Security Vulnerabilities
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-05-21
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-05-21
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-05-21
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-21
A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-05-21
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
CVSS Score
3.1
EPSS Score
0.0
Published
2025-05-21
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-21
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-21
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-21
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-05-21