Security Vulnerabilities
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
CVSS Score
8.1
EPSS Score
0.034
Published
2025-08-06
Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-06
In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-08-06
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-08-06
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-06
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-08-06
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-08-06
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-08-06
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-08-06