{"items":[{"id":"EUVD-2025-16091","description":"The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.","datePublished":"May 21, 2025, 10:11:32 PM","dateUpdated":"May 21, 2025, 11:08:42 PM","baseScore":8.6,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L","references":"https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce\n","aliases":"CVE-2025-34025\n","assigner":"VulnCheck","epss":0.0,"enisaIdProduct":[{"id":"42a7f928-e3c0-372e-82c0-658fc871bdfc","product":{"name":"Concerto"},"product_version":"12.1.2 ≤12.2.0"}],"enisaIdVendor":[{"id":"a1ab106a-4806-39a6-9955-61520cc2cf16","vendor":{"name":"Versa"}}]},{"id":"EUVD-2025-15983","description":"A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component.","datePublished":"May 20, 2025, 11:00:10 PM","dateUpdated":"May 21, 2025, 10:46:58 PM","baseScore":5.1,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","references":"https://nvd.nist.gov/vuln/detail/CVE-2025-5007\nhttps://github.com/Part-DB/Part-DB-server/commit/2c4f44e808500db19c391159b30cb6142896d415\nhttps://github.com/Part-DB/Part-DB-server/releases/tag/v1.17.1\nhttps://github.com/b1d0ws/CVEs/blob/main/CVE-2025-XXXX.md\nhttps://vuldb.com/?ctiid.309661\nhttps://vuldb.com/?id.309661\nhttps://vuldb.com/?submit.580323\n","aliases":"CVE-2025-5007\nGHSA-83qw-mxg2-hgpx\n","assigner":"VulDB","epss":0.0,"enisaIdProduct":[{"id":"11a11072-4d99-3f82-a6a2-ec644bd78799","product":{"name":"Part-DB"},"product_version":"1.15"},{"id":"24ec8670-3f33-3121-9796-eaf21d8b575c","product":{"name":"Part-DB"},"product_version":"1.16"},{"id":"297f3eb8-cacf-3aab-8fd0-a5f6fc4d694f","product":{"name":"Part-DB"},"product_version":"1.13"},{"id":"3b458c4f-eca9-30f1-88b8-039aa0b1460a","product":{"name":"Part-DB"},"product_version":"1.0"},{"id":"43cbe3be-9143-330a-8bb4-2d6bb9a3a427","product":{"name":"Part-DB"},"product_version":"1.17.0"},{"id":"465cc473-682d-3bad-9a26-9d9851e261c4","product":{"name":"Part-DB"},"product_version":"1.3"},{"id":"5c0d596e-7d47-3740-aece-e98c8a86a0f1","product":{"name":"Part-DB"},"product_version":"1.12"},{"id":"605e17f9-ad5e-324f-be10-6c5a0f65ff7a","product":{"name":"Part-DB"},"product_version":"1.4"},{"id":"7697dc8a-7bf5-3fcd-a949-19b151e45194","product":{"name":"Part-DB"},"product_version":"1.8"},{"id":"84b12a1f-a764-377a-b961-ad2bc63ef2e7","product":{"name":"Part-DB"},"product_version":"1.9"},{"id":"89239632-a36b-3d07-841d-d5508a93cf7c","product":{"name":"Part-DB"},"product_version":"1.6"},{"id":"aa6267d5-fa1f-3451-9195-0c9a9ed0e8b1","product":{"name":"Part-DB"},"product_version":"1.7"},{"id":"af49c9d3-a1d4-308a-a873-530f5ff5ad4b","product":{"name":"Part-DB"},"product_version":"1.2"},{"id":"b3bd4764-693f-32f3-a8d0-b71ceaa0ed82","product":{"name":"Part-DB"},"product_version":"1.1"},{"id":"b6df16be-cbf3-3d62-9cb7-6a59ea11c802","product":{"name":"Part-DB"},"product_version":"1.11"},{"id":"d3da32b3-0bee-3b09-909c-f5e618eda4bf","product":{"name":"Part-DB"},"product_version":"1.14"},{"id":"e9432b4e-e161-331a-b660-df3d3d782201","product":{"name":"Part-DB"},"product_version":"1.10"},{"id":"f5b134bf-4ea7-35da-92b1-9857a4a665ce","product":{"name":"Part-DB"},"product_version":"1.5"}],"enisaIdVendor":[{"id":"7112a19a-fdeb-39ee-a4e5-ffaaa5eac0b9","vendor":{"name":"n/a"}}]},{"id":"EUVD-2025-15984","description":"A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.","datePublished":"May 20, 2025, 11:00:12 PM","dateUpdated":"May 21, 2025, 10:45:55 PM","baseScore":6.9,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","references":"https://nvd.nist.gov/vuln/detail/CVE-2025-5008\nhttps://github.com/hhhanxx/attack/issues/18\nhttps://vuldb.com/?ctiid.309662\nhttps://vuldb.com/?id.309662\nhttps://vuldb.com/?submit.580412\n","aliases":"CVE-2025-5008\nGHSA-5578-445g-x8r2\n","assigner":"VulDB","epss":0.0,"enisaIdProduct":[{"id":"3ea97304-4d39-32fa-a586-13db1f22238b","product":{"name":"Online Time Table Generator"},"product_version":"1.0"}],"enisaIdVendor":[{"id":"3afd2aa7-96bb-3ba3-b11e-972765944717","vendor":{"name":"projectworlds"}}]},{"id":"EUVD-2025-9569","description":"A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.","datePublished":"Apr 3, 2025, 1:40:12 AM","dateUpdated":"May 21, 2025, 10:44:25 PM","baseScore":7.0,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","references":"https://nvd.nist.gov/vuln/detail/CVE-2025-2784\nhttps://access.redhat.com/security/cve/CVE-2025-2784\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d2354669\nhttps://gitlab.gnome.org/GNOME/libsoup/-/issues/422\nhttps://access.redhat.com/errata/RHSA-2025:7505\n","aliases":"CVE-2025-2784\nGHSA-5qxx-2mqf-3v7g\n","assigner":"redhat","epss":0.62,"enisaIdProduct":[{"id":"dfc094c6-56e6-3ec5-8f85-c109bf52b262","product":{"name":"Red