Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13751 | 2025-12-03 | N/A | N/A | ||
| Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service. | |||||
| CVE-2025-13129 | 2025-12-02 | N/A | 4.3 MEDIUM | ||
| Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025. | |||||
| CVE-2025-13239 | 1 Bdtask | 1 Isshue | 2025-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/cart_total_amount leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-42939 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-11-04 | N/A | 3.3 LOW |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report. | |||||
| CVE-2024-44128 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper. | |||||
| CVE-2025-55337 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-10-27 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-55332 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-27 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-55330 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-10-27 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-2323 | 1 274056675 | 1 Springboot-openai-chatgpt | 2025-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enforcement of behavioral workflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-55682 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-10-24 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-58051 | 2025-10-21 | N/A | 6.5 MEDIUM | ||
| Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5. | |||||
| CVE-2024-51738 | 1 Lizardbyte | 1 Sunshine | 2025-09-11 | N/A | 8.1 HIGH |
| Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840. | |||||
| CVE-2024-13065 | 2025-09-04 | N/A | 6.3 MEDIUM | ||
| Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding.This issue affects MyRezzta: from s2.02.02 before v2.05.01. | |||||
| CVE-2025-48376 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | N/A | 3.5 LOW |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue. | |||||
| CVE-2022-46710 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-20 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet. | |||||
| CVE-2025-48476 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.8 HIGH |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48477 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.1 HIGH |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48478 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 4.9 MEDIUM |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48479 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 2.7 LOW |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48480 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 2.7 LOW |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's avatar, resulting in the deletion of the file .htaccess in the folder /storage/app/public. This issue has been patched in version 1.8.180. | |||||