CVE-2025-55746 - Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary conten... read CVE-2025-55746
Published: August 20, 2025; 2:15:35 PM -0400

V3.1: 7.5 HIGH

CVE-2025-29903 - In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
Published: March 12, 2025; 9:15:37 AM -0400

V3.1: 7.8 HIGH

CVE-2023-53955 - SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied i... read CVE-2023-53955
Published: December 22, 2025; 5:15:59 PM -0500

CVE-2023-53960 - SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POS... read CVE-2023-53960
Published: December 22, 2025; 5:16:00 PM -0500

V3.1: 9.8 CRITICAL

CVE-2023-53961 - SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio pro... read CVE-2023-53961
Published: December 22, 2025; 5:16:00 PM -0500

V3.1: 4.3 MEDIUM

CVE-2023-53962 - SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sendin... read CVE-2023-53962
Published: December 22, 2025; 5:16:00 PM -0500

V3.1: 7.5 HIGH

CVE-2025-1798 - The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks.
Published: March 25, 2025; 2:15:40 AM -0400

CVE-2025-0717 - To exploit the vulnerability, it is necessary:
Published: March 25, 2025; 2:15:40 AM -0400

CVE-2025-30610 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.2.6.
Published: March 24, 2025; 10:15:33 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-12010 - A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating s... read CVE-2024-12010
Published: March 10, 2025; 10:15:10 PM -0400

CVE-2025-68665 - LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method ... read CVE-2025-68665
Published: December 23, 2025; 6:15:45 PM -0500

V3.1: 9.1 CRITICAL

CVE-2024-11253 - A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privile... read CVE-2024-11253
Published: March 10, 2025; 10:15:10 PM -0400

CVE-2025-68664 - LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries wi... read CVE-2025-68664
Published: December 23, 2025; 6:15:44 PM -0500

V3.1: 8.2 HIGH

CVE-2024-12009 - A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS)... read CVE-2024-12009
Published: March 10, 2025; 10:15:10 PM -0400

CVE-2025-8110 - Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
Published: December 10, 2025; 9:16:19 AM -0500

V3.1: 8.8 HIGH

CVE-2023-53963 - SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php ... read CVE-2023-53963
Published: December 22, 2025; 5:16:00 PM -0500

CVE-2023-53964 - SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specifi... read CVE-2023-53964
Published: December 22, 2025; 5:16:00 PM -0500

V3.1: 9.8 CRITICAL

CVE-2022-50694 - SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter ... read CVE-2022-50694
Published: December 30, 2025; 6:15:44 PM -0500

V3.1: 9.8 CRITICAL

CVE-2023-51787 - An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.
Published: February 15, 2024; 1:15:46 AM -0500

V3.1: 7.5 HIGH

CVE-2022-50695 - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to... read CVE-2022-50695
Published: December 30, 2025; 6:15:44 PM -0500

V3.1: 7.5 HIGH