Security Vulnerabilities
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-05-29
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server
CVSS Score
5.3
EPSS Score
0.0
Published
2025-05-29
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-05-29
CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-05-28
CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-05-28
CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.
CVSS Score
3.4
EPSS Score
0.0
Published
2025-05-28
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-05-28
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-05-28
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-05-28
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-28