CVE Alert: CVE-2025-54236 – Adobe – Adobe Commerce
CVE-2025-54236 CRITICALExploitation active Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input...
Vulnerabilities
CVE Alert: CVE-2025-59287 – Microsoft – Windows Server 2019
CVE-2025-59287 CRITICALExploitation active Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over...
CVE Alert: CVE-2025-10861 – roxnor – Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
CVE-2025-10861 HIGHNo exploitation known The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is...
CVE Alert: CVE-2025-12028 – indieweb – IndieAuth
CVE-2025-12028 HIGHNo exploitation known The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,...
CVE Alert: CVE-2025-11504 – quickcreator – Quickcreator – AI Blog Writer
CVE-2025-11504 HIGHNo exploitation known The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in...
CVE Alert: CVE-2025-11889 – edgarrojas – AIO Forms – Craft Complex Forms Easily
CVE-2025-11889 HIGHNo exploitation known The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file...
CVE Alert: CVE-2025-59500 – Microsoft – Azure Notification Service
CVE-2025-59500 HIGHNo exploitation known Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a...
CVE Alert: CVE-2025-59273 – Microsoft – Azure Event Grid System
CVE-2025-59273 HIGHNo exploitation known Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a...
CVE Alert: CVE-2025-60341 – n/a – n/a
CVE-2025-60341 UnknownNo exploitation known Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in...
CVE Alert: CVE-2025-60338 – n/a – n/a
CVE-2025-60338 UnknownNo exploitation known Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in...
CVE Alert: CVE-2025-60342 – n/a – n/a
CVE-2025-60342 UnknownNo exploitation known Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in...
CVE Alert: CVE-2025-60337 – n/a – n/a
CVE-2025-60337 UnknownNo exploitation known Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in...
CVE Alert: CVE-2025-12105 – Red Hat – Red Hat Enterprise Linux 10
CVE-2025-12105 HIGHNo exploitation known A flaw was found in the asynchronous message queue handling of the libsoup library, widely used...
CVE Alert: CVE-2025-10914 – Proliz Software Ltd. Co. – OBS (Student Affairs Information System)
CVE-2025-10914 HIGHNo exploitation known Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software...
CVE Alert: CVE-2025-40778 – ISC – BIND 9
CVE-2025-40778 HIGHNo exploitation known Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to...
CVE Alert: CVE-2025-8677 – ISC – BIND 9
CVE-2025-8677 HIGHNo exploitation known Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to...
CVE Alert: CVE-2025-40780 – ISC – BIND 9
CVE-2025-40780 HIGHNo exploitation known In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is...
CVE Alert: CVE-2025-61932 – MOTEX Inc. – Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))
CVE-2025-61932 UnknownExploitation active Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming...
CVE Alert: CVE-2025-11086 – academylms – Academy LMS Pro
CVE-2025-11086 HIGHNo exploitation known The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable...
CVE Alert: CVE-2025-41722 – Sauter – modulo 6 devices modu680-AS
CVE-2025-41722 HIGHNo exploitation known The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated...
CVE Alert: CVE-2025-41724 – Sauter – modulo 6 devices modu680-AS
CVE-2025-41724 HIGHNo exploitation known An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process...
CVE Alert: CVE-2025-41719 – Sauter – modulo 6 devices modu680-AS
CVE-2025-41719 HIGHNo exploitation known A low privileged remote attacker can corrupt the webserver users storage on the device by setting...
CVE Alert: CVE-2025-61756 – Oracle Corporation – Oracle Financial Services Analytical Applications Infrastructure
CVE-2025-61756 HIGHNo exploitation known Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component:...
CVE Alert: CVE-2025-61763 – Oracle Corporation – Oracle Essbase
CVE-2025-61763 HIGHNo exploitation known Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0....
