Patch Tuesday — July 2025

2025-07-08 · 1031 CVEs

CVEs published or modified the week of 2025-07-08, partitioned by vendor.

Microsoft (184 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47981Critical9.82025-07-08Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2025-49753High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49740High8.82025-07-08Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-49739High8.82025-07-08Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-49729High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49724High8.82025-07-08Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVE-2025-49723High8.82025-07-08Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
CVE-2025-49704High8.8KEV2025-07-08Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49701High8.82025-07-08Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49688High8.82025-07-08Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49687High8.82025-07-08Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-49676High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49674High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49673High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49672High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49669High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49668High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49663High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49657High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-48824High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-48817High8.82025-07-08Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-47998High8.82025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-47986High8.82025-07-08Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48822High8.62025-07-08Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2025-49717High8.52025-07-08Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
CVE-2025-49697High8.42025-07-08Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696High8.42025-07-08Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49695High8.42025-07-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49735High8.12025-07-08Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
CVE-2025-33054High8.12025-07-08Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49691High8.02025-07-08Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-47972High8.02025-07-08Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
CVE-2025-47178High8.02025-07-08Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
CVE-2025-52521High7.82025-07-10Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-47133High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47132High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47131High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47130High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47129High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47128High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47127High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47126High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47125High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47124High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47123High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47122High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47121High7.82025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47099High7.82025-07-08InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47098High7.82025-07-08InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47097High7.82025-07-08InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49532High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49531High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49530High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49529High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49528High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49527High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49526High7.82025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47136High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47134High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47103High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43594High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43592High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43591High7.82025-07-08InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30312High7.82025-07-08Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49742High7.82025-07-08Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
CVE-2025-49738High7.82025-07-08Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49733High7.82025-07-08Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-49732High7.82025-07-08Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49730High7.82025-07-08Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVE-2025-49726High7.82025-07-08Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49725High7.82025-07-08Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49721High7.82025-07-08Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49714High7.82025-07-08Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
CVE-2025-49711High7.82025-07-08Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-49705High7.82025-07-08Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-49703High7.82025-07-08Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49702High7.82025-07-08Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49700High7.82025-07-08Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49698High7.82025-07-08Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49694High7.82025-07-08Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-49693High7.82025-07-08Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-49689High7.82025-07-08Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49686High7.82025-07-08Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2025-49683High7.82025-07-08Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
CVE-2025-49679High7.82025-07-08Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-49675High7.82025-07-08Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49667High7.82025-07-08Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-49665High7.82025-07-08Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
CVE-2025-49661High7.82025-07-08Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-49660High7.82025-07-08Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
CVE-2025-49659High7.82025-07-08Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
CVE-2025-48820High7.82025-07-08Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48816High7.82025-07-08Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
CVE-2025-48815High7.82025-07-08Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48806High7.82025-07-08Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
CVE-2025-48805High7.82025-07-08Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
CVE-2025-48799High7.82025-07-08Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48000High7.82025-07-08Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47996High7.82025-07-08Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47994High7.82025-07-08Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47993High7.82025-07-08Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-47991High7.82025-07-08Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-47987High7.82025-07-08Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
CVE-2025-47985High7.82025-07-08Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
CVE-2025-47982High7.82025-07-08Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47976High7.82025-07-08Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47973High7.82025-07-08Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47971High7.82025-07-08Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47159High7.82025-07-08Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-53378High7.62025-07-10A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vu…
CVE-2024-43394High7.52025-07-10Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input.
CVE-2025-49719High7.52025-07-08Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
CVE-2025-49718High7.52025-07-08Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
CVE-2025-49716High7.52025-07-08Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
CVE-2025-48814High7.52025-07-08Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-47988High7.52025-07-08Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-47984High7.52025-07-08Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
CVE-2025-49690High7.42025-07-08Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49682High7.32025-07-08Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49680High7.32025-07-08Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
CVE-2025-49666High7.22025-07-08Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
CVE-2025-48821High7.12025-07-08Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-48819High7.12025-07-08Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-49744High7.02025-07-08Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49737High7.02025-07-08Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
CVE-2025-49727High7.02025-07-08Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-49699High7.02025-07-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49685High7.02025-07-08Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49678High7.02025-07-08Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2025-49677High7.02025-07-08Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-47975High7.02025-07-08Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-7326High7.02025-07-08Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-48818Medium6.82025-07-08Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48804Medium6.82025-07-08Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48800Medium6.82025-07-08Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48003Medium6.82025-07-08Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48001Medium6.82025-07-08Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-47999Medium6.82025-07-08Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-48811Medium6.72025-07-08Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-48803Medium6.72025-07-08Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-49706Medium6.5KEV2025-07-08Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49681Medium6.52025-07-08Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49671Medium6.52025-07-08Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49670Medium6.52025-07-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-48802Medium6.52025-07-08Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
CVE-2025-47978Medium6.52025-07-08Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2025-3630Medium6.42025-07-08IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting.
CVE-2025-47963Medium6.32025-07-11No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-47980Medium6.22025-07-08Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2023-43039Medium6.12025-07-08IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting.
CVE-2025-21195Medium6.02025-07-08Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
CVE-2025-48823Medium5.92025-07-08Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
CVE-2025-49722Medium5.72025-07-08Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
CVE-2025-48002Medium5.72025-07-08Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
CVE-2025-47182Medium5.62025-07-11Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
CVE-2025-47120Medium5.52025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47119Medium5.52025-07-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-49525Medium5.52025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49524Medium5.52025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-30313Medium5.52025-07-08Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27165Medium5.52025-07-08Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47135Medium5.52025-07-08Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49684Medium5.52025-07-08Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-49664Medium5.52025-07-08Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
CVE-2025-49658Medium5.52025-07-08Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
CVE-2025-48812Medium5.52025-07-08Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-48810Medium5.52025-07-08Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.
CVE-2025-48809Medium5.52025-07-08Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-48808Medium5.52025-07-08Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-47109Medium5.52025-07-08After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-43587Medium5.52025-07-08After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-43580Medium5.52025-07-08Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service.
CVE-2025-26636Medium5.52025-07-08Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-47964Medium5.42025-07-11Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-2793Medium5.42025-07-08IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting.
CVE-2025-27367Medium5.32025-07-08IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially cr…
CVE-2024-49784Medium5.32025-07-08IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode.
CVE-2024-49783Medium5.32025-07-08IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data.
CVE-2025-1112Medium4.32025-07-09IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVE-2025-27369Medium4.32025-07-08IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages.
CVE-2025-2827Medium4.32025-07-08IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
CVE-2025-49760Low3.52025-07-08External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
CVE-2025-49756Low3.32025-07-08Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
CVE-2025-49731Low3.12025-07-08Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

Other vendors (847 CVEs across 195 vendors)

Linux · 67 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-38341High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error.
CVE-2025-38338High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Sometimes, when a file was read while it was being truncated by another NFS client, the kernel could deadl…
CVE-2025-38317High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption.
CVE-2025-38295High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() The Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly use…
CVE-2025-38289High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver u…
CVE-2025-38288High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id() when called in preemptible kernels by…
CVE-2025-38279High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following warning appears in kernel dmesg: [ 60…
CVE-2025-38270High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll.
CVE-2025-38267High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the w…
CVE-2025-38250High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro.
CVE-2025-38248High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides.
CVE-2025-38340High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(), because the source string length was…
CVE-2025-38330High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets().
CVE-2025-38329High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) KASAN reported out of bounds access - cs_dsp_mock_wmfw_add_info(), because the source string lengt…
CVE-2025-38292High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb.
CVE-2025-38343Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames.
CVE-2025-38339Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is alloc…
CVE-2025-38333Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in get_new_segment() ------------[ cut here ]------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dc pc : new_curseg…
CVE-2025-38327Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable function_graph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is net enabled, it incorrectly…
CVE-2025-38325Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdirect.
CVE-2025-38321Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move the dentries to a separate list to dput() them once th…
CVE-2025-38318Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL.
CVE-2025-38316Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() The function mt7996_set_monitor() dereferences phy before the NULL sanity check.
CVE-2025-38315Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just start there instead of querying the EFI variabl…
CVE-2025-38314Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes larger than the actual resu…
CVE-2025-38311Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock.
CVE-2025-38309Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(), however during vm creation we can call this on the error path, b…
CVE-2025-38308Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified before being used.
CVE-2025-38307Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length.
CVE-2025-38303Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eir_create_adv_data eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER without checking if that would fit.
CVE-2025-38302Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Bios queued up in the zone write plug have already gone through all all preparation in the submit_b…
CVE-2025-38301Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: unbreak driver after cleanup Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer…
CVE-2025-38299Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() ETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(), in the case the codec dai_name will be null.
CVE-2025-38297Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix potential division-by-zero error in em_compute_costs() When the device is of a non-CPU type, table[i].performance won't be initialized in the previous em_ini…
CVE-2025-38296Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ACPI: platform_profile: Avoid initializing on non-ACPI platforms The platform profile driver is loaded even on platforms that do not have ACPI enabled.
CVE-2025-38294Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12k_mac_assign_vif_to_vdev() fails, the radio handle (ar) gets accessed from the link…
CVE-2025-38291Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash Currently, we encounter the following kernel call trace when a firmware crash occurs.
CVE-2025-38290Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath12k_core_halt() only reinitializes the "arvifs" list head.
CVE-2025-38287Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cm_id has advanced to another message.
CVE-2025-38284Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface.
CVE-2025-38283Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device data mi…
CVE-2025-38281Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt7996_thermal_init() is not c…
CVE-2025-38278Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback This patch addresses below issues, 1.
CVE-2025-38276Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanning entries") introduced a new function…
CVE-2025-38274Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not ch…
CVE-2025-38272Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected.
CVE-2025-38271Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnl_create_link() At the time rtnl_create_link() is running, dev->netdev_ops is NULL, we must not use netdev_lock_ops() or risk a NULL dere…
CVE-2025-38269Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() whi…
CVE-2025-38268Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the Display…
CVE-2025-38266Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses") introduced a…
CVE-2025-38265Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash.
CVE-2025-38264Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a…
CVE-2025-38261Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution's SR_SUM state is saved and the new thread has the old SR…
CVE-2025-38258Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without…
CVE-2025-38256Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71!
CVE-2025-38255Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kern…
CVE-2025-38254Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add sanity checks for drm_edid_raw() When EDID is retrieved via drm_edid_raw(), it doesn't guarantee to return proper EDID bytes the caller wants: it ma…
CVE-2025-38253Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacom_aes_battery_handler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity") introduced wacom_aes_battery_h…
CVE-2025-38252Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragile assumptions that can lead to crashes: 1/ It assumes t…
CVE-2025-38247Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does require finish_mount_kattr() to release ->mnt_userns.
CVE-2025-38246Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT feature in production: [56251.579676] list_add corruption.
CVE-2025-38244Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock order and prevent the following deadlock fr…
CVE-2025-38243Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error…
CVE-2025-38241Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always > /sys/kernel/mm/transparent_hugepage…
CVE-2025-38238Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them.
CVE-2025-38306Medium4.72025-07-10In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks.
CVE-2025-38242Medium4.72025-07-09In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c5…

Debian · 45 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-38348High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and gen…
CVE-2025-38346High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d021…
CVE-2025-38323High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[].
CVE-2025-38313High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev var…
CVE-2025-38298High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), if unload only i10nm_edac, then reload it and perform…
CVE-2025-38280High7.82025-07-10In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/…
CVE-2025-38259High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset…
CVE-2025-38257High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an i…
CVE-2025-38245High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
CVE-2025-38239High7.82025-07-09In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msi…
CVE-2025-38236High7.82025-07-08In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs.
CVE-2025-38342High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value require…
CVE-2025-38320High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() KASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth().
CVE-2025-38286High7.12025-07-10In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it.
CVE-2025-38249High7.12025-07-09In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used dir…
CVE-2025-38347Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds.
CVE-2025-38345Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot c…
CVE-2025-38344Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Insti…
CVE-2025-38337Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_abort…
CVE-2025-38336Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of wh…
CVE-2025-38335Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event()…
CVE-2025-38334Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage.
CVE-2025-38332Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct…
CVE-2025-38331Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to also process non-segmented TCP frames: we pass the skb->len to the "T…
CVE-2025-38328Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc…
CVE-2025-38326Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target.
CVE-2025-38324Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
CVE-2025-38322Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for a…
CVE-2025-38319Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_tab…
CVE-2025-38312Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when m…
CVE-2025-38310Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length.
CVE-2025-38305Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() There is no disagreement that we should check both ptp->is_virtual_clock and ptp->n_vclocks to check if the…
CVE-2025-38304Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry…
CVE-2025-38300Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg()…
CVE-2025-38293Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head.
CVE-2025-38285Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/tra…
CVE-2025-38282Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak…
CVE-2025-38277Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized.
CVE-2025-38275Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings.
CVE-2025-38273Medium5.52025-07-10In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (r…
CVE-2025-38263Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1.
CVE-2025-38262Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur.
CVE-2025-38260Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG] There is syzbot based reproducer that can crash the kernel, with the following call trace: (With some…
CVE-2025-38251Medium5.52025-07-09In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb.
CVE-2025-38237Medium5.52025-07-08In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() In fimc_is_hw_change_mode(), the function changes camera modes without waiting for hardwa…

Jenkins · 31 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53652High8.22025-07-09Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values…
CVE-2025-53650High7.32025-07-09Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
CVE-2025-53742Medium6.52025-07-09Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins contr…
CVE-2025-53678Medium6.52025-07-09Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
CVE-2025-53676Medium6.52025-07-09Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
CVE-2025-53675Medium6.52025-07-09Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file…
CVE-2025-53673Medium6.52025-07-09Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller…
CVE-2025-53672Medium6.52025-07-09Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
CVE-2025-53671Medium6.52025-07-09Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53670Medium6.52025-07-09Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission…
CVE-2025-53668Medium6.52025-07-09Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file…
CVE-2025-53666Medium6.52025-07-09Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller fi…
CVE-2025-53664Medium6.52025-07-09Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to…
CVE-2025-53663Medium6.52025-07-09Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the…
CVE-2025-53662Medium6.52025-07-09Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkin…
CVE-2025-53659Medium6.52025-07-09Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the J…
CVE-2025-53656Medium6.52025-07-09Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended R…
CVE-2025-53654Medium6.52025-07-09Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
CVE-2025-53651Medium6.32025-07-09Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the bui…
CVE-2025-53658Medium5.42025-07-09Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2025-53743Medium5.32025-07-09Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53677Medium5.32025-07-09Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it.
CVE-2025-53674Medium5.32025-07-09Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it.
CVE-2025-53667Medium5.32025-07-09Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53655Medium5.32025-07-09Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
CVE-2025-53669Medium4.32025-07-09Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53665Medium4.32025-07-09Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53661Medium4.32025-07-09Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53660Medium4.32025-07-09Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53657Medium4.32025-07-09Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53653Medium4.32025-07-09Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the…

Campcodes · 29 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7457High7.32025-07-11A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0.
CVE-2025-7456High7.32025-07-11A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0.
CVE-2025-7455High7.32025-07-11A vulnerability classified as critical was found in Campcodes Online Movie Theater Seat Reservation System 1.0.
CVE-2025-7454High7.32025-07-11A vulnerability classified as critical has been found in Campcodes Online Movie Theater Seat Reservation System 1.0.
CVE-2025-7436High7.32025-07-11A vulnerability was found in Campcodes Online Recruitment Management System 1.0.
CVE-2025-7220High7.32025-07-09A vulnerability was found in Campcodes Payroll Management System 1.0.
CVE-2025-7219High7.32025-07-09A vulnerability was found in Campcodes Payroll Management System 1.0.
CVE-2025-7218High7.32025-07-09A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical.
CVE-2025-7217High7.32025-07-09A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical.
CVE-2025-7183High7.32025-07-08A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical.
CVE-2025-7165High7.32025-07-08A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical.
CVE-2025-7164High7.32025-07-08A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical.
CVE-2025-7136High7.32025-07-07A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0.
CVE-2025-7135High7.32025-07-07A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0.
CVE-2025-7134High7.32025-07-07A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0.
CVE-2025-7132High7.32025-07-07A vulnerability was found in Campcodes Payroll Management System 1.0.
CVE-2025-7131High7.32025-07-07A vulnerability was found in Campcodes Payroll Management System 1.0.
CVE-2025-7130High7.32025-07-07A vulnerability was found in Campcodes Payroll Management System 1.0.
CVE-2025-7129High7.32025-07-07A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical.
CVE-2025-7128High7.32025-07-07A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical.
CVE-2025-7122High7.32025-07-07A vulnerability was found in Campcodes Complaint Management System 1.0.
CVE-2025-7120High7.32025-07-07A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical.
CVE-2025-7119High7.32025-07-07A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical.
CVE-2025-7152Medium6.32025-07-08A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0.
CVE-2025-7151Medium6.32025-07-07A vulnerability was found in Campcodes Advanced Online Voting System 1.0.
CVE-2025-7150Medium6.32025-07-07A vulnerability was found in Campcodes Advanced Online Voting System 1.0.
CVE-2025-7149Medium6.32025-07-07A vulnerability was found in Campcodes Advanced Online Voting System 1.0.
CVE-2025-7121Medium6.32025-07-07A vulnerability was found in Campcodes Complaint Management System 1.0.
CVE-2025-7123Medium4.72025-07-07A vulnerability was found in Campcodes Complaint Management System 1.0.

N/a · 27 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-45065Critical9.82025-07-07employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.
CVE-2025-43933Critical9.82025-07-07fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
CVE-2025-43932Critical9.82025-07-07JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
CVE-2025-43931Critical9.82025-07-07flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
CVE-2025-43930Critical9.82025-07-07Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
CVE-2025-47202Critical9.12025-07-07In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads…
CVE-2025-52089High8.82025-07-11A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
CVE-2025-44177High8.22025-07-09A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint.
CVE-2025-44251High7.52025-07-10Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
CVE-2025-53645High7.52025-07-09Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console.
CVE-2025-52364High7.52025-07-09Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh.
CVE-2025-47422High7.52025-07-08Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability.
CVE-2025-52492High7.52025-07-07A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6.
CVE-2025-26780High7.52025-07-07An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400.
CVE-2023-51232High7.52025-07-07Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint.
CVE-2021-27961Medium6.52025-07-09evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.
CVE-2025-44525Medium6.52025-07-09Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets.
CVE-2025-44526Medium6.52025-07-09Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets.
CVE-2025-29267Medium6.52025-07-08SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.
CVE-2025-45662Medium6.12025-07-10A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVE-2024-36697Medium6.12025-07-10A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp.
CVE-2024-37658Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
CVE-2024-37657Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
CVE-2024-37656Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
CVE-2025-49604Medium5.42025-07-09For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03.
CVE-2025-52357Medium4.12025-07-09Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s w…
CVE-2025-51591Low3.72025-07-11A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

Qualcomm · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21450Critical9.12025-07-08Cryptographic issue occurs due to use of insecure connection method while downloading.
CVE-2025-21427High8.22025-07-08Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2025-27061High7.82025-07-08Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-27058High7.82025-07-08Memory corruption while processing packet data with exceedingly large packet.
CVE-2025-27056High7.82025-07-08Memory corruption during sub-system restart while processing clean-up to free up resources.
CVE-2025-27055High7.82025-07-08Memory corruption during the image encoding process.
CVE-2025-27052High7.82025-07-08Memory corruption while processing data packets in diag received from Unix clients.
CVE-2025-27051High7.82025-07-08Memory corruption while processing command message in WLAN Host.
CVE-2025-27050High7.82025-07-08Memory corruption while processing event close when client process terminates abruptly.
CVE-2025-27047High7.82025-07-08Memory corruption while processing the TESTPATTERNCONFIG escape path.
CVE-2025-27046High7.82025-07-08Memory corruption while processing multiple simultaneous escape calls.
CVE-2025-27044High7.82025-07-08Memory corruption while executing timestamp video decode command with large input values.
CVE-2025-27043High7.82025-07-08Memory corruption while processing manipulated payload in video firmware.
CVE-2025-27042High7.82025-07-08Memory corruption while processing video packets received from video firmware.
CVE-2025-21466High7.82025-07-08Memory corruption while processing a private escape command in an event trigger.
CVE-2025-21445High7.82025-07-08Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.
CVE-2025-21444High7.82025-07-08Memory corruption while copying the result to the transmission queue in EMAC.
CVE-2025-21432High7.82025-07-08Memory corruption while retrieving the CBOR data from TA.
CVE-2025-27057High7.52025-07-08Transient DOS while handling beacon frames with invalid IE header length.
CVE-2025-21454High7.52025-07-08Transient DOS while processing received beacon frame.
CVE-2025-21449High7.52025-07-08Transient DOS may occur while processing malformed length field in SSID IEs.
CVE-2025-21446High7.52025-07-08Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
CVE-2025-21422High7.12025-07-08Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
CVE-2025-21426Medium6.62025-07-08Memory corruption while processing camera TPG write request.
CVE-2025-21433Medium6.22025-07-08Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.
CVE-2024-53009Medium5.32025-07-08Memory corruption while operating the mailbox in Automotive.

Adobe · 25 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49533Critical9.82025-07-08Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker.
CVE-2025-27203Critical9.62025-07-08Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker.
CVE-2025-49535Critical9.32025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass.
CVE-2025-49551High8.82025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation.
CVE-2025-49537High7.92025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-priv…
CVE-2025-43582High7.82025-07-08Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged.
CVE-2025-21166High7.82025-07-08Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21165High7.82025-07-08Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21164High7.82025-07-08Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49538High7.42025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read.
CVE-2025-49536High7.32025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2025-49544Medium6.82025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass.
CVE-2025-49545Medium6.22025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
CVE-2025-43584Medium5.52025-07-08Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-43583Medium5.52025-07-08Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-21168Medium5.52025-07-08Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-21167Medium5.52025-07-08Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49547Medium5.42025-07-08Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-49534Medium5.42025-07-08Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-49542Medium5.22025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-49539Medium4.52025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass.
CVE-2025-49543Medium4.32025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-49541Medium4.32025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-49540Medium4.32025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-49546Low2.42025-07-08ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service.

Sap_se · 25 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-42967Critical9.92025-07-08SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability.
CVE-2025-42980Critical9.12025-07-08SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and ava…
CVE-2025-42966Critical9.12025-07-08SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object.
CVE-2025-42964Critical9.12025-07-08SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability…
CVE-2025-42963Critical9.12025-07-08A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization.
CVE-2025-42959High8.12025-07-08An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system.
CVE-2025-42953High8.12025-07-08SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2025-42952High7.72025-07-08SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable.
CVE-2025-43001Medium6.92025-07-08SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation.
CVE-2025-42992Medium6.92025-07-08SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR.
CVE-2025-42985Medium6.12025-07-08Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser.
CVE-2025-42981Medium6.12025-07-08Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized.
CVE-2025-42969Medium6.12025-07-08SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL.
CVE-2025-42962Medium6.12025-07-08SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link.
CVE-2025-42970Medium5.82025-07-08SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives.
CVE-2025-42979Medium5.62025-07-08The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC.
CVE-2025-42973Medium5.42025-07-08Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports.
CVE-2025-42961Medium4.92025-07-08Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables.
CVE-2025-42974Medium4.32025-07-08Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module.
CVE-2025-42960Medium4.32025-07-08SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks.
CVE-2025-42965Medium4.12025-07-08SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration.
CVE-2025-31326Medium4.12025-07-08SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields.
CVE-2025-42971Medium4.02025-07-08A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives.
CVE-2025-42978Low3.52025-07-08The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certifi…
CVE-2025-42954Low2.72025-07-08SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation…

Code-projects · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7199High7.32025-07-08A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0.
CVE-2025-7191High7.32025-07-08A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical.
CVE-2025-7185High7.32025-07-08A vulnerability was found in code-projects Library System 1.0.
CVE-2025-7184High7.32025-07-08A vulnerability was found in code-projects Library System 1.0.
CVE-2025-7179High7.32025-07-08A vulnerability classified as critical was found in code-projects Library System 1.0.
CVE-2025-7178High7.32025-07-08A vulnerability classified as critical has been found in code-projects Food Distributor Site 1.0.
CVE-2025-7174High7.32025-07-08A vulnerability was found in code-projects Library System 1.0 and classified as critical.
CVE-2025-7173High7.32025-07-08A vulnerability has been found in code-projects Library System 1.0 and classified as critical.
CVE-2025-7172High7.32025-07-08A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0.
CVE-2025-7171High7.32025-07-08A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0.
CVE-2025-7170High7.32025-07-08A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0.
CVE-2025-7169High7.32025-07-08A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0.
CVE-2025-7168High7.32025-07-08A vulnerability was found in code-projects Crime Reporting System 1.0.
CVE-2025-7413Medium6.32025-07-10A vulnerability classified as critical has been found in code-projects Library System 1.0.
CVE-2025-7412Medium6.32025-07-10A vulnerability was found in code-projects Library System 1.0.
CVE-2025-7210Medium6.32025-07-09A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical.
CVE-2025-7190Medium6.32025-07-08A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0.
CVE-2025-7189Medium6.32025-07-08A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0.
CVE-2025-7188Medium6.32025-07-08A vulnerability classified as critical was found in code-projects Chat System 1.0.
CVE-2025-7187Medium6.32025-07-08A vulnerability classified as critical has been found in code-projects Chat System 1.0.
CVE-2025-7186Medium6.32025-07-08A vulnerability was found in code-projects Chat System 1.0.
CVE-2025-7175Medium6.32025-07-08A vulnerability was found in code-projects E-Commerce Site 1.0.
CVE-2025-7167Medium6.32025-07-08A vulnerability was found in code-projects Responsive Blog Site 1.0.
CVE-2025-7166Medium6.32025-07-08A vulnerability was found in code-projects Responsive Blog Site 1.0.

Juniper · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52950Critical9.62025-07-11A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
CVE-2025-52954High7.82025-07-11A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise.
CVE-2025-52981High7.52025-07-11An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3 allows an unauthenticat…
CVE-2025-52980High7.52025-07-11A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-52946High7.52025-07-11A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, res…
CVE-2025-30661High7.32025-07-11An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalati…
CVE-2025-52983High7.22025-07-11A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.
CVE-2025-52988Medium6.72025-07-11An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges…
CVE-2025-6549Medium6.52025-07-11An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web).
CVE-2025-52964Medium6.52025-07-11A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2025-52955Medium6.52025-07-11An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash…
CVE-2025-52953Medium6.52025-07-11An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset…
CVE-2025-52952Medium6.52025-07-11An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed…
CVE-2025-52949Medium6.52025-07-11An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to…
CVE-2025-52947Medium6.52025-07-11An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an i…
CVE-2025-52984Medium5.92025-07-11A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device.
CVE-2025-52982Medium5.92025-07-11An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-52948Medium5.92025-07-11An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system…
CVE-2025-52951Medium5.82025-07-11A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface.
CVE-2025-52986Medium5.52025-07-11A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the dev…
CVE-2025-52963Medium5.52025-07-11An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service.
CVE-2025-52985Medium5.32025-07-11A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.
CVE-2025-52958Medium5.32025-07-11A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved…
CVE-2025-52989Medium5.12025-07-11An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.

Huawei · 21 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53169High7.62025-07-07Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2025-53167Medium6.92025-07-07Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-53185Medium6.62025-07-07Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2025-53184Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53183Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53182Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53181Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53180Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53179Medium6.52025-07-07Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53186Medium5.92025-07-07Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-53168Medium5.72025-07-07Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2025-53173Medium5.32025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53178Medium4.82025-07-07Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
CVE-2025-53175Medium4.02025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53174Medium4.02025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53172Medium4.02025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53171Medium4.02025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53170Medium4.02025-07-07Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2024-58117Medium4.02025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53177Low3.92025-07-07Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.
CVE-2025-53176Low3.32025-07-07Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Siemens · 18 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40736Critical9.82025-07-08A vulnerability has been identified in SINEC NMS (All versions < V4.0).
CVE-2025-41224High8.82025-07-08A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0…
CVE-2025-40738High8.82025-07-08A vulnerability has been identified in SINEC NMS (All versions < V4.0).
CVE-2025-40737High8.82025-07-08A vulnerability has been identified in SINEC NMS (All versions < V4.0).
CVE-2025-40735High8.82025-07-08A vulnerability has been identified in SINEC NMS (All versions < V4.0).
CVE-2024-31854High8.12025-07-08A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11).
CVE-2024-31853High8.12025-07-08A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11).
CVE-2025-40741High7.82025-07-08A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5).
CVE-2025-40740High7.82025-07-08A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5).
CVE-2025-40739High7.82025-07-08A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5).
CVE-2025-23365High7.82025-07-08A vulnerability has been identified in TIA Administrator (All versions < V3.0.6).
CVE-2023-52236High7.02025-07-08A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
CVE-2025-40593Medium6.52025-07-08A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0).
CVE-2025-23364Medium6.22025-07-08A vulnerability has been identified in TIA Administrator (All versions < V3.0.6).
CVE-2025-41222Medium5.32025-07-08A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
CVE-2025-40742Medium5.32025-07-08A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP…
CVE-2025-41223Medium4.82025-07-08A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
CVE-2025-27127Medium4.32025-07-08A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Porta…

