Vulnerability Details

CVE-2025-3659 • published on May 12, 2025 Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings.

CVE-2025-1079 • published on May 12, 2025 Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature

CVE-2024-4982 • published on May 12, 2025 A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

CVE-2024-4981 • published on May 12, 2025 A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

CVE-2025-47682 • published on May 12, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2.

CVE-2025-3632 • published on May 12, 2025 IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.

CVE-2025-46743 • published on May 12, 2025 An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.

CVE-2025-46750 • published on May 12, 2025 SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.

CVE-2025-46749 • published on May 12, 2025 An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.

CVE-2025-46748 • published on May 12, 2025 An authenticated user attempting to change their password could do so without using the current password.

CVE-2025-46747 • published on May 12, 2025 An authenticated user without user-management permissions could identify other user accounts.

CVE-2025-46746 • published on May 12, 2025 An administrator could discover another account's credentials.

CVE-2025-46745 • published on May 12, 2025 An authenticated user without user-management permissions could view other users' account information.

CVE-2025-46744 • published on May 12, 2025 An authenticated administrator could modify the Created By username for a user account

CVE-2025-46742 • published on May 12, 2025 Users who were required to change their password could still access system information before changing their password

CVE-2025-46741 • published on May 12, 2025 A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.

CVE-2025-46740 • published on May 12, 2025 An authenticated user without user administrative permissions could change the administrator Account Name.

CVE-2025-46739 • published on May 12, 2025 An unauthenticated user could discover account credentials via a brute-force attack without rate limiting

CVE-2025-46738 • published on May 12, 2025 An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.

CVE-2025-46737 • published on May 12, 2025 SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.

Recent Vulnerabilities