2025-09-10 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-22956 | n/a - n/a | OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2024-45325 | Fortinet - FortiDDoS-F | An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. | CVSS3.1: 6.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2025-9160 | Rockwell Automation - CompactLogix® 5480 | A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution. | CVSS4.0: 7 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | Rockwell Automation CompactLogix® 5480 Code Execution Vulnerability | github |
This post is licensed under CC BY 4.0 by the author.