THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — June 13, 2025

87 CVEs tracked today. 17 Critical, 31 High, 32 Medium, 7 Low.

CVE-2025-45985 CRITICAL CVSS 9.8
Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.

Command Injection RCE Blac450m Ae4 Firmware Bl Lte300 Firmware Bl X26 Ac8 Firmware
CVE-2025-49596 CRITICAL CVSS 9.4
MCP Inspector versions below 0.14.1 contain a critical authentication bypass vulnerability (CVE-2025-49596) that enables unauthenticated remote code execution through unprotected communication between the Inspector client and proxy. Attackers can exploit this over the network without user interaction beyond the initial proxy connection to execute arbitrary MCP commands via stdio, achieving complete system compromise with CVSS 9.4 severity. The vulnerability requires immediate patching as it represents a complete authentication failure in a developer tool that is typically deployed on development systems with elevated privileges.

RCE Authentication Bypass
CVE-2025-46783 CRITICAL CVSS 9.8
Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.

RCE Path Traversal
CVE-2025-46060 CRITICAL CVSS 9.8
Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.

Buffer Overflow RCE N600r Firmware TOTOLINK
CVE-2025-45988 CRITICAL CVSS 9.8
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

Command Injection RCE IoT Bl Lte300 Firmware Bl X26 Ac8 Firmware
CVE-2025-45987 CRITICAL CVSS 9.8
Multiple Blink router models (8 distinct firmware versions across product lines) contain unauthenticated command injection vulnerabilities in the DNS configuration function (bs_SetDNSInfo), allowing remote attackers to execute arbitrary system commands with no authentication required. The CVSS 9.8 rating reflects the critical nature: network-exploitable, no privilege escalation needed, and complete compromise of confidentiality, integrity, and availability. While no KEV or public POC is documented in standard vulnerability databases as of this analysis, the combination of network accessibility and lack of authentication requirements makes this a high-priority threat for all affected Blink router owners.

Command Injection Bl Ac2100 Az3 Firmware Bl Lte300 Firmware Blac450m Ae4 Firmware Bl Wr9000 Firmware
CVE-2025-45986 CRITICAL CVSS 9.8
A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.

Command Injection Netgear RCE Bl Wr9000 Firmware Bl F1200 At1 Firmware
CVE-2025-45984 CRITICAL CVSS 9.8
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

Command Injection RCE Netgear Bl F1200 At1 Firmware Bl Ac1900 Firmware
CVE-2025-29902 CRITICAL CVSS 10.0
Critical remote code execution vulnerability with a perfect CVSS 10.0 score that allows unauthenticated attackers to execute arbitrary code on affected servers over the network with no user interaction required. The vulnerability stems from improper handling of code evaluation (CWE-94: Improper Control of Generation of Code) and affects systems processing untrusted input. Given the maximum CVSS severity, network attack vector, and lack of authentication requirements, this vulnerability represents an immediate and severe threat to any exposed systems and should be treated as a critical priority for patching regardless of additional context.

RCE Remote Code Execution
CVE-2025-28389 CRITICAL CVSS 9.8
Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable brute force attacks. An unauthenticated remote attacker can exploit this with no user interaction to gain full control over the affected system, including confidentiality, integrity, and availability compromise. The CVSS 9.8 severity and network-based attack vector indicate this poses significant risk to any organization running the vulnerable version without additional protective controls.

Authentication Bypass Brute Force Credential Stuffing Cosmos
CVE-2025-28388 CRITICAL CVSS 9.8
OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials embedded in the Service Account, allowing unauthenticated remote attackers to gain complete system compromise without any user interaction. This critical vulnerability has a CVSS score of 9.8 (critical severity) with a network attack vector, and given the nature of hardcoded credentials in a mission-critical space operations software, real-world exploitation risk is extremely high for organizations still running vulnerable versions.

Information Disclosure Cosmos
CVE-2025-28386 CRITICAL CVSS 9.8
Critical remote code execution vulnerability in OpenC3 COSMOS v6.0.0's Plugin Management component that allows unauthenticated attackers to execute arbitrary code by uploading a specially crafted .txt file. The vulnerability has a CVSS score of 9.8 (critical severity) with no authentication or user interaction required, making it trivially exploitable over the network. Given the high CVSS score and attack surface (public-facing plugin management interfaces), this vulnerability poses an immediate threat to all deployed instances of the affected version.

RCE Cosmos
CVE-2025-28384 CRITICAL CVSS 9.1
Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.

Path Traversal Cosmos
CVE-2025-6030 CRITICAL CVSS 9.4
Critical replay attack vulnerability in the Cyclone Matrix TRF Smart Keyless Entry System used in KIA vehicles, stemming from the use of fixed, predictable learning codes for lock/unlock operations. Attackers within wireless range can capture and replay these codes to lock or unlock affected vehicles without authentication. The vulnerability has been confirmed on 2024 KIA Soluto and other KIA models in Ecuador, with a CVSS score of 9.4 indicating severe impact across confidentiality, integrity, and availability of vehicle functions.