Wikimedia Foundation · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53499Critical9.12025-07-07Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
CVE-2025-53495Critical9.12025-07-07Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
CVE-2025-7056Medium6.32025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - UrlShortener Extension allows Stored XSS.This issue affects Mediawiki - UrlShortener Extension: f…
CVE-2025-53488Medium6.12025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - WikiHiero Extension allows Stored XSS.This issue affects Mediawiki - WikiHiero Extension: from 1…
CVE-2025-7363Medium5.42025-07-08The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function.
CVE-2025-7362Medium5.42025-07-08The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization.
CVE-2025-53479Medium5.42025-07-08The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message.
CVE-2025-53480Medium5.42025-07-08The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping.
CVE-2025-53496Medium5.42025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch Extension: fro…
CVE-2025-53478Medium5.42025-07-07The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab.
CVE-2025-53497Medium5.42025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension allows Stored XSS.This issue affects Mediawiki - RelatedArticles Extens…
CVE-2025-53491Medium5.42025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FlaggedRev…
CVE-2025-7057Medium5.42025-07-07Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz Extension: from 1.39.X befor…
CVE-2025-53487Medium5.42025-07-07The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping.
CVE-2025-53486Medium5.42025-07-07The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping.
CVE-2025-53498Medium5.32025-07-07Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

Marvell · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6802Critical9.82025-07-07Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability.
CVE-2025-6794Critical9.82025-07-07Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability.
CVE-2025-6793Critical9.42025-07-07Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability.
CVE-2025-6805Critical9.12025-07-07Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability.
CVE-2025-6798Critical9.12025-07-07Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability.
CVE-2025-6807High7.52025-07-07Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6806High7.52025-07-07Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability.
CVE-2025-6804High7.52025-07-07Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6803High7.52025-07-07Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6801High7.52025-07-07Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability.
CVE-2025-6800High7.52025-07-07Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6799High7.52025-07-07Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6797High7.52025-07-07Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6796High7.52025-07-07Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability.
CVE-2025-6795High7.52025-07-07Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability.

Samsung · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21006High7.02025-07-08Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.
CVE-2025-20983Medium6.42025-07-08Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-20982Medium6.42025-07-08Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-21004Medium6.22025-07-08Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
CVE-2025-21002Medium6.22025-07-08Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
CVE-2025-21001Medium6.22025-07-08Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.
CVE-2025-21000Medium6.22025-07-08Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.
CVE-2025-20997Medium6.22025-07-08Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.
CVE-2025-21009Medium5.52025-07-08Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-21008Medium5.52025-07-08Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-21007Medium5.52025-07-08Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-21005Medium5.52025-07-08Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.
CVE-2025-20998Medium5.52025-07-08Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.
CVE-2025-20999Medium4.12025-07-08Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
CVE-2025-21003Medium4.02025-07-08Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.

Mediatek · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20684Critical9.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20683Critical9.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20682Critical9.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20681Critical9.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20680Critical9.82025-07-08In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20686High8.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20685High8.82025-07-08In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20692Medium5.52025-07-08In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-20691Medium5.52025-07-08In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-20690Medium5.52025-07-08In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-20689Medium5.52025-07-08In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-20688Medium5.52025-07-08In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-20687Medium5.52025-07-08In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check.

Phoenix Contact · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25270Critical9.82025-07-08An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVE-2025-41668High8.82025-07-08A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
CVE-2025-41667High8.82025-07-08A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
CVE-2025-41666High8.82025-07-08A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.
CVE-2025-25271High8.82025-07-08An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVE-2025-25268High8.82025-07-08An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVE-2025-25269High8.42025-07-08An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVE-2025-24003High8.22025-07-08An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service…
CVE-2025-24006High7.82025-07-08A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVE-2025-24005High7.82025-07-08A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVE-2025-41665Medium6.52025-07-08An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.
CVE-2025-24002Medium5.32025-07-08An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
CVE-2025-24004Medium5.22025-07-08A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got r…

Apache · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23048Critical9.12025-07-10In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.
CVE-2025-53506High7.52025-07-10Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.
CVE-2025-52520High7.52025-07-10For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.
CVE-2025-52434High7.52025-07-10Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector.
CVE-2025-53020High7.52025-07-10Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.
CVE-2025-49630High7.52025-07-10In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.
CVE-2024-47252High7.52025-07-10Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.
CVE-2024-43204High7.52025-07-10SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request…
CVE-2024-42516High7.52025-07-10HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.
CVE-2025-49812High7.42025-07-10In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.
CVE-2025-48924Medium5.32025-07-11Uncontrolled Recursion vulnerability in Apache Commons Lang.

Ivanti · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6996High8.42025-07-08Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
CVE-2025-6995High8.42025-07-08Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
CVE-2025-6771High7.22025-07-08OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVE-2025-7037High7.22025-07-08SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
CVE-2025-6770High7.22025-07-08OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVE-2025-0293Medium6.62025-07-08CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
CVE-2025-5464Medium6.52025-07-08Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
CVE-2025-5450Medium6.32025-07-08Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings…
CVE-2025-0292Medium5.52025-07-08SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVE-2025-5463Medium5.52025-07-08Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
CVE-2025-5451Medium4.92025-07-08A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

Quiter · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40717Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40716Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40715Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40714Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40713Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40712Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40711Critical9.82025-07-08SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40718High7.52025-07-08Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40720Medium6.12025-07-08Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40719Medium6.12025-07-08Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
CVE-2025-40721Medium5.42025-07-08Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.

Tenda · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7434High8.82025-07-11A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical.
CVE-2025-7423High8.82025-07-11A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7422High8.82025-07-11A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7421High8.82025-07-11A vulnerability was found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7420High8.82025-07-11A vulnerability was found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7419High8.82025-07-10A vulnerability was found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7418High8.82025-07-10A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical.
CVE-2025-7417High8.82025-07-10A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical.
CVE-2025-7416High8.82025-07-10A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7415Medium6.32025-07-10A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880).
CVE-2025-7414Medium6.32025-07-10A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880).

Advantech · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53515High8.82025-07-11A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap().
CVE-2025-53475High8.82025-07-11A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage().
CVE-2025-52577High8.82025-07-11A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange().
CVE-2025-48891High7.62025-07-11A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function.
CVE-2025-53509Medium6.52025-07-11A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase().
CVE-2025-52459Medium6.52025-07-11A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase().
CVE-2025-53519Medium5.42025-07-11A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack.
CVE-2025-53397Medium5.42025-07-11A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack.
CVE-2025-41442Medium5.42025-07-11A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack.
CVE-2025-46704Medium4.32025-07-11A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack.

Anisha · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7459High7.32025-07-11A vulnerability classified as critical was found in code-projects Mobile Shop 1.0.
CVE-2025-7411High7.32025-07-10A vulnerability was found in code-projects LifeStyle Store 1.0.
CVE-2025-7410High7.32025-07-10A vulnerability was found in code-projects LifeStyle Store 1.0.
CVE-2025-7409High7.32025-07-10A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical.
CVE-2025-7211High7.32025-07-09A vulnerability was found in code-projects LifeStyle Store 1.0.
CVE-2025-7198High7.32025-07-08A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0.
CVE-2025-7197High7.32025-07-08A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0.
CVE-2025-7196High7.32025-07-08A vulnerability was found in code-projects Jonnys Liquor 1.0.
CVE-2025-7157High7.32025-07-08A vulnerability was found in code-projects Online Note Sharing 1.0.
CVE-2025-7124Medium6.32025-07-07A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0.

Ibm · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36014High8.22025-07-07IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
CVE-2024-56468High7.52025-07-08IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.
CVE-2024-39752Medium6.82025-07-10IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content.
CVE-2024-38327Medium6.82025-07-10IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.
CVE-2025-1351Medium6.72025-07-07IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
CVE-2025-3631Medium6.52025-07-11An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
CVE-2024-43190Medium5.92025-07-07IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
CVE-2024-37524Medium5.32025-07-10IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
CVE-2025-36090Medium4.32025-07-10IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical e…
CVE-2025-2670Medium4.32025-07-09IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages.

Phpgurukul · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7176High7.32025-07-08A vulnerability was found in PHPGurukul Hospital Management System 1.0.
CVE-2025-7160High7.32025-07-08A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7155High7.32025-07-08A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0.
CVE-2025-7163Medium6.32025-07-08A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7162Medium6.32025-07-08A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7161Medium6.32025-07-08A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7159Medium6.32025-07-08A vulnerability was found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7158Medium6.32025-07-08A vulnerability was found in PHPGurukul Zoo Management System 2.1.
CVE-2025-7177Medium4.72025-07-08A vulnerability was found in PHPGurukul Car Washing Management System 1.0.

Mayurik · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7138Medium6.32025-07-07A vulnerability was found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7137Medium6.32025-07-07A vulnerability was found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7144Low2.42025-07-07A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic.
CVE-2025-7143Low2.42025-07-07A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7142Low2.42025-07-07A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7141Low2.42025-07-07A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7140Low2.42025-07-07A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0.
CVE-2025-7139Low2.42025-07-07A vulnerability was found in SourceCodester Best Salon Management System 1.0.

Splunk · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20319Medium6.82025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to imprope…
CVE-2025-20321Medium6.52025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could chang…
CVE-2025-20320Medium6.32025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could c…
CVE-2025-20324Medium5.42025-07-07In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could c…
CVE-2025-20323Medium4.32025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver applicat…
CVE-2025-20322Medium4.32025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that…
CVE-2025-20300Medium4.32025-07-07In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has…
CVE-2025-20325Low3.12025-07-07In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://he…

Labredescefetrj · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53529Critical9.82025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53527Critical9.82025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53531High7.52025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53530High7.52025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53526Medium6.12025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53525Medium6.12025-07-07WeGIA is a web manager for charitable institutions.
CVE-2025-53377Medium6.12025-07-07WeGIA is a web manager for charitable institutions.

Llamaindex · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6209High7.52025-07-07A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`.
CVE-2025-3225High7.52025-07-07An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21.
CVE-2025-3046High7.52025-07-07A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links.
CVE-2025-6211Medium6.52025-07-10A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks.
CVE-2025-5472Medium6.52025-07-07The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing.
CVE-2025-6210Medium6.22025-07-07A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal.
CVE-2025-3044Medium5.32025-07-07A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers.

Schneider Electric · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-67882025-07-11A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
CVE-2025-501252025-07-11A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
CVE-2025-501242025-07-11A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script.
CVE-2025-501232025-07-11A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname…
CVE-2025-501222025-07-11A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
CVE-2025-501212025-07-11A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP…
CVE-2025-64382025-07-11A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is acces…

Honeywell · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2523Critical9.42025-07-10The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA).
CVE-2025-2521High8.62025-07-10The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA).
CVE-2025-3947High8.22025-07-10The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA).
CVE-2025-3946High8.22025-07-10The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA).
CVE-2025-2520High7.52025-07-10The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications.
CVE-2025-2522Medium6.52025-07-10The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA).

Boyuncms_project · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7103Medium6.32025-07-07A vulnerability was found in BoyunCMS up to 1.4.20.
CVE-2025-7102Medium6.32025-07-07A vulnerability was found in BoyunCMS up to 1.4.20.
CVE-2025-7101Medium6.32025-07-07A vulnerability was found in BoyunCMS up to 1.4.20.
CVE-2025-7100Medium6.32025-07-07A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical.
CVE-2025-7099Medium5.62025-07-07A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical.

Broadcom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24508Medium6.42025-07-07Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
CVE-2025-4663Medium4.92025-07-08An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-6392Medium4.42025-07-10Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands.
CVE-2025-6390Medium4.42025-07-10Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions.
CVE-2025-4662Medium4.42025-07-10Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file.

Emerson · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52579Critical9.42025-07-11Emerson ValveLink Products store sensitive information in cleartext in memory.
CVE-2025-50109High7.72025-07-11Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2025-46358High7.72025-07-11Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CVE-2025-53471Medium5.12025-07-11Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CVE-2025-48496Medium5.12025-07-11Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Huggingface · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3262High7.52025-07-07A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0.
CVE-2025-3933Medium5.32025-07-11A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method.
CVE-2025-3264Medium5.32025-07-07A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`.
CVE-2025-3263Medium5.32025-07-07A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module.
CVE-2025-3777Low3.52025-07-07Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file.

Mongodb · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6713High7.72025-07-07An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server.
CVE-2025-6714High7.52025-07-07MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data.
CVE-2025-7259Medium6.52025-07-07An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash.
CVE-2025-6712Medium6.52025-07-07MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash.
CVE-2025-6711Medium4.42025-07-07An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered.

Portabilis · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7113Low3.52025-07-07A vulnerability was found in Portabilis i-Educar 2.9.0.
CVE-2025-7112Low3.52025-07-07A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic.
CVE-2025-7111Low3.52025-07-07A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic.
CVE-2025-7110Low3.52025-07-07A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0.
CVE-2025-7109Low3.52025-07-07A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0.

Radiflow · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3499Critical10.02025-07-09The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086).
CVE-2025-3498Critical9.92025-07-09An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration.
CVE-2025-3497High8.72025-07-09The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024.
CVE-2025-27028Medium6.82025-07-09The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password…
CVE-2025-27027Medium4.12025-07-09A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands.

Red Hat · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7345High7.52025-07-08A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c).
CVE-2025-7365High7.12025-07-10A flaw was found in Keycloak.
CVE-2025-6395Medium6.52025-07-10A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
CVE-2025-53862Low3.52025-07-11A flaw was found in Ansible.
CVE-2025-53861Low3.12025-07-11A flaw was found in Ansible.

Zoom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46788High7.42025-07-10Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
CVE-2025-49464Medium6.52025-07-10Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.
CVE-2025-49463Medium6.52025-07-10Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-46789Medium6.52025-07-10Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.
CVE-2025-49462Low3.52025-07-10Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Amd · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36357Medium5.62025-07-08A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350Medium5.62025-07-08A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-36349Low3.82025-07-08A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
CVE-2024-36348Low3.82025-07-08A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

Axis · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30026Critical9.82025-07-11The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
CVE-2025-30023Critical9.02025-07-11The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
CVE-2025-30025High7.82025-07-11The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.
CVE-2025-30024Medium6.82025-07-11The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

Codeastro · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7147High7.32025-07-07A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical.
CVE-2025-7133Medium4.32025-07-07A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0.
CVE-2025-7153Low3.52025-07-08A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0.
CVE-2025-7148Low3.52025-07-07A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic.

Gigabyte · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7029High8.22025-07-11A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic.
CVE-2025-7027High8.22025-07-11A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function.
CVE-2025-7026High8.22025-07-11A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function.
CVE-2025-7028High7.82025-07-11A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values.

Gitlab · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6948High8.72025-07-10An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf…
CVE-2025-3396Medium4.32025-07-10An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipu…
CVE-2025-6168Low2.72025-07-10An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API req…
CVE-2025-4972Low2.72025-07-10An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by ma…

Gnu · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32990Medium6.52025-07-10A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility.
CVE-2025-32988Medium6.52025-07-10A flaw was found in GnuTLS.
CVE-2025-32989Medium5.32025-07-10A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing.
CVE-2025-45582Medium4.12025-07-11GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process.

