CVE-2025-3935 - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.  It is import... read CVE-2025-3935
Published: April 25, 2025; 3:15:49 PM -0400

V3.1: 7.2 HIGH

CVE-2022-2068 - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2... read CVE-2022-2068
Published: June 21, 2022; 11:15:09 AM -0400

V3.1: 7.3 HIGH
V2.0: 10.0 HIGH

CVE-2024-36535 - Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Published: July 24, 2024; 4:15:04 PM -0400

CVE-2024-42050 - The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg.
Published: July 27, 2024; 11:15:01 PM -0400

V3.1: 7.0 HIGH

CVE-2024-42051 - The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.
Published: July 27, 2024; 11:15:02 PM -0400

CVE-2024-42053 - The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.
Published: July 27, 2024; 11:15:02 PM -0400

CVE-2024-45165 - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both sta... read CVE-2024-45165
Published: August 22, 2024; 12:15:22 AM -0400

CVE-2024-45166 - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Se... read CVE-2024-45166
Published: August 22, 2024; 12:15:24 AM -0400

CVE-2024-45167 - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Se... read CVE-2024-45167
Published: August 22, 2024; 12:15:25 AM -0400

CVE-2024-45168 - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.
Published: August 22, 2024; 12:15:27 AM -0400

CVE-2024-45169 - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Se... read CVE-2024-45169
Published: August 22, 2024; 12:15:27 AM -0400

CVE-2024-43031 - autMan v2.9.6 was discovered to contain an access control issue.
Published: August 23, 2024; 12:15:06 PM -0400

CVE-2024-43032 - autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.
Published: August 23, 2024; 12:15:06 PM -0400

CVE-2024-39097 - There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.
Published: August 26, 2024; 11:15:08 AM -0400

CVE-2024-51991 - October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize S... read CVE-2024-51991
Published: May 05, 2025; 1:18:44 PM -0400

V3.1: 4.9 MEDIUM

CVE-2025-46340 - Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inje... read CVE-2025-46340
Published: May 05, 2025; 3:15:56 PM -0400

V3.1: 5.4 MEDIUM

CVE-2025-46553 - @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a r... read CVE-2025-46553
Published: May 05, 2025; 3:15:56 PM -0400

V3.1: 6.1 MEDIUM

CVE-2025-46559 - Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have acce... read CVE-2025-46559
Published: May 05, 2025; 3:15:56 PM -0400

V3.1: 7.5 HIGH

CVE-2025-46730 - MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to i... read CVE-2025-46730
Published: May 05, 2025; 4:15:21 PM -0400

V3.1: 6.5 MEDIUM

CVE-2025-46731 - Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `AL... read CVE-2025-46731
Published: May 05, 2025; 4:15:21 PM -0400

V3.1: 7.2 HIGH