Hat Enterprise Linux 10"},"product_version":"patch: 0:3.6.5-3.el10_0"}],"enisaIdVendor":[{"id":"379e3d85-2075-30d0-bb37-ee79e8ecb1e3","vendor":{"name":"Red Hat"}}]},{"id":"EUVD-2025-16085","description":"Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.","datePublished":"May 21, 2025, 10:11:06 PM","dateUpdated":"May 21, 2025, 10:11:06 PM","baseScore":3.5,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","references":"https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48\nhttps://github.com/makeplane/plane/commit/0a8cc24da505fd519fcc3c9d6b5e15bc7ce21b29\n","aliases":"CVE-2025-48070\n","assigner":"GitHub_M","epss":0.0,"enisaIdProduct":[{"id":"48b2669a-d846-3023-8f4e-25df0386516f","product":{"name":"plane"},"product_version":"\u003c 0.23"}],"enisaIdVendor":[{"id":"00774562-bb64-3796-88df-7872df4877e8","vendor":{"name":"makeplane"}}]},{"id":"EUVD-2021-12165","description":"Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.","datePublished":"May 21, 2025, 6:58:00 AM","dateUpdated":"May 21, 2025, 10:09:29 PM","baseScore":8.2,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N","references":"https://yandex.com/bugbounty/i/hall-of-fame-browser/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25254\n","aliases":"CVE-2021-25254\nGSD-2021-25254\n","assigner":"yandex","epss":0.18,"enisaIdProduct":[{"id":"fd2a00d6-799e-37e4-aff9-f7e879ddf279","product":{"name":"Browser Lite"},"product_version":"21.1.0"}],"enisaIdVendor":[{"id":"5cd30d7a-a4e6-3903-a55f-9c0ced0a302e","vendor":{"name":"Yandex"}}]},{"id":"EUVD-2025-16086","description":"ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload\u0027s content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.","datePublished":"May 21, 2025, 10:08:31 PM","dateUpdated":"May 21, 2025, 10:08:31 PM","baseScore":7.5,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":"https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r\nhttps://github.com/owasp-modsecurity/ModSecurity/pull/3389\n","aliases":"CVE-2025-47947\n","assigner":"GitHub_M","epss":0.0,"enisaIdProduct":[{"id":"3da715d2-99bc-304c-a888-c1012119f936","product":{"name":"ModSecurity"},"product_version":"≤ 2.9.8"}],"enisaIdVendor":[{"id":"5726e663-c862-32f9-be82-292a93452c71","vendor":{"name":"owasp-modsecurity"}}]},{"id":"EUVD-2025-16087","description":"The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.","datePublished":"May 21, 2025, 10:04:58 PM","dateUpdated":"May 21, 2025, 10:04:58 PM","baseScore":9.2,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N","references":"https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce\n","aliases":"CVE-2025-34026\n","assigner":"VulnCheck","epss":0.0,"enisaIdProduct":[{"id":"55b35164-e98b-3bcc-a7b1-8dfafce39dfa","product":{"name":"Concerto"},"product_version":"12.1.2 ≤12.2.0"}],"enisaIdVendor":[{"id":"57b2b550-1c4b-34bc-8c86-153d97304b1f","vendor":{"name":"Versa"}}]},{"id":"EUVD-2025-16088","description":"The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.","datePublished":"May 21, 2025, 9:58:31 PM","dateUpdated":"May 21, 2025, 10:03:54 PM","baseScore":10.0,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L","references":"https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce\n","aliases":"CVE-2025-34027\n","assigner":"VulnCheck","epss":0.0,"enisaIdProduct":[{"id":"075a857b-af1b-303e-8e5a-f260259731df","product":{"name":"Concerto"},"product_version":"12.1.2 ≤12.2.0"}],"enisaIdVendor":[{"id":"b8568c28-5942-3107-bfbf-c44131d538e9","vendor":{"name":"Versa"}}]},{"id":"EUVD-2025-16089","description":"A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.","datePublished":"May 21, 2025, 10:00:10 PM","dateUpdated":"May 21, 2025, 10:00:10 PM","baseScore":6.9,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","references":"https://vuldb.com/?id.309878\nhttps://vuldb.com/?ctiid.309878\nhttps://vuldb.com/?submit.581374\nhttps://github.com/Jacob-z691/CVE/issues/2\nhttps://www.campcodes.com/\n","aliases":"CVE-2025-5057\n","assigner":"VulDB","epss":0.0,"enisaIdProduct":[{"id":"865d5953-1a98-307c-9d97-6a298542e1b5","product":{"name":"Online Shopping Portal"},"product_version":"1.0"}],"enisaIdVendor":[{"id":"7740eba7-6c88-3d14-8037-3154cc066883","vendor":{"name":"Campcodes"}}]}],"total":244503}