THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — June 16, 2025

95 CVEs tracked today. 16 Critical, 37 High, 33 Medium, 9 Low.

CVE-2025-49796 CRITICAL CVSS 9.1
Critical memory corruption vulnerability in libxml2 triggered by malicious sch:name elements in XML input files. The vulnerability affects all systems using libxml2 for XML processing, allowing unauthenticated attackers to cause denial of service or memory corruption with no user interaction required. The high CVSS score of 9.1 reflects the network-accessible, low-complexity nature of exploitation; however, actual real-world exploitation status and patch availability require verification from official libxml2 sources.

Buffer Overflow Information Disclosure Denial Of Service Redhat Suse
CVE-2025-49794 CRITICAL CVSS 9.1
Use-after-free vulnerability in libxml2 that occurs during XPath parsing when processing XML documents with schematron <sch:name path="..."/> elements. This flaw affects any application using vulnerable versions of libxml2 and allows unauthenticated remote attackers to crash the application or potentially achieve code execution through a maliciously crafted XML document. The vulnerability has a critical CVSS score of 9.1 with high integrity and availability impact.

Denial Of Service Redhat Suse
CVE-2025-47869 CRITICAL CVSS 9.8
Buffer overflow vulnerability in the Apache NuttX RTOS xmlrpc example application where device statistics structures use hardcoded buffer sizes that do not account for the CONFIG_XMLRPC_STRINGSIZE configuration parameter, allowing remote attackers to overflow memory without authentication. This affects Apache NuttX RTOS versions 6.22 through 12.8.x, with a critical CVSS score of 9.8 indicating high severity across confidentiality, integrity, and availability. The vulnerability is particularly dangerous because developers may have copied the vulnerable example code into production implementations, extending the attack surface beyond the example application itself.

Buffer Overflow Apache Nuttx
CVE-2025-47868 CRITICAL CVSS 9.8
A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Buffer Overflow Heap Overflow Apache Denial Of Service Nuttx
CVE-2025-40916 CRITICAL CVSS 9.1
A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Information Disclosure
CVE-2025-32800 CRITICAL CVSS 9.8
Conda-build versions prior to 25.3.0 are vulnerable to dependency confusion/namespace squatting attacks where an attacker can claim the unpublished 'conda-index' package on PyPI and inject malicious code that gets installed when users run pip install on conda-build projects. This is a critical supply-chain attack vector with CVSS 9.8 (CRITICAL) affecting all users who install conda-build from source or install projects that depend on it via pip, potentially compromising developer environments and CI/CD pipelines. The vulnerability is network-accessible, requires no privileges or user interaction, and provides complete system compromise (confidentiality, integrity, availability).

Python RCE Conda Build
CVE-2025-32799 CRITICAL CVSS 9.8
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

RCE Privilege Escalation Path Traversal Conda Build
CVE-2025-32798 CRITICAL CVSS 9.8
Critical arbitrary code execution vulnerability in conda-build prior to version 25.4.0, where unsafe eval() function usage on meta.yaml recipe selectors allows unauthenticated remote attackers to execute arbitrary code during the package build process with no required privileges or user interaction. This vulnerability affects all users and systems using vulnerable conda-build versions to process potentially malicious or compromised recipe files, with a CVSS score of 9.8 indicating critical severity across confidentiality, integrity, and availability impacts.

RCE Conda Build
CVE-2025-6179 CRITICAL CVSS 9.8
Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensions and gain unauthorized access to Developer Mode on managed Chrome devices. The vulnerability is exploited using the ExtHang3r and ExtPrint3r tools to load arbitrary extensions, affecting enterprise-managed deployments with a CVSS score of 9.8 (critical severity). Active exploitation status and proof-of-concept availability should be verified through CISA KEV and security advisories.

Privilege Escalation Google Denial Of Service Chrome Os Chrome
CVE-2025-6172 CRITICAL CVSS 9.8
Critical permission vulnerability in the BoomPlayer mobile application (com.afmobi.boomplayer) that allows unauthenticated remote attackers to perform unauthorized operations with complete compromise of confidentiality, integrity, and availability. The vulnerability carries a maximum CVSS score of 9.8 and is classified as an improper authentication/authorization defect (CWE-287); exploitation requires no user interaction and can be triggered over the network, making it a severe risk to all users of this application.

Android
CVE-2025-6169 CRITICAL CVSS 9.8
Critical unauthenticated SQL injection vulnerability in HAMASTAR Technology's WIMP website co-construction management platform that allows remote attackers to execute arbitrary SQL commands without authentication. Attackers can exploit this flaw to read, modify, or delete entire database contents, potentially compromising sensitive project management data, user credentials, and financial information. With a CVSS score of 9.8 and no authentication required, this vulnerability presents an immediate and severe threat to all deployed instances of the WIMP platform.

SQLi
CVE-2025-6121 CRITICAL CVSS 9.8
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.

Buffer Overflow D-Link RCE Dir 632 Firmware
CVE-2025-6098 CRITICAL CVSS 9.8
Critical remote buffer overflow vulnerability in UTT 进取 750W network devices affecting the /goform/setSysAdm API endpoint. An unauthenticated remote attacker can exploit improper use of strcpy() in the passwd1 parameter to achieve complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, and the vendor has not provided patches or response despite early disclosure notification.

Buffer Overflow 750w Firmware
CVE-2025-6087 CRITICAL CVSS 9.1
A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

SSRF Nextjs Node.js Information Disclosure Opennext For Cloudflare
CVE-2025-5309 CRITICAL CVSS 9.8
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.

RCE Code Injection Remote Support Privileged Remote Access
CVE-2025-3594 CRITICAL CVSS 9.8
A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.

Path Traversal Liferay Portal Digital Experience Platform
CVE-2025-49795 HIGH CVSS 7.5
NULL pointer dereference vulnerability in libxml2's XPath expression processing that allows unauthenticated remote attackers to trigger a denial of service condition. The vulnerability affects libxml2 library implementations across multiple platforms and applications that parse untrusted XML with XPath evaluation enabled. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a significant DoS risk to services processing XML input, though no remote code execution is possible.

Denial Of Service Redhat Suse
CVE-2025-49125 HIGH CVSS 7.5
CVE-2025-49125 is an authentication bypass vulnerability in Apache Tomcat affecting versions 8.5.0-8.5.100, 9.0.0-9.0.105, 10.1.0-10.1.41, and 11.0.0-11.0.7. The vulnerability allows unauthenticated remote attackers to access PreResources or PostResources mounted outside the web application root via alternate path traversal, bypassing security constraints configured for the intended resource path. With a CVSS score of 7.5 and high confidentiality impact, this represents a critical authentication mechanism failure that requires immediate patching.

Apache Tomcat Authentication Bypass Java Redhat
CVE-2025-49124 HIGH CVSS 8.4
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Microsoft Apache Tomcat Windows Privilege Escalation
CVE-2025-48988 HIGH CVSS 7.5
A remote code execution vulnerability in Apache Tomcat (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service Java Redhat
CVE-2025-48976 HIGH CVSS 7.5
Apache Commons FileUpload contains a Denial of Service vulnerability in multipart header processing due to insufficient resource allocation limits (CWE-770). Affected versions are 1.0 through 1.5.x and 2.0.0-M1 through 2.0.0-M3. An unauthenticated remote attacker can exploit this with a network request to cause resource exhaustion and service unavailability without requiring user interaction or elevated privileges. CVSS 7.5 (High) reflects the high availability impact; KEV and EPSS data availability would determine exploitation likelihood in the wild.

Apache Denial Of Service Java Commons Fileupload Redhat
CVE-2025-40728 HIGH CVSS 8.8
A SQL injection vulnerability in Customer Support System (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.

PHP SQLi Information Disclosure Customer Support System
CVE-2025-36632 HIGH CVSS 7.8
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.

Microsoft Information Disclosure Nessus Agent Windows
CVE-2025-32797 HIGH CVSS 7.0
A security vulnerability in Conda-build (CVSS 7.0). High severity vulnerability requiring prompt remediation. Vendor patch is available.

RCE Conda Build
CVE-2025-6177 HIGH CVSS 7.4
Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.

RCE Privilege Escalation Google Chrome Os Chrome
CVE-2025-6145 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
CVE-2025-6144 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
CVE-2025-6143 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
CVE-2025-6138 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow TP-Link T10 Firmware TOTOLINK
CVE-2025-6137 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
CVE-2025-6132 HIGH CVSS 7.3
Critical SQL injection vulnerability in Chanjet CRM 1.0 affecting the /sysconfig/departmentsetting.php endpoint via the gblOrgID parameter. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential, making it a high-priority remediation target despite the moderate CVSS score.

PHP SQLi Chanjet Crm
CVE-2025-6130 HIGH CVSS 8.8
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
CVE-2025-6129 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK
CVE-2025-6128 HIGH CVSS 8.8
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
CVE-2025-6124 HIGH CVSS 7.3
Critical SQL injection vulnerability in code-projects Restaurant Order System version 1.0, affecting the /tablelow.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the restaurant database. The vulnerability has been publicly disclosed with proof-of-concept availability, increasing real-world exploitation risk.

PHP SQLi Restaurant Order System
CVE-2025-6123 HIGH CVSS 7.3
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

PHP SQLi Restaurant Order System
CVE-2025-6118 HIGH CVSS 7.3
Das Parking Management System versions up to 6.2.0 contain a critical SQL injection vulnerability in the /vehicle/search API endpoint, specifically in the vehicleTypeCode parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and active exploitation is possible given the CVSS 7.3 score and low attack complexity.

