Security Vulnerabilities
Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-13
rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of service by crashing the map-server. This issue has been patched in commit af2f3ba. There are no known workarounds aside from manually applying the patch.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-13
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-10-13
A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-10-13
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-13
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-13
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-13
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-10-13
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-13
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-10-13