Security Vulnerabilities
SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-12
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.
This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.
Users are recommended to upgrade to version 2.1.7, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-12
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data
This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.
Users are recommended to upgrade to version 2.1.7, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-12
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-12-12
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.009
Published
2025-12-12
Insufficiently Protected Credentials vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.
Users are encouraged to upgrade to version 1.13.0, the latest release.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-12
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.
Users are encouraged to upgrade to version 1.13.0, the latest release.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-12-12
Weak Password Requirements vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0.
Users are encouraged to upgrade to version 1.13.0, the latest release.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-12
A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-12
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-12