SQLi Parking Management System
CVE-2025-6117 HIGH CVSS 7.3
SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /Reservations/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. Public exploit code is available and the vulnerability may be actively exploited in the wild.

SQLi Parking Management System
CVE-2025-6116 HIGH CVSS 7.3
Critical SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /IntraFieldVehicle/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure available and carries a CVSS score of 7.3 with demonstrated feasibility of remote exploitation.

SQLi Parking Management System
CVE-2025-6115 HIGH CVSS 8.8
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.

Buffer Overflow D-Link RCE Dir 619l Firmware
CVE-2025-6114 HIGH CVSS 8.8
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.

Buffer Overflow D-Link RCE Dir 619l Firmware
CVE-2025-6113 HIGH CVSS 8.8
Critical remote buffer overflow vulnerability in Tenda FH1203 firmware version 2.0.1.6 affecting the /goform/AdvSetLanip endpoint. An authenticated attacker can exploit improper input validation of the lanMask parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, indicating active disclosure and potential real-world exploitation risk.

Buffer Overflow Fh1203 Firmware Tenda
CVE-2025-6112 HIGH CVSS 8.8
Critical buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7 affecting the lanMask parameter in the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit this to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, making this an active exploitation risk.

Buffer Overflow Fh1205 Firmware Tenda
CVE-2025-6111 HIGH CVSS 8.8
Critical stack-based buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7(775) affecting the /goform/VirtualSer endpoint's 'page' parameter. An authenticated remote attacker can exploit this to achieve complete system compromise including arbitrary code execution, data exfiltration, and service disruption. The vulnerability has public exploit disclosure and demonstrated proof-of-concept availability, elevating immediate risk despite requiring valid credentials.

Buffer Overflow Fh1205 Firmware Tenda
CVE-2025-6110 HIGH CVSS 8.8
Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.

Buffer Overflow Fh1201 Firmware Tenda
CVE-2025-6104 HIGH CVSS 8.8
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.

PHP Command Injection
CVE-2025-6103 HIGH CVSS 8.8
A critical OS command injection vulnerability exists in Wifi-soft UniBox Controller versions up to 20250506 within the /billing/test_accesscodelogin.php file's Password parameter, allowing authenticated remote attackers to execute arbitrary system commands with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the vendor has not responded to early disclosure notifications, indicating active exploitation risk and lack of official patches.

PHP Command Injection
CVE-2025-6102 HIGH CVSS 8.8
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506, exploitable through the mac_address parameter in /authentication/logout.php. An authenticated attacker can remotely execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and the vendor has not responded to early disclosure attempts, significantly elevating real-world risk.

PHP Command Injection
CVE-2025-5689 HIGH CVSS 8.5
Privilege escalation flaw in authd's temporary user record handling during pre-authentication NSS operations that causes first-time SSH login users to be incorrectly assigned root group membership within their session context. This allows authenticated users (PR:L) to gain elevated group privileges over the network (AV:N) with low complexity, affecting system confidentiality (C:H) and integrity (I:L). The vulnerability has a high CVSS score of 8.5, though real-world exploitation requires valid login credentials and depends on authentication infrastructure specifics.

Privilege Escalation Linux Ssh Authentication Bypass Authd
CVE-2025-4987 HIGH CVSS 8.7
A cross-site scripting vulnerability (CVSS 8.7) that allows an attacker. High severity vulnerability requiring prompt remediation.

XSS
CVE-2025-3602 HIGH CVSS 7.5
Liferay Portal and DXP versions fail to implement depth limiting on GraphQL queries, enabling unauthenticated remote attackers to execute deeply nested queries that consume excessive server resources and cause denial-of-service. This affects Liferay Portal 7.4.0-7.4.3.97 and multiple DXP versions (2023.Q3.1-2023.Q3.2, 7.4 GA-Update 92, 7.3 GA-Update 35, 7.2 FP 8-20). With a CVSS 7.5 score, high network exploitability, and no authentication required, this represents a significant availability risk to exposed Liferay installations.

Information Disclosure Digital Experience Platform Liferay Portal
CVE-2025-3526 HIGH CVSS 7.5
A security vulnerability in Liferay Portal 7.0.0 (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.

Information Disclosure Digital Experience Platform Liferay Portal
CVE-2025-3464 HIGH CVSS 8.4
Race condition vulnerability in ASUS Armoury Crate that exploits a Time-of-check Time-of-use (TOCTOU) flaw to bypass authentication mechanisms. An authenticated local attacker can exploit this vulnerability to escalate privileges and potentially achieve integrity and availability impacts on the affected system. While the CVSS score of 8.4 is elevated, real-world exploitation requires local access and existing user privileges, limiting widespread impact.

Authentication Bypass
CVE-2025-49134 MEDIUM CVSS 5.3
A security vulnerability in Weblate (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Weblate Suse
CVE-2025-48992 MEDIUM CVSS 4.8
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Microsoft XSS Group Office
CVE-2025-47951 MEDIUM CVSS 4.9
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Information Disclosure Debian Weblate Suse
CVE-2025-46710 MEDIUM CVSS 5.7
Possible kernel exceptions caused by reading and writing kernel heap data after free.

Use After Free Information Disclosure Memory Corruption Ddk
CVE-2025-43200 MEDIUM CVSS 4.2
A denial of service vulnerability in This (CVSS 4.2). Risk factors: actively exploited (KEV-listed).

Apple Information Disclosure
CVE-2025-40729 MEDIUM CVSS 6.1
Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

PHP RCE XSS Customer Support System
CVE-2025-40727 MEDIUM CVSS 5.1
A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.

RCE XSS
CVE-2025-40726 MEDIUM CVSS 5.1
Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.

RCE XSS
CVE-2025-27587 MEDIUM CVSS 5.3
A security vulnerability in OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

OpenSSL Information Disclosure Ubuntu Debian Suse
CVE-2025-25265 MEDIUM CVSS 4.9
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the system’s file structure.

Authentication Bypass
CVE-2025-25264 MEDIUM CVSS 6.5
CVE-2025-25264 is a security vulnerability (CVSS 6.5) that allows the attacker. Remediation should follow standard vulnerability management procedures.

Java Information Disclosure
CVE-2025-6142 MEDIUM CVSS 6.3
A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF
CVE-2025-6136 MEDIUM CVSS 6.3
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Life Insurance Management System
CVE-2025-6135 MEDIUM CVSS 6.3
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Life Insurance Management System
CVE-2025-6134 MEDIUM CVSS 6.3
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Life Insurance Management System
CVE-2025-6133 MEDIUM CVSS 6.3
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Life Insurance Management System
CVE-2025-6126 MEDIUM CVSS 4.3
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP XSS Rail Pass Management System
CVE-2025-6122 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in code-projects Restaurant Order System 1.0. This affects an unknown part of the file /table.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Restaurant Order System
CVE-2025-6120 MEDIUM CVSS 5.3
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Buffer Overflow Ubuntu Debian Assimp Redhat
CVE-2025-6119 MEDIUM CVSS 5.3
A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Buffer Overflow Denial Of Service Ubuntu Debian Assimp
CVE-2025-6109 MEDIUM CVSS 4.3
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Path Traversal
CVE-2025-6108 MEDIUM CVSS 6.3
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Java Path Traversal
CVE-2025-6106 MEDIUM CVSS 4.3
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CSRF Wukong Crm
CVE-2025-6105 MEDIUM CVSS 4.3
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CSRF Jfinal Cms
CVE-2025-6101 MEDIUM CVSS 5.5
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.

RCE Code Injection
CVE-2025-6100 MEDIUM CVSS 6.3
A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi
CVE-2025-6099 MEDIUM CVSS 5.3
A security vulnerability in szluyu99 gin-vue-blog (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-6097 MEDIUM CVSS 5.3
A security vulnerability in UTT 进取 750W (CVSS 5.3). Risk factors: public PoC available.

Information Disclosure 750w Firmware
CVE-2025-6096 MEDIUM CVSS 6.3
A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Jasmin Ransomware
CVE-2025-4748 MEDIUM CVSS 4.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip...

Path Traversal
CVE-2025-4565 MEDIUM CVSS 5.3
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Python Denial Of Service Ubuntu Debian Protobuf Python
CVE-2025-2327 MEDIUM CVSS 5.1
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

Information Disclosure
CVE-2025-2091 MEDIUM CVSS 5.4
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google M Files Mobile Android
CVE-2025-24388 LOW CVSS 3.8
CVE-2025-24388 is a security vulnerability (CVSS 3.8) that allows parameter injection due. Remediation should follow standard vulnerability management procedures.

Code Injection
CVE-2025-6170 LOW CVSS 2.5
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Buffer Overflow Stack Overflow
CVE-2025-6141 LOW CVSS 3.3
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Buffer Overflow Ubuntu Debian
CVE-2025-6140 LOW CVSS 3.3
A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Denial Of Service Ubuntu Debian
CVE-2025-6139 LOW CVSS 3.9
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Authentication Bypass TOTOLINK
CVE-2025-6131 LOW CVSS 2.4
A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

XSS
CVE-2025-6127 LOW CVSS 3.5
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search-report.php. The manipulation of the argument serachdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
CVE-2025-6125 LOW CVSS 2.4
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
CVE-2025-6107 LOW CVSS 3.1
A security vulnerability in A vulnerability (CVSS 3.1). Risk factors: public PoC available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities