Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

vulnerabilities and exploits

(subscribe to this query)
NA

CVE-2025-25765

MRCMS v3.1.2 exists to contain an arbitrary file write vulnerability via the component /file/save.do.
NA

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows malicious users to execute arbitrary code via uploading a crafted .jsp file.
NA

CVE-2025-25767

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows malicious users to arbitrarily delete users via a crafted request.
6.5
CVSSv3

CVE-2025-26310

Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow malicious users to cause a denial of service via a crafted ABC file.
8.8
CVSSv3

CVE-2025-26378

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) malicious user to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.
Q-free Maxtime
6.8
CVSSv3

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...
Red Hat Red Hat Enterprise Linux 6Red Hat Red Hat Enterprise Linux 7Red Hat Red Hat Enterprise Linux 8Red Hat Red Hat Enterprise Linux 9Red Hat Red Hat Openshift Container Platform 4
5.9
CVSSv3

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack...
Red Hat Red Hat Enterprise Linux 6Red Hat Red Hat Enterprise Linux 7Red Hat Red Hat Enterprise Linux 8Red Hat Red Hat Enterprise Linux 9Red Hat Red Hat Openshift Container Platform 4
NA

CVE-2025-26495

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: prior to 2022.1.3, prior to 2021.4.8, prior to 2021.3.13, prior to 2021.2.14, prior to 202...
Salesforce Tableau Server
NA

CVE-2025-27636

CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters
NA

CVE-2025-27591

Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591)
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
directory listings wordpress plugin – ulistingpostquantum-feldman-vssmatioCVE-2025-20115CVE-2025-2025HTML injectionSSTICVE-2025-2310CVE-2025-27363CVE-2025-2343logicaldoc enterpriseCVE-2025-2163dos
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook