Skip to main content
CVE-2025-6556 MEDIUM PATCH This Month

A remote code execution vulnerability in Loader in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu Debian Chrome +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6534 LOW POC Monitor

A remote code execution vulnerability in xxyopen/201206030 novel-plus (CVSS 4.2). Risk factors: public PoC available.

Information Disclosure Java
NVD VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-52883 MEDIUM PATCH This Month

A security vulnerability in Meshtastic-Android (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49147 MEDIUM PATCH This Month

A remote code execution vulnerability in versions 10.0.0 (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23260 MEDIUM This Month

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Information Disclosure Kubernetes Aistore
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-48461 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wise 4050lan Firmware Wise 4060lan Firmware Wise 4010lan Firmware
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-6425 MEDIUM PATCH This Month

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-36519 MEDIUM This Month

Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product.

File Upload RCE
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2025-6434 MEDIUM PATCH This Month

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

XSS Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53021 MEDIUM PATCH This Month

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Information Disclosure Ubuntu Debian Moodle
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-52880 MEDIUM PATCH This Month

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker perform actions on the victim's behalf. When targeting an admin user, this can be combined with controlling a server-side command to achieve arbitrary code execution. For this vulnerability to be exploited, a malicious EPUB file has to be present in a Komga library, and subsequently accessed in the Epub reader by an admin user. Version 1.22.0 contains a patch for the issue.

RCE XSS
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-53073 MEDIUM This Month

A security vulnerability in Sentry 25.1.0 (CVSS 4.2). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-48462 MEDIUM This Month

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.

Denial Of Service Wise 4060lan Firmware Wise 4010lan Firmware Wise 4050lan Firmware
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-48470 MEDIUM This Month

Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.

XSS Privilege Escalation Wise 4060lan Firmware Wise 4010lan Firmware Wise 4050lan Firmware
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-48463 LOW Monitor

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.

Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-6531 LOW Monitor

A security vulnerability in SIFUSM/MZZYG BD S1 (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6536 LOW PATCH Monitor

A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-52884 LOW PATCH Monitor

A security vulnerability in RISC Zero (CVSS 1.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub
CVSS 4.0
1.7
EPSS
0.1%
CVE-2025-52882 PATCH Monitor

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation would allow an attacker to read arbitrary files, see the list of files open in the IDE, get selection and diagnostics events from the IDE, or execute code in limited situations where a user has an open Jupyter Notebook and accepts a malicious prompt. In JetBrains IDEs, an attacker could get selection events, a list of open files, and a list of syntax errors. Claude released a patch for this issue on June 13th, 2025. Although Claude Code auto-updates when a user launch it and auto-updates the extensions, users should take the following steps, though the exact steps depend on one's integrated development environment (IDE). For VSCode, Cursor, Windsurf, VSCodium, and other VSCode forks, check the extension Claude Code for VSCode. Open the list of Extensions (View->Extensions), look for Claude Code for VSCode among installed extensions, update or uninstall any version prior to 1.0.24, and restart the IDE. For JetBrains IDEs including IntelliJ, PyCharm, and Android Studio, check the plugin Claude Code [Beta]. Open the Plugins list, look for Claude Code [Beta] among installed extensions, update or uninstall any version prior to 0.1.9, and restart the IDE.

Google RCE Android
NVD GitHub
EPSS
0.1%
CVE-2025-52570 PATCH Monitor

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2025-52979 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52978 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52977 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52976 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52975 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52974 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52973 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52972 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52971 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy