Security Vulnerabilities - CVEs Published In May 2025
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-05-08
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-05-08
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-05-08
Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-05-08
Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-05-08
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-08
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-05-08
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.
The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-08
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-08
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-08