Updated CVEs from Tenable

Severity Not Scored Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Read more at https://www.tenable.com/cve/CVE-2025-3441

Medium Severity Description A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access. Read more at https://www.tenable.com/cve/CVE-2025-37088

Medium Severity Description A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack. Read more at https://www.tenable.com/cve/CVE-2025-27087

Critical Severity Description A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. Read more at https://www.tenable.com/cve/CVE-2025-37087

Critical Severity Description xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account’s master key is potentially compromised, disable the key. Read more at https://www.tenable.com/cve/CVE-2025-32965

Medium Severity Description D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Read more at https://www.tenable.com/cve/CVE-2025-29743

Medium Severity Description Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field. Read more at https://www.tenable.com/cve/CVE-2025-26159

Medium Severity Description SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted. Read more at https://www.tenable.com/cve/CVE-2025-31327

High Severity Description Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings. Read more at https://www.tenable.com/cve/CVE-2025-29621

Medium Severity Description SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. Read more at https://www.tenable.com/cve/CVE-2025-31328

Medium Severity Description A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter. Read more at https://www.tenable.com/cve/CVE-2024-53568

Medium Severity Description A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter. Read more at https://www.tenable.com/cve/CVE-2024-53569

Low Severity Description NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Read more at https://www.tenable.com/cve/CVE-2025-23253

High Severity Description Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as for sorting), which will get executed on the server side. Read more at https://www.tenable.com/cve/CVE-2025-43948

High Severity Description DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation. Read more at https://www.tenable.com/cve/CVE-2025-43950

Medium Severity Description A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter. Read more at https://www.tenable.com/cve/CVE-2025-43952

Medium Severity Description LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter. Read more at https://www.tenable.com/cve/CVE-2025-43951

Critical Severity Description MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application’s database server. Read more at https://www.tenable.com/cve/CVE-2025-43949

Critical Severity Description TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). Read more at https://www.tenable.com/cve/CVE-2025-43946

High Severity Description Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc. Read more at https://www.tenable.com/cve/CVE-2025-43947

Medium Severity Description ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions. Read more at https://www.tenable.com/cve/CVE-2025-32964

Medium Severity Description MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0. Read more at https://www.tenable.com/cve/CVE-2025-32963

Medium Severity Description The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 1.1.1. A workaround is provided on the Jmix documentation website. Read more at https://www.tenable.com/cve/CVE-2025-32961

Medium Severity Description The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website. Read more at https://www.tenable.com/cve/CVE-2025-32960

Medium Severity Description CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website. Read more at https://www.tenable.com/cve/CVE-2025-32959

Medium Severity Description Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. Read more at https://www.tenable.com/cve/CVE-2025-32952

Medium Severity Description OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0. Read more at https://www.tenable.com/cve/CVE-2025-32788

Critical Severity Description TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Read more at https://www.tenable.com/cve/CVE-2025-28036

Medium Severity Description Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. Read more at https://www.tenable.com/cve/CVE-2025-32951

Critical Severity Description TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Read more at https://www.tenable.com/cve/CVE-2025-28035