177 CVEs tracked today. 27 Critical, 47 High, 97 Medium, 6 Low.
-
CVE-2025-66409
CRITICAL
CVSS 9.1
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.
Information Disclosure
Buffer Overflow
Esp Idf
-
CVE-2025-65896
CRITICAL
CVSS 9.8
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
SQLi
Asyncmy
-
CVE-2025-65656
CRITICAL
CVSS 9.8
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
PHP
Lfi
Information Disclosure
Dcat Admin
-
CVE-2025-65358
CRITICAL
CVSS 9.8
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
PHP
SQLi
Edoc Doctor Appointment System
-
CVE-2025-60854
CRITICAL
CVSS 9.8
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.
Command Injection
R15 Firmware
D-Link
-
CVE-2025-60736
CRITICAL
CVSS 9.8
code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.
PHP
SQLi
Online Medicine Guide
-
CVE-2025-59703
CRITICAL
CVSS 9.1
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.
Authentication Bypass
Nshield Connect Xc Base Firmware
Nshield Hsmi Firmware
Nshield 5c Firmware
Nshield Connect Xc High Firmware
-
CVE-2025-59695
CRITICAL
CVSS 9.8
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
Authentication Bypass
Nshield Connect Xc Base Firmware
Nshield Connect Xc Mid Firmware
Nshield 5c Firmware
Nshield Hsmi Firmware
-
CVE-2025-59693
CRITICAL
CVSS 9.8
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.
Privilege Escalation
Nshield Connect Xc Base Firmware
Nshield 5c Firmware
Nshield Connect Xc Mid Firmware
Nshield Hsmi Firmware
-
CVE-2025-58386
CRITICAL
CVSS 9.8
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.
Authentication Bypass
Terminalfour
-
CVE-2025-41744
CRITICAL
CVSS 9.1
CVE-2025-41744 is a security vulnerability (CVSS 9.1) that allows an unprivileged remote attacker. Critical severity with potential for significant impact on affected systems.
Information Disclosure
Sprecon E T3 Firmware
Sprecon E P Firmware
Sprecon E C Firmware
-
CVE-2025-41742
CRITICAL
CVSS 9.8
CVE-2025-41742 is a security vulnerability (CVSS 9.8) that allows the attacker. Critical severity with potential for significant impact on affected systems.
Authentication Bypass
Sprecon E C Firmware
Sprecon E T3 Firmware
Sprecon E P Firmware
-
CVE-2025-41013
CRITICAL
CVSS 9.8
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.
SQLi
Gim
-
CVE-2025-13872
CRITICAL
CVSS 9.1
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of
ObjectPlanet Opinio 7.26 rev12562 on
Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests
to an arbitrary destination.
SSRF
Opinio
-
CVE-2025-13828
CRITICAL
CVSS 9.0
CVE-2025-13828 is a security vulnerability (CVSS 9.0). Critical severity with potential for significant impact on affected systems.
Authentication Bypass
-
CVE-2025-13658
CRITICAL
CVSS 9.3
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
RCE
Code Injection
-
CVE-2025-13542
CRITICAL
CVSS 9.8
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
Privilege Escalation
WordPress
PHP
-
CVE-2025-13510
CRITICAL
CVSS 9.3
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
Authentication Bypass
-
CVE-2025-11788
CRITICAL
CVSS 9.8
Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Heap Overflow
Buffer Overflow
Sge Plc1000 Firmware
Sge Plc50 Firmware
-
CVE-2025-11786
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.
Stack Overflow
Buffer Overflow
Sge Plc1000 Firmware
Sge Plc50 Firmware
-
CVE-2025-11785
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Stack Overflow
Buffer Overflow
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-11784
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Stack Overflow
Buffer Overflow
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-11783
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.
Stack Overflow
Buffer Overflow
RCE
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-11782
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.
Stack Overflow
Buffer Overflow
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-11780
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.
Buffer Overflow
Sge Plc1000 Firmware
Sge Plc50 Firmware
-
CVE-2025-11779
CRITICAL
CVSS 9.8
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
Command Injection
Stack Overflow
Buffer Overflow
Sge Plc1000 Firmware
Sge Plc50 Firmware
-
CVE-2025-11778
CRITICAL
CVSS 9.8
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
Heap Overflow
Buffer Overflow
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-66476
HIGH
CVSS 7.8
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
Information Disclosure
Microsoft
Ubuntu
Debian
Vim
-
CVE-2025-66468
HIGH
CVSS 7.6
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.
XSS
Grapesjs Cms
-
CVE-2025-66416
HIGH
CVSS 8.1
CVE-2025-66416 is a security vulnerability (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.
Authentication Bypass
Python
Mcp Python Sdk
Redhat
-
CVE-2025-66414
HIGH
CVSS 8.1
A security vulnerability in MCP TypeScript SDK (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.
Authentication Bypass
Mcp Typescript Sdk
-
CVE-2025-66399
HIGH
CVSS 8.8
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
Command Injection
Ubuntu
Debian
Cacti
Suse
-
CVE-2025-65877
HIGH
CVSS 7.5
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.
Information Disclosure
SQLi
Lvzhou Cms
-
CVE-2025-65844
HIGH
CVSS 7.5
EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary content (including non-image files) which could impersonate user/admin login panels (exfiltrating credentials) and to perform a denial-of-service attack by exhausting disk space.
File Upload
Evershop
-
CVE-2025-64778
HIGH
CVSS 7.3
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Authentication Bypass
-
CVE-2025-64642
HIGH
CVSS 8.0
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Information Disclosure
-
CVE-2025-64460
HIGH
CVSS 7.5
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
Information Disclosure
Python
Ubuntu
Debian
Django
-
CVE-2025-64298
HIGH
CVSS 8.4
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.
Information Disclosure
Microsoft
Windows
-
CVE-2025-62575
HIGH
CVSS 8.3
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
RCE
Microsoft
-
CVE-2025-61940
HIGH
CVSS 8.3
CVE-2025-61940 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.
Information Disclosure
Microsoft
Windows
-
CVE-2025-61729
HIGH
CVSS 7.5
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Information Disclosure
Ubuntu
Debian
Go
Redhat
-
CVE-2025-59702
HIGH
CVSS 7.2
A privilege escalation vulnerability (CVSS 7.2) that allows a physically proximate attacker with elevated privileges. Risk factors: public PoC available.
Information Disclosure
Nshield Connect Xc High Firmware
Nshield Connect Xc Base Firmware
Nshield 5c Firmware
Nshield Hsmi Firmware
-
CVE-2025-59697
HIGH
CVSS 7.2
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
Privilege Escalation
Nshield Connect Xc Base Firmware
Nshield Connect Xc High Firmware
Nshield 5c Firmware
Nshield Hsmi Firmware
-
CVE-2025-58482
HIGH
CVSS 7.3
A security vulnerability in MPLocalService of MotionPhoto (CVSS 7.3) that allows local attackers. High severity vulnerability requiring prompt remediation.
Information Disclosure
Motionphoto
-
CVE-2025-58481
HIGH
CVSS 7.3
A security vulnerability in MPRemoteService of MotionPhoto (CVSS 7.3) that allows local attackers. High severity vulnerability requiring prompt remediation.
Information Disclosure
Motionphoto
-
CVE-2025-41015
HIGH
CVSS 7.5
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.
Information Disclosure
Gim
-
CVE-2025-41014
HIGH
CVSS 7.5
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.
Information Disclosure
Gim
-
CVE-2025-34352
HIGH
CVSS 8.5
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.
Privilege Escalation
Denial Of Service
Microsoft
Windows
-
CVE-2025-20768
HIGH
CVSS 7.8
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.
Privilege Escalation
Information Disclosure
Buffer Overflow
Android
Google
-
CVE-2025-20767
HIGH
CVSS 7.8
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.
Memory Corruption
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-20766
HIGH
CVSS 7.8
CVE-2025-20766 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-20764
HIGH
CVSS 7.8
In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.
Memory Corruption
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-20763
HIGH
CVSS 7.8
In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.
Memory Corruption
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-13871
HIGH
CVSS 8.8
Cross-Site Request Forgery (CSRF) in the resource-management feature of
ObjectPlanet Opinio 7.26 rev12562
allows to upload
files on behalf of the connected users and then access such files without authentication.
CSRF
Opinio
-
CVE-2025-13827
HIGH
CVSS 8.8
Summary
Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.
ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.
RCE
File Upload
-
CVE-2025-13724
HIGH
CVSS 7.5
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
SQLi
WordPress
PHP
-
CVE-2025-13721
HIGH
CVSS 7.5
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Google
Information Disclosure
Race Condition
Ubuntu
Debian
-
CVE-2025-13720
HIGH
CVSS 8.8
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Google
Information Disclosure
Ubuntu
Debian
Chrome
-
CVE-2025-13639
HIGH
CVSS 8.1
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Google
XSS
Ubuntu
Debian
Chrome
-
CVE-2025-13638
HIGH
CVSS 8.8
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Google
Denial Of Service
Memory Corruption
Use After Free
Ubuntu
-
CVE-2025-13633
HIGH
CVSS 8.8
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google
Denial Of Service
Memory Corruption
Use After Free
Ubuntu
-
CVE-2025-13631
HIGH
CVSS 8.8
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
Google
Privilege Escalation
Ubuntu
Debian
Chrome
-
CVE-2025-13630
HIGH
CVSS 8.8
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google
Information Disclosure
Memory Corruption
Ubuntu
Debian
-
CVE-2025-13516
HIGH
CVSS 8.1
The SureMail - SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file() function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessible directory (wp-content/uploads/suremails/attachments/) without validating file extensions or content types. Files are saved with predictable names derived from MD5 hashes of their content. While the plugin attempts to protect this directory with an Apache .htaccess file to disable PHP execution, this protection is ineffective on nginx, IIS, and Lighttpd servers, or on misconfigured Apache installations. This makes it possible for unauthenticated attackers to achieve Remote Code Execution by uploading malicious PHP files through any public form that emails attachments, calculating the predictable filename, and directly accessing the file to execute arbitrary code granted they are exploiting a site running on an affected web server configuration.
WordPress
File Upload
Nginx
Apache
PHP
-
CVE-2025-13387
HIGH
CVSS 7.2
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
WordPress
XSS
PHP
-
CVE-2025-13295
HIGH
CVSS 7.5
Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.
Information Disclosure
Bilger
-
CVE-2025-13000
HIGH
CVSS 7.7
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
SQLi
WordPress
Db Access
PHP
-
CVE-2025-12529
HIGH
CVSS 8.8
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable.
PHP
WordPress
RCE
-
CVE-2025-12465
HIGH
CVSS 8.6
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
SQLi
-
CVE-2025-11789
HIGH
CVSS 7.5
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.
Information Disclosure
Buffer Overflow
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-11787
HIGH
CVSS 8.8
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Command Injection
Sge Plc1000 Firmware
Sge Plc50 Firmware
-
CVE-2025-11781
HIGH
CVSS 7.8
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
Authentication Bypass
Sge Plc50 Firmware
Sge Plc1000 Firmware
-
CVE-2025-10971
HIGH
CVSS 8.8
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
Google
Information Disclosure
Android
-
CVE-2024-45675
HIGH
CVSS 8.4
CVE-2024-45675 is a security vulnerability (CVSS 8.4) that allows a local user. High severity vulnerability requiring prompt remediation.
Information Disclosure
IBM
Informix Dynamic Server
-
CVE-2025-66460
MEDIUM
CVSS 6.1
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popup view, but it is most probably also exploitable in many other places. This vulnerability is fixed in 1.35.3.
XSS
Lookyloo
-
CVE-2025-66459
MEDIUM
CVSS 6.1
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, the error field is populated with an error message that contains the bad URL they tried to capture, triggering the XSS. This vulnerability is fixed in 1.35.3.
XSS
Lookyloo
-
CVE-2025-66458
MEDIUM
CVSS 6.1
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document containing JS code in a script element. This vulnerability is fixed in 1.35.3.
XSS
Lookyloo
-
CVE-2025-66454
MEDIUM
CVSS 6.5
A security vulnerability in Arcade MCP (CVSS 6.5) that allows you. Remediation should follow standard vulnerability management procedures.
Authentication Bypass
-
CVE-2025-65955
MEDIUM
CVSS 4.9
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Denial Of Service
Ubuntu
Debian
Imagemagick
Redhat
-
CVE-2025-65881
MEDIUM
CVSS 6.1
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
PHP
XSS
Zoo Management System
-
CVE-2025-65657
MEDIUM
CVSS 6.5
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
PHP
RCE
Command Injection
File Upload
Feehicms
-
CVE-2025-65380
MEDIUM
CVSS 6.5
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
PHP
SQLi
Billing System
-
CVE-2025-65379
MEDIUM
CVSS 6.5
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
PHP
SQLi
Billing System
-
CVE-2025-65215
MEDIUM
CVSS 6.1
Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.
PHP
XSS
Web Based Pharmacy Product Management System
-
CVE-2025-65187
MEDIUM
CVSS 6.1
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
XSS
Ubuntu
Debian
Civicrm
-
CVE-2025-65186
MEDIUM
CVSS 6.1
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
XSS
Grav
-
CVE-2025-65105
MEDIUM
CVSS 4.5
A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Information Disclosure
Debian
Redhat
Ubuntu
Apptainer
-
CVE-2025-64750
MEDIUM
CVSS 4.5
A remote code execution vulnerability (CVSS 4.5). Remediation should follow standard vulnerability management procedures.
Information Disclosure
Ubuntu
Debian
Suse
-
CVE-2025-64070
MEDIUM
CVSS 5.4
Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.
XSS
Student Grades Management System
-
CVE-2025-63872
MEDIUM
CVSS 6.1
DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content.
XSS
Deepseek
-
CVE-2025-59705
MEDIUM
CVSS 6.8
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.
Privilege Escalation
Nshield 5c Firmware
Nshield Connect Xc High Firmware
Nshield Connect Xc Mid Firmware
Nshield Hsmi Firmware
-
CVE-2025-59704
MEDIUM
CVSS 4.6
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.
Authentication Bypass
Nshield Connect Xc Base Firmware
Nshield 5c Firmware
Nshield Connect Xc High Firmware
Nshield Connect Xc Mid Firmware
-
CVE-2025-59701
MEDIUM
CVSS 4.1
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).
Information Disclosure
Nshield Hsmi Firmware
Nshield Connect Xc High Firmware
Nshield 5c Firmware
Nshield Connect Xc Mid Firmware
-
CVE-2025-59699
MEDIUM
CVSS 6.8
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.
Authentication Bypass
Nshield Connect Xc High Firmware
Nshield Connect Xc Mid Firmware
Nshield 5c Firmware
Nshield Connect Xc Base Firmware
-
CVE-2025-59698
MEDIUM
CVSS 6.8
CVE-2025-59698 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.
Information Disclosure
Nshield 5c Firmware
Nshield Connect Xc Mid Firmware
Nshield Connect Xc Base Firmware
Nshield Connect Xc High Firmware
-
CVE-2025-59694
MEDIUM
CVSS 6.8
CVE-2025-59694 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.
Information Disclosure
Nshield Hsmi Firmware
Nshield Connect Xc Base Firmware
Nshield Connect Xc Mid Firmware
Nshield Connect Xc High Firmware
-
CVE-2025-58488
MEDIUM
CVSS 4.5
Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
Information Disclosure
Smart Touch Call
-
CVE-2025-58487
MEDIUM
CVSS 4.0
A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.
Samsung
Information Disclosure
Account
-
CVE-2025-58486
MEDIUM
CVSS 4.0
A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.
Samsung
Information Disclosure
Account
-
CVE-2025-58485
MEDIUM
CVSS 5.5
A security vulnerability in Samsung Internet (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.
Samsung
Code Injection
Internet
-
CVE-2025-58484
MEDIUM
CVSS 4.0
A security vulnerability in Samsung Cloud Assistant (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.
Samsung
Information Disclosure
-
CVE-2025-58483
MEDIUM
CVSS 5.9
A security vulnerability in Galaxy Store for Galaxy Watch (CVSS 5.9) that allows local attacker. Remediation should follow standard vulnerability management procedures.
Google
Information Disclosure
Galaxy Store
Android
-
CVE-2025-58480
MEDIUM
CVSS 4.3
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Memory Corruption
Buffer Overflow
Android
-
CVE-2025-58479
MEDIUM
CVSS 4.3
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Information Disclosure
Buffer Overflow
Android
-
CVE-2025-58478
MEDIUM
CVSS 4.3
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Memory Corruption
Buffer Overflow
Android
-
CVE-2025-58477
MEDIUM
CVSS 4.3
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Memory Corruption
Buffer Overflow
Android
-
CVE-2025-58476
MEDIUM
CVSS 4.2
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
Information Disclosure
Buffer Overflow
Android
-
CVE-2025-58475
MEDIUM
CVSS 5.6
A security vulnerability in libsec-ril.so (CVSS 5.6) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.
