Security Vulnerabilities - CVEs Published In May 2025
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-05-14
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-14
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-14
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-14
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-14
A missing exception check in Palo Alto Networks PAN-OSĀ® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-05-14
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-14
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-14
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS Score
7.4
EPSS Score
0.0
Published
2025-05-14
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-14