Information Disclosure
CVE-2025-6029 CRITICAL CVSS 9.4
Critical vulnerability in aftermarket KIA-branded smart keyless entry systems (primarily distributed in Ecuador) that use fixed, reusable learning codes for lock/unlock operations, enabling replay attacks to gain unauthorized vehicle access. The vulnerability affects an unknown manufacturer's generic smart key fob transmitter and has a CVSS score of 9.4 with critical impact across confidentiality, integrity, and availability. While KEV status and active exploitation data are not yet confirmed, the trivial nature of replay attacks against static codes and the high CVSS vector suggest significant real-world risk requiring immediate user awareness and manufacturer patching.

Information Disclosure
CVE-2025-5288 CRITICAL CVSS 9.8
The REST API | Custom API Generator For Cross Platform And Import Export plugin for WordPress (versions 1.0.0-2.0.3) contains a critical privilege escalation vulnerability where the process_handler() function lacks capability checks, allowing unauthenticated attackers to create administrator accounts via malicious JSON imports. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this is a severe, likely actively exploited vulnerability affecting any WordPress installation using vulnerable plugin versions.

WordPress Privilege Escalation PHP
CVE-2024-38824 CRITICAL CVSS 9.6
Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Path Traversal Salt Suse
CVE-2025-49587 HIGH CVSS 8.0
Stored XSS vulnerability in XWiki affecting versions before 15.10.16, 16.4.7, and 16.10.2. An unprivileged user can inject malicious content into the NotificationDisplayerClass object of a document, which is then rendered as raw HTML when an administrator edits and saves the document, enabling XSS attacks with high integrity and confidentiality impact. The vulnerability requires low attack complexity and user interaction (admin action), with a CVSS score of 8.0 indicating significant real-world risk.

XSS Xwiki
CVE-2025-49586 HIGH CVSS 8.8
A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.

RCE Xwiki
CVE-2025-49585 HIGH CVSS 8.0
A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

RCE Privilege Escalation Code Injection Xwiki
CVE-2025-49584 HIGH CVSS 7.5
A security vulnerability in XWiki Platform (CVSS 7.5) that allows an attacker. Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Xwiki
CVE-2025-49582 HIGH CVSS 8.0
XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.

Python RCE Xwiki
CVE-2025-49581 HIGH CVSS 8.8
Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.

Python RCE Xwiki
CVE-2025-49580 HIGH CVSS 8.0
Privilege escalation vulnerability in XWiki where pages can unexpectedly gain script or programming rights when they contain links to pages that are subsequently renamed or moved. This allows attackers with low privileges to execute arbitrary scripts embedded in XObjects that should have been restricted, potentially leading to complete system compromise. The vulnerability affects XWiki versions 8.2 through 17.0.x and requires user interaction (page visit) to trigger, with patches available in 17.1.0-rc-1, 16.10.4, and 16.4.7.

Information Disclosure Xwiki
CVE-2025-49468 HIGH CVSS 8.6
A SQL injection vulnerability (CWE-89) exists in the No Boss Calendar Joomla component versions prior to 5.0.7, allowing authenticated users with high privileges to execute arbitrary SQL commands through the id_module parameter. The vulnerability has a CVSS 4.0 score of 8.6 with high impact on confidentiality, integrity, and availability of the database. While the attack requires high-privilege authenticated access, successful exploitation could lead to complete database compromise, data exfiltration, or system takeover.

SQLi Joomla PHP
CVE-2025-48920 HIGH CVSS 7.3
Stored/Reflected Cross-Site Scripting (XSS) vulnerability in the Drupal etracker module that allows unauthenticated remote attackers to inject malicious scripts into web pages without requiring user interaction. The vulnerability affects etracker versions prior to 3.1.0, enabling attackers to steal session tokens, perform unauthorized actions, or redirect users to malicious sites. The CVSS 7.3 score and network-accessible attack vector indicate this is a significant vulnerability affecting any Drupal installation with the vulnerable etracker module enabled.

XSS Drupal PHP Etracker
CVE-2025-48918 HIGH CVSS 8.8
Stored/Reflected Cross-Site Scripting (XSS) vulnerability in Drupal Simple Klaro module versions before 1.10.0 that fails to properly neutralize user input during web page generation. An unauthenticated remote attacker can inject malicious scripts that execute in victims' browsers with high impact on confidentiality and integrity, though the attack requires user interaction (clicking a malicious link). The vulnerability has a high CVSS score of 8.8 due to its network-based attack vector and broad scope, but real-world exploitation likelihood depends on KEV/EPSS data not provided in available intelligence.