Buffer Overflow
Android
-
CVE-2025-58113
MEDIUM
CVSS 6.5
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Information Disclosure
Buffer Overflow
Pdf Xchange Editor
-
CVE-2025-57850
MEDIUM
CVSS 6.4
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Privilege Escalation
Redhat
-
CVE-2025-55181
MEDIUM
CVSS 5.3
CVE-2025-55181 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Denial Of Service
Proxygen
-
CVE-2025-55129
MEDIUM
CVSS 5.4
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
Information Disclosure
Revive Adserver
-
CVE-2025-52622
MEDIUM
CVSS 5.4
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.
XSS
-
CVE-2025-41743
MEDIUM
CVSS 4.0
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
Information Disclosure
Sprecon E P Firmware
Sprecon E C Firmware
Sprecon E T3 Firmware
-
CVE-2025-41086
MEDIUM
CVSS 6.5
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
Authentication Bypass
Gams
-
CVE-2025-41066
MEDIUM
CVSS 5.3
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.
PHP
Information Disclosure
Ubuntu
Debian
Groupware
-
CVE-2025-41012
MEDIUM
CVSS 5.3
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
Authentication Bypass
Gim
-
CVE-2025-40700
MEDIUM
CVSS 6.1
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
XSS
Governalia
-
CVE-2025-21080
MEDIUM
CVSS 6.2
A security vulnerability in Dynamic Lockscreen (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.
Google
Information Disclosure
Android
-
CVE-2025-21072
MEDIUM
CVSS 5.7
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Memory Corruption
Buffer Overflow
Android
-
CVE-2025-20792
MEDIUM
CVSS 5.3
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01717526; Issue ID: MSV-5591.
Denial Of Service
Nr15
-
CVE-2025-20791
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.
Denial Of Service
Nr15
-
CVE-2025-20790
MEDIUM
CVSS 5.3
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01677581; Issue ID: MSV-4701.
Denial Of Service
Null Pointer Dereference
Nr15
-
CVE-2025-20789
MEDIUM
CVSS 4.4
In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.
Information Disclosure
Android
Google
-
CVE-2025-20788
MEDIUM
CVSS 4.4
In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.
Denial Of Service
Buffer Overflow
Android
Google
-
CVE-2025-20777
MEDIUM
CVSS 6.7
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
Memory Corruption
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-20776
MEDIUM
CVSS 6.7
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
Privilege Escalation
Information Disclosure
Buffer Overflow
Android
Google
-
CVE-2025-20775
MEDIUM
CVSS 6.7
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Denial Of Service
Privilege Escalation
Buffer Overflow
Memory Corruption
Use After Free
-
CVE-2025-20774
MEDIUM
CVSS 6.7
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
Heap Overflow
Privilege Escalation
Buffer Overflow
Android
Google
-
CVE-2025-20773
MEDIUM
CVSS 6.7
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
Denial Of Service
Privilege Escalation
Buffer Overflow
Memory Corruption
Use After Free
-
CVE-2025-20772
MEDIUM
CVSS 6.7
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Denial Of Service
Privilege Escalation
Buffer Overflow
Memory Corruption
Use After Free
-
CVE-2025-20771
MEDIUM
CVSS 6.7
CVE-2025-20771 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
Privilege Escalation
Android
Google
-
CVE-2025-20770
MEDIUM
CVSS 6.7
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
Denial Of Service
Privilege Escalation
Buffer Overflow
Memory Corruption
Use After Free
-
CVE-2025-20769
MEDIUM
CVSS 6.7
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
Privilege Escalation
Stack Overflow
Buffer Overflow
Android
Google
-
CVE-2025-20765
MEDIUM
CVSS 4.7
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
Denial Of Service
Race Condition
Openwrt
Android
Yocto
-
CVE-2025-20759
MEDIUM
CVSS 6.5
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.
Information Disclosure
Denial Of Service
Buffer Overflow
Nr16
Nr15
-
CVE-2025-20758
MEDIUM
CVSS 4.9
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Denial Of Service
Nr16
Nr15
Nr17r
Nr17
-
CVE-2025-20757
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.
Denial Of Service
Nr15
-
CVE-2025-20756
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.
Denial Of Service
Nr15
-
CVE-2025-20755
MEDIUM
CVSS 5.3
In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.
Denial Of Service
Null Pointer Dereference
Nr15
-
CVE-2025-20754
MEDIUM
CVSS 5.3
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
Denial Of Service
Nr17r
Nr17
Nr15
Nr16
-
CVE-2025-20753
MEDIUM
CVSS 5.3
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689252; Issue ID: MSV-4841.
Denial Of Service
Nr15
Nr16
-
CVE-2025-20752
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
Denial Of Service
Nr16
Nr17r
Nr15
Nr17
-
CVE-2025-20751
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661195; Issue ID: MSV-4297.
Memory Corruption
Denial Of Service
Buffer Overflow
Nr15
-
CVE-2025-20750
MEDIUM
CVSS 6.5
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.
Denial Of Service
Null Pointer Dereference
Nr15
-
CVE-2025-13877
MEDIUM
CVSS 5.6
A security vulnerability in nocobase (CVSS 5.6). Remediation should follow standard vulnerability management procedures.
Information Disclosure
-
CVE-2025-13876
MEDIUM
CVSS 5.3
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Google
Path Traversal
Hd Video Player All Formats
Android
-
CVE-2025-13875
MEDIUM
CVSS 6.3
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Java
Path Traversal
-
CVE-2025-13873
MEDIUM
CVSS 5.4
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
XSS
Opinio
-
CVE-2025-13731
MEDIUM
CVSS 6.4
The Nexter Extension - Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
WordPress
XSS
PHP
-
CVE-2025-13697
MEDIUM
CVSS 6.4
The BlockArt Blocks - Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
WordPress
XSS
PHP
-
CVE-2025-13696
MEDIUM
CVSS 5.3
The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. This makes it possible for unauthenticated attackers to extract sensitive form submission data including personal information, payment details, and other private data via the rocket_front_payment_seesummary action by enumerating sequential form_r_id values.
Information Disclosure
WordPress
PHP
-
CVE-2025-13685
MEDIUM
CVSS 4.3
The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for unauthenticated attackers to perform bulk operations (delete, publish, or unpublish galleries) via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
CSRF
WordPress
PHP
-
CVE-2025-13637
MEDIUM
CVSS 4.3
A security vulnerability in Downloads in Google Chrome (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Google
Authentication Bypass
Ubuntu
Debian
Chrome
-
CVE-2025-13636
MEDIUM
CVSS 4.3
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
Google
Authentication Bypass
Ubuntu
Debian
Chrome
-
CVE-2025-13635
MEDIUM
CVSS 4.4
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Google
Authentication Bypass
Ubuntu
Debian
Chrome
-
CVE-2025-13634
MEDIUM
CVSS 4.4
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
Google
Authentication Bypass
Microsoft
Ubuntu
Debian
-
CVE-2025-13632
MEDIUM
CVSS 5.4
A security vulnerability in DevTools in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
Google
Information Disclosure
Ubuntu
Debian
Chrome
-
CVE-2025-13606
MEDIUM
CVSS 6.5
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the `parseData` function. This makes it possible for unauthenticated attackers to export sensitive information including user data, email addresses, password hashes, and WooCommerce data to an attacker-controlled file path on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CSRF
WordPress
PHP
-
CVE-2025-13534
MEDIUM
CVSS 6.3
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data.
Authentication Bypass
Privilege Escalation
WordPress
Wsdesk
PHP
-
CVE-2025-13505
MEDIUM
CVSS 4.8
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6.
XSS
Datactive
-
CVE-2025-13372
MEDIUM
CVSS 4.3
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
SQLi
PostgreSQL
Python
Ubuntu
Debian
-
CVE-2025-13353
MEDIUM
CVSS 5.5
In gokey versions <0.2.0,
a flaw in the seed decryption logic resulted in passwords incorrectly
being derived solely from the initial vector and the AES-GCM
authentication tag of the key seed.
This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.
Impact
This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s
option) are not impacted. The confidentiality of the seed itself is
also not impacted (it is not required to regenerate the seed itself).
Specific impact includes:
* keys/secrets generated from a seed file may have lower entropy: it
was expected that the whole seed would be used to generate keys (240
bytes of entropy input), where in vulnerable versions only 28 bytes was
used
* a malicious entity could have recovered all passwords, generated
from a particular seed, having only the seed file in possession without
the knowledge of the seed master password
Patches
The code logic bug has been fixed in gokey version 0.2.0
and above. Due to the deterministic nature of gokey, fixed versions
will produce different passwords/secrets using seed files, as all seed
entropy will be used now.
System secret rotation guidance
It is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0
and above), and provision/rotate these secrets into respective systems
in place of the old secret. A specific rotation procedure is
system-dependent, but most common patterns are described below.
Systems that do not require the old password/secret for rotation
Such systems usually have a "Forgot password" facility or a
similar facility allowing users to rotate their password/secrets by
sending a unique "magic" link to the user's email or phone. In such
cases users are advised to use this facility and input the newly
generated password secret, when prompted by the system.
Systems that require the old password/secret for rotation
Such systems usually have a modal password rotation window
usually in the user settings section requiring the user to input the
old and the new password sometimes with a confirmation. To
generate/recover the old password in such cases users are advised to:
* temporarily download gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3 for their respective operating system to recover the old password
* use gokey version 0.2.0 or above to generate the new password
* populate the system provided password rotation form
Systems that allow multiple credentials for the same account to be provisioned
Such systems usually require a secret or a cryptographic
key as a credential for access, but allow several credentials at the
same time. One example is SSH: a particular user may have several
authorized public keys configured on the SSH server for access. For such
systems users are advised to:
* generate a new secret/key/credential using gokey version 0.2.0 or above
* provision the new secret/key/credential in addition to the existing credential on the system
* verify that the access or required system operation is still possible with the new secret/key/credential
* revoke authorization for the existing/old credential from the system
Credit
This vulnerability was found by Théo Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare's bug bounty program.
Information Disclosure
Ubuntu
Debian
Gokey
Suse
-
CVE-2025-13140
MEDIUM
CVSS 4.3
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to delete surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CSRF
WordPress
PHP
-
CVE-2025-13090
MEDIUM
CVSS 4.9
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
SQLi
WordPress
PHP
-
CVE-2025-13007
MEDIUM
CVSS 6.1
The WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, granted they can post malicious content to a connected Google Business Profile or Facebook page.
Google
WordPress
XSS
PHP
-
CVE-2025-13001
MEDIUM
CVSS 4.1
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
SQLi
WordPress
Donations
PHP
-
CVE-2025-12630
MEDIUM
CVSS 4.9
A security vulnerability in Upload.am WordPress (CVSS 4.9). Remediation should follow standard vulnerability management procedures.
Information Disclosure
WordPress
PHP
-
CVE-2025-12483
MEDIUM
CVSS 6.5
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Version 3.11.13 raises the minimum user-level for exploitation to administrator. 3.11.14 fully patches the vulnerability.
SQLi
WordPress
PHP
-
CVE-2025-11726
MEDIUM
CVSS 4.3
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespace that control site-wide Global Presets. This makes it possible for authenticated attackers with contributor-level access and above to add, modify, or delete global color and background presets that affect all Beaver Builder content site-wide.
Authentication Bypass
WordPress
Beaver Builder
PHP
-
CVE-2025-10543
MEDIUM
CVSS 5.3
A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Information Disclosure
Paho Mqtt
Redhat
Suse
-
CVE-2025-65858
LOW
CVSS 3.5
A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.
XSS
Debian
-
CVE-2025-59700
LOW
CVSS 3.9
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
Information Disclosure
-
CVE-2025-59696
LOW
CVSS 3.2
CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.
Information Disclosure
-
CVE-2025-13879
LOW
CVSS 2.7
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
PHP
Path Traversal
-
CVE-2025-13870
LOW
CVSS 3.1
Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to
Authentication Bypass
Debian
-
CVE-2025-13640
LOW
CVSS 3.5
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
Google
Authentication Bypass
Ubuntu
Debian
Chrome