High · CVSS 7.2
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.
Published Oct 16, 2025 · Updated Jul 8, 2026
Medium · CVSS 4.9
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
Published Oct 16, 2025 · Updated Jul 8, 2026
Medium · CVSS 4.5
An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.
Published Oct 14, 2025 · Updated Jul 8, 2026
Low · CVSS 2.5
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
Published Oct 14, 2025 · Updated Jul 8, 2026
Medium · CVSS 5.7
Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 7.3
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.1
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Published Oct 6, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.1
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 8.2
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 8.2
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Published Oct 6, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 8.2
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 8.2
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 7.3
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.9
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
High · CVSS 8
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Published Oct 6, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.3
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
Published Oct 21, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.2
An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service.
Published Oct 24, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
Published Oct 22, 2025 · Updated Jul 5, 2026
High · CVSS 8.1
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
Published Oct 20, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
Published Oct 20, 2025 · Updated Jul 5, 2026
High · CVSS 7.1
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.
Published Oct 20, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Published Oct 17, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.4
CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."
Published Oct 17, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information.
Published Oct 21, 2025 · Updated Jul 5, 2026
High · CVSS 7.2
An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login
Published Oct 8, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.
Published Oct 30, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
Published Oct 20, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.8
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a user-supplied URI without adequate allow/blocklist validation and returns a 307 redirect that can disclose internal URLs in the Location header.
Published Oct 29, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
Published Oct 10, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
Published Oct 23, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Published Oct 28, 2025 · Updated Jul 5, 2026
High · CVSS 7.8
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
Published Oct 31, 2025 · Updated Jul 5, 2026
High · CVSS 7.6
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
Published Oct 24, 2025 · Updated Jul 5, 2026
High · CVSS 7.6
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
Published Oct 24, 2025 · Updated Jul 5, 2026
High · CVSS 7.6
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
Published Oct 24, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.3
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
Published Oct 24, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowed_classes option, allowing an attacker to inject arbitrary PHP objects. This can lead to malicious behavior, such as Remote Code Execution (RCE), SQL Injection, Path Traversal, or Denial of Service, depending on the availability of exploitable classes in the Vfront codebase or its dependencies.
Published Oct 16, 2025 · Updated Jul 5, 2026
High · CVSS 7.3
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.
Published Oct 14, 2025 · Updated Jul 5, 2026
High · CVSS 8.1
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients.
Published Oct 10, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Published Oct 28, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.1
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing this room information
Published Oct 10, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
Published Oct 10, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.9
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.
Published Oct 10, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
Published Oct 10, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.
Published Oct 9, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.
Published Oct 9, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.1
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel, enabling execution of system commands.
Published Oct 17, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter.
Published Oct 8, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.8
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card.
Published Oct 24, 2025 · Updated Jul 5, 2026