Skip to main content
CVE-2025-57200 MEDIUM POC This Month

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Command Injection Dgm1104 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
5.3%
CVE-2025-64527 MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66404 MEDIUM POC PATCH This Month

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.

Command Injection Kubernetes Mcp Server Kubernetes
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-65841 MEDIUM POC This Month

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user.

Authentication Bypass Apple Aquarius
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-62686 MEDIUM POC This Month

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.

Privilege Escalation Apple RCE Installation Manager macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-55076 MEDIUM POC This Month

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Privilege Escalation Apple Installation Manager macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-57202 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.

XSS Dgm1104 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-13945 MEDIUM POC PATCH This Month

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Denial Of Service Ubuntu Debian Wireshark Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13946 MEDIUM POC PATCH This Month

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

Denial Of Service Ubuntu Debian Wireshark Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-50361 MEDIUM POC This Month

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.

Buffer Overflow Debian Smallbasic
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-65842 MEDIUM POC This Month

The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.

Privilege Escalation Apple Aquarius Helpertool macOS
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66220 MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-65097 MEDIUM PATCH This Month

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No ownership verification is performed before deleting collections. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.

Authentication Bypass Romm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13359 MEDIUM PATCH This Month

The Tag, Category, and Taxonomy Manager - AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database granted they have metabox access for the taxonomy (enabled by default for contributors).

WordPress SQLi Taxopress PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65345 MEDIUM This Month

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.

Path Traversal Laravel File Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-61727 MEDIUM PATCH This Month

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Information Disclosure Ubuntu Debian Go Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13448 MEDIUM This Month

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13401 MEDIUM This Month

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create_img_preload_tag" function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-29864 MEDIUM PATCH This Month

A security vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass (CVSS 6.2). Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-63402 MEDIUM This Month

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests

RCE Denial Of Service Dragon
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-63401 MEDIUM This Month

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

XSS RCE Dragon
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-66453 MEDIUM PATCH This Month

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13751 MEDIUM PATCH This Month

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Microsoft Denial Of Service Debian Openvpn Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20381 MEDIUM PATCH This Month

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12887 MEDIUM This Month

A security vulnerability in for WordPress is vulnerable to authorization bypass in all (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-10304 MEDIUM This Month

A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53965 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.

Buffer Overflow Samsung Modem 5300 Firmware Exynos 2200 Firmware Exynos 1280 Firmware +15
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20384 MEDIUM PATCH This Month

A security vulnerability in Splunk Enterprise (CVSS 5.3) that allows them. Remediation should follow standard vulnerability management procedures.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-39665 MEDIUM PATCH This Month

CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Nagvis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12585 MEDIUM This Month

The MxChat - AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12084 MEDIUM PATCH This Month

CVE-2025-12084 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Python Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13472 MEDIUM PATCH This Month

A remote code execution vulnerability in BlazeMeter Jenkins Plugin (CVSS 5.3) that allows users only with certain permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Jenkins
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-66406 MEDIUM PATCH This Month

A security vulnerability in Step CA (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-13495 MEDIUM This Month

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13992 MEDIUM PATCH This Month

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20389 MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

Denial Of Service Splunk Splunk Secure Gateway Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20383 MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

Information Disclosure Splunk Splunk Secure Gateway Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65096 MEDIUM PATCH This Month

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/private before returning collection data. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.

Authentication Bypass Romm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13756 MEDIUM This Month

A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13354 MEDIUM PATCH This Month

The Tag, Category, and Taxonomy Manager - AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.

Authentication Bypass WordPress Taxopress PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13109 MEDIUM This Month

A remote code execution vulnerability in for WordPress is vulnerable to Insecure Direct Object Reference in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12358 MEDIUM This Month

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incorrect permissions callback in the "Api/init" function. This makes it possible for unauthenticated attackers to add or remove products from a user's wishlist via a forged request granted they can trick a site's user into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy