2026-04-25 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-59308 | n/a - n/a | In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the ‘Site staff’ role. | CNA n/a CVSS3.1: 4.7 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2026-25775 | SenseLive - X3050 | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware. | CVSS4.0: 9.3 - CRITICAL CVSS3.1: 9.8 - CRITICAL | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: total | SenseLive X3050 Missing authentication for critical function | github |
This post is licensed under CC BY 4.0 by the author.