XSS Drupal PHP Simple Klaro
CVE-2025-48915 HIGH CVSS 8.6
Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module that allows unauthenticated remote attackers to inject and execute malicious scripts during web page generation. All versions from 0.0.0 before 1.2.15 are affected. The vulnerability has a high CVSS score of 8.6 with no authentication or user interaction required, enabling attackers to compromise confidentiality, modify page content, and degrade availability. The network-based attack vector and low complexity indicate this is likely actively exploitable in real-world deployments.

XSS Drupal PHP Cookies Consent Management
CVE-2025-48914 HIGH CVSS 8.6
Stored/Reflected Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module (versions before 1.2.15) that allows unauthenticated attackers to inject malicious scripts into web pages due to improper input neutralization. The vulnerability has a CVSS score of 8.6 (High severity) with network-based attack vector requiring no privileges or user interaction, enabling attackers to compromise confidentiality, integrity, and availability of affected sites. No active KEV or widespread public PoC data is available in standard vulnerability databases, suggesting limited real-world exploitation at time of analysis, though the high CVSS and ease of exploitation (AV:N/AC:L/PR:N/UI:N) warrant immediate patching.

XSS Drupal PHP Cookies Consent Management
CVE-2025-47959 HIGH CVSS 7.1
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.

Command Injection Microsoft Windows RCE Visual Studio 2022
CVE-2025-39240 HIGH CVSS 7.2
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.

Command Injection Hikvision RCE Authentication Bypass
CVE-2025-36633 HIGH CVSS 8.8
Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.

Microsoft Privilege Escalation Nessus Agent Windows
CVE-2025-36631 HIGH CVSS 8.4
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.

Microsoft Information Disclosure Nessus Agent Windows
CVE-2025-30399 HIGH CVSS 7.5
CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.

Microsoft Dotnet RCE Powershell Visual Studio 2022
CVE-2025-28382 HIGH CVSS 7.5
Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.

Path Traversal Cosmos
CVE-2025-28381 HIGH CVSS 7.5
A security vulnerability in OpenC3 COSMOS (CVSS 7.5) that allows attackers. Risk factors: public PoC available.

Information Disclosure Cosmos
CVE-2025-25215 HIGH CVSS 8.8
A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Dell Memory Corruption Use After Free
CVE-2025-25050 HIGH CVSS 8.8
CVE-2025-25050 is an out-of-bounds write vulnerability in Dell ControlVault3 and ControlVault 3 Plus that allows a local, authenticated attacker to trigger memory corruption through a specially crafted API call to the cv_upgrade_sensor_firmware function. An attacker with local access and low privileges can achieve high-impact compromise including complete confidentiality, integrity, and availability violations. The vulnerability affects all versions prior to ControlVault3 5.15.10.14 and ControlVault 3 Plus 6.2.26.36; exploitation requires local access and valid user credentials but no user interaction.

Buffer Overflow Dell
CVE-2025-24922 HIGH CVSS 8.8
Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.

Buffer Overflow RCE Dell
CVE-2025-24919 HIGH CVSS 8.1
Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.

Deserialization RCE Dell
CVE-2025-24311 HIGH CVSS 8.4
A information disclosure vulnerability in the cv_send_blockdata functionality of Dell ControlVault3 (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Buffer Overflow Information Disclosure Dell
CVE-2025-22239 HIGH CVSS 8.1
CVE-2025-22239 is an arbitrary event injection vulnerability in SaltStack's master node that allows an authorized minion to inject malicious events onto the master's event bus via the '_minion_event' method. This affects Salt Master deployments where minions have event publishing capabilities, enabling authenticated attackers to manipulate internal event flows and potentially trigger unintended master behaviors. The CVSS 8.1 score reflects high confidentiality and integrity impact with local attack vector, though exploitation requires prior authentication as an authorized minion.

Code Injection Suse
CVE-2025-22236 HIGH CVSS 8.1
CVE-2025-22236 is an authorization bypass vulnerability in SaltStack Minion's event bus that allows an attacker with valid minion key credentials to craft specially-crafted messages and execute arbitrary jobs on other minions within the same Salt infrastructure. Affecting SaltStack versions 3007.0 and later, this vulnerability has a CVSS score of 8.1 (High) and requires high privileges but can escalate impact across the entire minion network. The vulnerability represents a critical lateral movement and privilege escalation vector in Salt deployments, though exploitation requires pre-existing minion key compromise.

Authentication Bypass Suse
CVE-2025-5491 HIGH CVSS 8.8
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.

Microsoft RCE Windows
CVE-2025-5282 HIGH CVSS 7.5
The WP Travel Engine plugin for WordPress contains a missing capability check in the delete_package() function, allowing unauthenticated attackers to delete arbitrary posts without authentication. This vulnerability affects all versions up to and including 6.5.1 and results in unauthorized data loss with a CVSS score of 7.5. The vulnerability is network-accessible with no user interaction required, making it a significant integrity risk for WordPress installations running vulnerable plugin versions.

