Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15114 | 1 Kseniasecurity | 2 Lares, Lares Firmware | 2026-01-13 | N/A | 9.8 CRITICAL |
| Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication. | |||||
| CVE-2024-58280 | 1 Cmsimple | 1 Cmsimple | 2025-12-31 | N/A | 8.8 HIGH |
| CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server. | |||||
| CVE-2025-3032 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.4 HIGH |
| Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||