CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
An unauthenticated attacker within BLE range can send shutdown, restart, or clear config commands to Meatmeet devices, causing denial of service. The device loses cloud connectivity until manually reconfigured or restarted.
CSRF vulnerability in 1Panel versions 1.10.33 through 2.0.15 in the panel name management functionality. Lack of CSRF defenses (tokens, Origin/Referer validation) allows an attacker to change the victim's panel name without consent via a crafted webpage.
Podatność CVE-2025-13125 dotyczy DijiDemi i polega na obejściu autoryzacji poprzez klucz kontrolowany przez użytkownika, co umożliwia wykorzystanie zaufanych identyfikatorów. Problem ten będzie aktualny do 28.11.2025.
A flaw in GLib (Gnome Lib) allows a remote attacker to cause heap corruption via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings, leading to denial of service or potential code execution.
A vulnerability in ColdFusion allows an attacker to gain limited unauthorized write access due to insufficiently protected credentials. The flaw stems from improper storage or transmission of authentication data. Exploitation does not require user interaction.
An XXE vulnerability in ColdFusion allows unauthorized file system reads on the server. Affected versions include 2025.4, 2023.16, 2021.22 and earlier. An attacker can exploit this to access sensitive files, though exploitation depends on conditions beyond the attacker's control.
A flaw in the user interface of Microsoft Exchange Server leads to misrepresentation of critical information, allowing an unauthorized attacker to perform spoofing over a network.
A cross-site scripting (XSS) vulnerability was found in phpIPAM v1.7.3 in the Request IP form. It allows remote attackers to inject arbitrary web script or HTML via the instructions parameter at the /app/admin/instructions/edit-result.php endpoint.
Podatność CVE-2025-6924 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co pozwala na wystąpienie ataków typu Reflected XSS.
Podatność CVE-2025-6923 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software UNIS, co pozwala na ataki typu Reflected XSS.
Podatność CVE-2025-10876 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co umożliwia ataki typu Cross-Site Scripting (XSS). Problem ten dotyczy wersji e-BAP Automation od 1.8.96 do przed v.41815.
In the Attachment service of usememos memos v0.25.2, a lack of file name validation allows attackers to perform a path traversal. This vulnerability enables access to files outside the intended directory.
An incorrect access control vulnerability in the Identity Provider service of usememos memos v0.25.2 allows low-privileged attackers to arbitrarily modify or delete registered identity providers. This can lead to account takeover or Denial of Service (DoS).
W wielu plikach istnieje możliwość ujawnienia informacji między użytkownikami z powodu braku sprawdzenia uprawnień. Może to prowadzić do lokalnego ujawnienia informacji bez potrzeby dodatkowych uprawnień wykonawczych.
In usememos memos version 0.25.2, incorrect access control allows attackers with low-level privileges to arbitrarily modify or delete attachments created by other users.
In usememos memos version 0.25.2, an incorrect access control allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
A permission control vulnerability in the window management module. Exploitation may impact system availability.
A flaw was found in util-linux that allows a heap buffer overread when processing 256-byte usernames in the `setpwnam()` function. This affects SUID login-utils utilities that write to the password database.
A file upload vulnerability in Fanvil x210 V2 version 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
An issue was discovered in Fanvil x210 V2 version 2.12.20 that allows unauthenticated attackers on the local network to execute arbitrary system commands.