WordPress PHP Privilege Escalation Wp Travel Engine
CVE-2025-4232 HIGH CVSS 8.8
CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems.

Paloalto Globalprotect macOS Privilege Escalation
CVE-2025-4231 HIGH CVSS 7.2
Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Paloalto Command Injection Privilege Escalation Pan Os
CVE-2025-4230 HIGH CVSS 8.4
Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.

Paloalto Command Injection RCE Privilege Escalation
CVE-2025-49598 MEDIUM CVSS 4.4
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.

RCE Code Injection
CVE-2025-48919 MEDIUM CVSS 5.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

XSS Simple Klaro Drupal
CVE-2025-48917 MEDIUM CVSS 5.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0.

XSS Eu Cookie Compliance Drupal
CVE-2025-48916 MEDIUM CVSS 6.5
Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.

Authentication Bypass Bookable Calendar Drupal
CVE-2025-46096 MEDIUM CVSS 6.1
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

XSS Path Traversal Solon
CVE-2025-36506 MEDIUM CVSS 6.5
A arbitrary file access vulnerability in RICOH Streamline NX (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-28380 MEDIUM CVSS 6.1
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

XSS Cosmos
CVE-2025-22242 MEDIUM CVSS 5.6
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.

Denial Of Service Debian Ubuntu Suse
CVE-2025-22241 MEDIUM CVSS 5.6
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Path Traversal Debian Ubuntu Suse
CVE-2025-22240 MEDIUM CVSS 6.3
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

Path Traversal Debian Ubuntu Suse
CVE-2025-22238 MEDIUM CVSS 4.2
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Path Traversal Debian Ubuntu Suse
CVE-2025-22237 MEDIUM CVSS 6.7
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.

Command Injection Debian Ubuntu Suse
CVE-2025-6083 MEDIUM CVSS 4.3
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.

Authentication Bypass Extremecloud Universal Ztna
CVE-2025-6035 MEDIUM CVSS 6.1
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Denial Of Service RCE Integer Overflow Ubuntu Debian
CVE-2025-6012 MEDIUM CVSS 5.5
The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WordPress XSS PHP
CVE-2025-5950 MEDIUM CVSS 6.4
The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and ab...

WordPress XSS
CVE-2025-5939 MEDIUM CVSS 4.4
The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WordPress XSS PHP
CVE-2025-5938 MEDIUM CVSS 5.3
The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Digital Marketing And Agency Templates Addons For Elementor PHP
CVE-2025-5930 MEDIUM CVSS 4.3
The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request g...

WordPress CSRF
CVE-2025-5928 MEDIUM CVSS 4.3
The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF PHP
CVE-2025-5926 MEDIUM CVSS 6.1
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF PHP
CVE-2025-5923 MEDIUM CVSS 6.4
The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-5841 MEDIUM CVSS 6.4
The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-5815 MEDIUM CVSS 5.3
A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass PHP
CVE-2025-5233 MEDIUM CVSS 6.4
The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-5123 MEDIUM CVSS 6.4
The Contact Us Page - Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Contact Us Page Contact People PHP
CVE-2025-4586 MEDIUM CVSS 6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress XSS
CVE-2025-4585 MEDIUM CVSS 6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attack...

WordPress XSS
CVE-2025-4584 MEDIUM CVSS 6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a...

WordPress XSS
CVE-2025-4229 MEDIUM CVSS 6.0
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Paloalto Information Disclosure
CVE-2025-4228 MEDIUM CVSS 4.6
CVE-2025-4228 is a security vulnerability (CVSS 4.6) that allows an authenticated administrative user. Remediation should follow standard vulnerability management procedures.

Paloalto Privilege Escalation
CVE-2024-38825 MEDIUM CVSS 6.4
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Authentication Bypass Debian Ubuntu Suse
CVE-2025-49597 LOW CVSS 3.9
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.

Deserialization RCE Tenda
CVE-2025-49583 LOW CVSS 3.5
A security vulnerability in XWiki (CVSS 3.5). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure
CVE-2025-48825 LOW CVSS 2.5
A remote code execution vulnerability in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 (CVSS 2.5) that allows an attacker who can conduct a man-in-the-middle attack. Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-6052 LOW CVSS 3.7
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Buffer Overflow Integer Overflow Ubuntu Debian
CVE-2025-4227 LOW CVSS 3.5
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Paloalto Code Injection
CVE-2024-38823 LOW CVSS 2.7
CVE-2024-38823 is a security vulnerability (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Debian Ubuntu
CVE-2024-38822 LOW CVSS 2.7
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

Authentication Bypass Debian Ubuntu

Today's Vulnerabilities Vulnerabilities