services. |
| CVE-2025-6920 | 5.3 | authentication,sensitive,bypass | 2025-07-01T14:15:41.690 | A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources. |
| CVE-2025-37097 | 7.5 | remote,unauthenticated | 2025-07-01T14:15:38.537 | A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service |
| CVE-2025-36582 | 4.8 | remote,unauthenticated | 2025-07-01T14:15:37.300 | Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
| CVE-2025-41656 | 10.0 | remote,unauthenticated,authentication,command | 2025-07-01T08:15:24.443 | An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. |
| CVE-2025-41648 | 9.8 | remote,unauthenticated,bypass | 2025-07-01T08:15:23.280 | An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI. |
| CVE-2025-53095 | 9.6 | execution,command | 2025-07-01T02:15:22.563 | Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can trigger unintended actions within the Sunshine application on behalf of that user. Specifically, since the application does OS command execution by design, this issue can be exploited to abuse the "Command Preparations" feature, enabling an attacker to inject arbitrary commands that will be executed with Administrator privileges when an application is launched. This issue has been patched in version 2025.628.4510. |
| CVE-2025-49521 | 8.8 | command,sensitive | 2025-06-30T21:15:31.063 | A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft. |
| CVE-2025-49520 | 8.8 | remote,command | 2025-06-30T21:15:30.913 | A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access. |
| CVE-2025-52901 | 4.5 | sensitive,leak | 2025-06-30T20:15:25.390 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9. |
| CVE-2025-36593 | 8.8 | authentication,bypass | 2025-06-30T19:15:23.580 | Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. |
| CVE-2025-46702 | 5.4 | sensitive,bypass | 2025-06-30T17:15:32.600 | Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges. |
| CVE-2025-26074 | 9.8 | remote,command | 2025-06-30T17:15:31.987 | Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. |
| CVE-2025-6899 | 6.3 | remote,command | 2025-06-30T09:15:27.160 | A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-53415 | 7.8 | remote,execution | 2025-06-30T09:15:26.903 | Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution |
| CVE-2025-6898 | 6.3 | remote,command | 2025-06-30T08:15:24.113 | A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-38089 | - | remote,authentication | 2025-06-30T08:15:23.590 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. |
| CVE-2025-6896 | 6.3 | remote,command | 2025-06-30T07:15:23.543 | A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-24292 | 6.8 | authentication,vpn | 2025-06-29T20:15:25.050 | A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile. |