CVE-2025-25799
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
CVE-2025-26525
Insufficient sanitizing in the TeX notation filter resulted in an
arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).
CVE-2024-12917
Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
CVE-2025-23421
An attacker could obtain firmware files and reverse engineer their
intended use leading to loss of confidentiality and integrity of the
hardware devices enabled by the Qardio iOS and Android applications.
CVE-2024-11629
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
CVE-2025-1042
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
CVE-2025-0509
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
CVE-2024-57452
ChestnutCMS
CVE-2023-29080
Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folde…
CVE-2024-47106
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
CVE-2024-45627
In Apache Linkis
CVE-2024-53649
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versio…
CVE-2024-47518
Specially constructed queries targeting ETM could discover active remote access sessions
CVE-2024-43660
The CGI script .sh can be used to download any file on the filesystem.
This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.
Likelihood: High, but credentials required.
Impact: Critical – The script can be u…