Google · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20695Medium6.52025-07-08In Bluetooth FW, there is a possible system crash due to an uncaught exception.
CVE-2025-20694Medium6.52025-07-08In Bluetooth FW, there is a possible system crash due to an uncaught exception.
CVE-2025-20693Medium6.52025-07-08In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2025-6044Medium6.12025-07-07An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus wh…

J6t · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46334High8.62025-07-10Git GUI allows you to use the Git source control management tools via a GUI.
CVE-2025-27614High8.62025-07-10Gitk is a Tcl/Tk based Git history browser.
CVE-2025-46835High8.52025-07-10Git GUI allows you to use the Git source control management tools via a GUI.
CVE-2025-27613Low3.62025-07-10Gitk is a Tcl/Tk based Git history browser.

Wftpserver · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47812Critical10.0KEV2025-07-10In Wing FTP Server before 7.4.4.
CVE-2025-47813Medium4.3KEV2025-07-10loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
CVE-2025-47811Medium4.12025-07-10In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default.
CVE-2025-27889Low3.42025-07-10Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link.

Xtemos · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6746High8.82025-07-08The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute.
CVE-2025-6744High7.32025-07-08The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3.
CVE-2025-6743Medium6.42025-07-08The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supp…
CVE-2025-6745Medium5.32025-07-11The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included.

Alteryx · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28244High8.82025-07-10Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
CVE-2025-28243High8.02025-07-10An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.
CVE-2025-28245Medium6.12025-07-10Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.

Canonical · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0928High8.82025-07-08In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions.
CVE-2025-53513High8.82025-07-08The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm.
CVE-2025-53512Medium6.52025-07-08The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

Clivedelacruz · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7126Medium6.32025-07-07A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0.
CVE-2025-7125Medium6.32025-07-07A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0.
CVE-2025-7127Medium4.72025-07-07A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0.

Ctfer-io · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53633Critical9.82025-07-10Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player.
CVE-2025-53632Critical9.12025-07-10Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player.
CVE-2025-53634High7.52025-07-10Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-7206Critical9.82025-07-09A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10.
CVE-2025-7194High8.82025-07-08A vulnerability was found in D-Link DI-500WF 17.04.10A1T.
CVE-2025-7192Medium6.32025-07-08A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical.

Dokploy · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53376High8.82025-07-07Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases.
CVE-2025-53375Medium6.52025-07-07Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases.
CVE-2025-53374Medium4.32025-07-07Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases.

Fnkvision · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7213Medium6.42025-07-09A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7.
CVE-2025-7215Low1.62025-07-09A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7.
CVE-2025-7214Low1.62025-07-09A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7.

Fortinet · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52965High7.22025-07-08A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8…
CVE-2024-55599Medium5.32025-07-08An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all ve…
CVE-2025-24474Low2.72025-07-08An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Clo…

Gallagher · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-35983Medium6.52025-07-10Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Con…
CVE-2025-46406Medium5.62025-07-10A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.
CVE-2025-44003Medium4.32025-07-10Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.

Luajit · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25176Critical9.82025-07-07LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
CVE-2024-25178Critical9.12025-07-07LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
CVE-2024-25177High7.52025-07-07LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

Meshtastic · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47065Medium6.52025-07-11Meshtastic is an open source mesh networking solution.
CVE-2025-24798Medium4.32025-07-10Meshtastic is an open source mesh networking solution.
CVE-2025-53637Medium4.12025-07-10Meshtastic is an open source mesh networking solution.

Mitsubishi Electric Corporation · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5023High7.12025-07-10Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the…
CVE-2025-5022Medium6.52025-07-10Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the un…
CVE-2025-5241Medium5.32025-07-11Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login wi…

Netweblogic · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6970High7.52025-07-09The Events Manager – Calendar, Bookings, Tickets, and more!
CVE-2025-6976Medium6.42025-07-09The Events Manager – Calendar, Bookings, Tickets, and more!
CVE-2025-6975Medium6.12025-07-09The Events Manager – Calendar, Bookings, Tickets, and more!

Palo Alto Networks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-01412025-07-09An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windo…
CVE-2025-01402025-07-09An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not…
CVE-2025-01392025-07-09An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.

Sap · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-42956Medium6.12025-07-08SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available.
CVE-2025-42968Medium5.02025-07-08SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or control…
CVE-2025-42986Medium4.32025-07-08Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information.

Utt · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7118High8.82025-07-07A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328.
CVE-2025-7117High8.82025-07-07A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328.
CVE-2025-7116High8.82025-07-07A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225.

9fans · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7208Medium5.52025-07-09A vulnerability was found in 9fans plan9port up to 9da5b44.
CVE-2025-7209Low3.32025-07-09A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic.

Apos37 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6851High7.22025-07-11The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function.
CVE-2025-6838Medium4.12025-07-11The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported.

Apple · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48384High8.0KEV2025-07-08Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals.
CVE-2025-31267Medium4.62025-07-10An authentication issue was addressed with improved state management.

Asustor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-73792025-07-09A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks.
CVE-2025-73782025-07-09An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM.

Autodesk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5040High7.82025-07-10A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability.
CVE-2025-5037High7.82025-07-10A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability.

Brainstormforce · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6691High8.12025-07-09The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7…
CVE-2025-6742High7.52025-07-09The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restr…

Carmelo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7180High7.32025-07-08A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0.
CVE-2025-7181Medium6.32025-07-08A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0.

Dell · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36600High8.22025-07-08Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component.
CVE-2025-36599Medium4.32025-07-09Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability.

Egroupware · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38329Medium6.12025-07-11An issue was discovered in eGroupWare 17.1.20190111.
CVE-2023-38327Medium5.32025-07-11An issue was discovered in eGroupWare 17.1.20190111.

Fooplugins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6068Medium6.42025-07-11The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versi…
CVE-2025-5537Medium6.42025-07-08The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and outp…

Frauscher · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3626Critical9.12025-07-07A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.
CVE-2025-3705Medium6.82025-07-07A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.

Git · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48386Medium6.32025-07-08Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals.
CVE-2025-483852025-07-08Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals.

Gnome · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7425High7.82025-07-10A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management.
CVE-2025-7424High7.52025-07-10A flaw was found in the libxslt library.

Hewlett Packard Enterprise (Hpe) · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-37103Critical9.82025-07-08Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication.
CVE-2025-37102High7.22025-07-08An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points.

Kibokolabs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6234Medium6.12025-07-10The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2025-6236Medium4.82025-07-10The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d…

Langgenius · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3466High7.22025-07-07langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions.
CVE-2025-3467Medium5.42025-07-07An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers.

Mescius · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6811Critical9.82025-07-07Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability.
CVE-2025-6810Critical9.82025-07-07Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability.

Nimesa · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48501Critical9.82025-07-07An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4.
CVE-2025-53473High7.32025-07-07Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.

Redis · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48367High7.52025-07-07Redis is an open source, in-memory database that persists on disk.
CVE-2025-32023High7.02025-07-07Redis is an open source, in-memory database that persists on disk.

Rockwell Automation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6377High7.82025-07-09A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object.
CVE-2025-6376High7.82025-07-09A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object.

Schiocco · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4855Critical9.82025-07-09The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0.
CVE-2025-4828Critical9.82025-07-09The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0.

Sim · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7114High7.32025-07-07A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b.
CVE-2025-7107Medium5.32025-07-07A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-7460High8.82025-07-11A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical.
CVE-2025-7154Medium6.32025-07-08A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216.

Trendmicro · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53503High7.82025-07-10Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-52837High7.82025-07-10Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any…

Yhirose · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53628High8.82025-07-10cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.
CVE-2025-53629High7.52025-07-10cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.

Aa-team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7401Critical9.82025-07-11The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versi…

Adonesevangelista · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7193High7.32025-07-08A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0.

Ahmed-elgaml11 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-533732025-07-07Natours is a Tour Booking API.

Alfonsograziano · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53372High7.52025-07-08node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript.

Angeljudesuarez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7212Medium6.32025-07-09A vulnerability was found in itsourcecode Insurance Management System up to 1.0.

Avimegladon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4593Medium6.52025-07-11The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode.

Ayecode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6200Medium5.92025-07-11The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and…

Better-auth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-535352025-07-07Better Auth is an authentication and authorization library for TypeScript.

Builderengine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-341002025-07-10An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin.

Citrix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6759High7.82025-07-08Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Clerk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53548High7.52025-07-09Clerk helps developers build user management.

Config_pages_viewer_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7031Medium5.32025-07-08Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.

Connect2id · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53864Medium5.82025-07-11Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion.

Connectwise · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7204Medium6.52025-07-09In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-6716Medium6.42025-07-11The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][…

Crypttech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-341022025-07-10A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities.

Dasinfomedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7442High7.52025-07-11The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_…

Dradisframework · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50458Low3.52025-07-10In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.

Drupal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7030Medium6.52025-07-08Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.1…

Educoder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-45479Critical9.82025-07-07Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container.

Efs Software Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340962025-07-10A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2.

End-of-train And Head-of-train Remote Linking Protocol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1727High8.12025-07-10The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation.

Eset, Spol. S.r.o · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50282025-07-11Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

Espressif · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-535402025-07-07arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers.

Facebook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30403High8.12025-07-11A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session.

Fastapi-guard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53539High7.52025-07-07FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts.

Flux159 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53355High7.52025-07-08MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it.

Frappe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-535452025-07-08Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).

Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50130High7.82025-07-08A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary…

Gavias · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43334High7.12025-07-07Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavias Zilom zilom allows Reflected XSS.This issue affects Zilom: from n/a through < 1.4.5.

Gb-plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5392Critical9.82025-07-11The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function.

Genetech Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340772025-07-09An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint.

Ggml-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-536302025-07-10llama.cpp is an inference of several LLM models in C/C++.

Giscus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53532Medium5.32025-07-07giscus is a commenting system powered by GitHub Discussions.

Gitroomhq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53641High8.22025-07-11Postiz is an AI social media scheduling tool.

Gstreamer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6663High7.82025-07-07GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.

Haxtheweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53642Medium4.82025-07-11haxcms-nodejs and haxcms-php are backends for HAXcms.

Helm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53547High8.52025-07-08Helm is a package manager for Charts for Kubernetes.

Hitsz-ids · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7156Medium6.32025-07-08A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical.

Hp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-43019High7.82025-07-08A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Immich-app · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-438562025-07-11immich is a high performance self-hosted photo and video management solution.

Itsourcecode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7182Medium4.32025-07-08A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic.

Jdegayojr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7059Medium6.42025-07-09The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping.

Jhenggao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7146High7.52025-07-08The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.

Kadencewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5678Medium6.42025-07-09The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input san…

Kestra-io · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53543Medium4.22025-07-07Kestra is an event-driven orchestration platform.

Kone-net · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7452Medium6.32025-07-11A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63.

Krishna9772 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7200Medium6.32025-07-08A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5.

Kubernetes-sigs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53542High7.72025-07-10Headlamp is an extensible Kubernetes web UI.

Lanacodes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7387Medium5.52025-07-10The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied a…

Letseeqiji · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7450Medium5.42025-07-11A vulnerability was found in letseeqiji gorobbs up to 1.0.8.

Libssh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5987High8.12025-07-07A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.

Linksys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2013-3307High8.32025-07-11Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

Livehelperchat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7435Low3.52025-07-11A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4.

Lty628 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7216High7.32025-07-09A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2.

Lunary · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4779Medium6.12025-07-07lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS).

Matrix-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-535492025-07-10The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust.

Mautic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7381Medium5.32025-07-09ImpactThis is an information disclosure vulnerability originating from PHP's base image.

Meowapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5570Medium5.42025-07-08The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping.

Meta Platforms, Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30402High8.12025-07-11A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects.

Miraheze · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53371Critical9.12025-07-10DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel.

Mpol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5807Medium6.12025-07-10The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping.

Mruby · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7207Low3.32025-07-09A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2.

Netgear · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7407Medium6.32025-07-10A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114.

Open-quantum-safe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52473Medium5.92025-07-10liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms.

Openai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7021Medium6.52025-07-10Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying…

Opentext™ · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-76502025-07-10Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion.

Osc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53636Medium5.42025-07-11Open OnDemand is an open-source HPC portal.

Palantir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53709Medium5.42025-07-10Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels.

Parisneo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6386High7.52025-07-07The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file.

Parse-community · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53364Medium5.32025-07-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

Pdfme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53626Medium6.12025-07-10pdfme is a TypeScript-based PDF generator and React-based UI.

Phpthumb Project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52994Medium4.92025-07-11gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value.

Polycom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340932025-07-10An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet.

Processmaker Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340972025-07-10An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives.

Pushpam02 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7408Low3.52025-07-10A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic.

Pyload · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-73462025-07-08Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages

Qwikdev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-536202025-07-09@builder.io/qwik-city is the meta-framework for Qwik.

Radiustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7327High8.82025-07-08The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter.

Rcatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5957Medium5.32025-07-08The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and incl…

Real Time Logic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340952025-07-10An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint.

Risesoft-y9 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7108Medium5.42025-07-07A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7.

Riverbed Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340982025-07-10A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface.

Roocode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53536High8.12025-07-07Roo Code is an AI-powered autonomous coding agent.

Rowboatlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7115High7.32025-07-07A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97.

Rssnext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53546Critical9.12025-07-09Folo organizes feeds content into one timeline.

Saltbo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7453Low3.72025-07-11A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2.

Servicenow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36482025-07-08A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization.

Serviio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-341012025-07-10An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423).

Shenzhen Liandian Communication Technology Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-75032025-07-11An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials.

Sur-fbd Cmms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39202025-07-07A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file.

Teamt5 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7145High7.22025-07-07ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gain…

The Qt Company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-59922025-07-11When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue aff…

Tomdever · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4406Medium5.42025-07-10The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping.

Tychesoftwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2942Medium4.32025-07-11The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Unattributed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6514Critical9.62025-07-09mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Universal-omega · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-536252025-07-10The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details.

Uxper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4606Critical9.82025-07-09The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4.

Vicidial Group · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-340992025-07-10An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration).

Wago · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41672Critical10.02025-07-07A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.

Wclovers · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3780Medium6.52025-07-09The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup functi…

Webbertakken · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53624Critical10.02025-07-09The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user.

Wpclever · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5530Medium6.42025-07-11The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and outpu…

Wpdeveloper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6244Medium6.42025-07-08The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and incl…