Skip to main content
CVE-2025-53498 MEDIUM PATCH This Month

CVE-2025-53498 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53532 MEDIUM This Month

A security vulnerability in giscus (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53173 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53178 MEDIUM This Month

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-6711 MEDIUM PATCH This Month

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21.

Information Disclosure Ubuntu Debian MongoDB
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20322 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information.

CSRF Denial Of Service Splunk Cloud Platform Splunk
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20323 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

Authentication Bypass Splunk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20300 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53374 MEDIUM PATCH This Month

A security vulnerability in Dokploy (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Dokploy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53543 MEDIUM PATCH This Month

Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.

XSS
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-53175 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53174 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53172 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53171 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-58117 MEDIUM This Month

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53170 MEDIUM This Month

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53177 LOW Monitor

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

Privilege Escalation
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-53176 LOW Monitor

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-20325 LOW PATCH Monitor

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. <br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information.

Information Disclosure Splunk
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-7099 LOW Monitor

A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Deserialization PHP
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-53535 LOW PATCH Monitor

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This vulnerability is fixed in 1.2.10.

Open Redirect
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7100 LOW Monitor

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7101 LOW Monitor

A security vulnerability in BoyunCMS (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7102 LOW Monitor

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7103 LOW Monitor

A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy