Security Vulnerabilities
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-21
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVSS Score
8.5
EPSS Score
0.008
Published
2025-10-21
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVSS Score
8.3
EPSS Score
0.002
Published
2025-10-21
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-10-21
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-10-21
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
CVSS Score
7.2
EPSS Score
0.014
Published
2025-10-21
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-21
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-21