Vulnerabilities

CVE Alert: CVE-2025-51859

July 24, 2025

Vulnerability Summary: CVE-2025-51859 Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can...

CVE Alert: CVE-2025-51864

July 24, 2025

Vulnerability Summary: CVE-2025-51864 A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to...

CVE Alert: CVE-2025-8015

July 23, 2025

Vulnerability Summary: CVE-2025-8015 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...

CVE Alert: CVE-2025-8018

July 23, 2025

Vulnerability Summary: CVE-2025-8018 A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical....

CVE Alert: CVE-2025-51863

July 23, 2025

Vulnerability Summary: CVE-2025-51863 Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary...

CVE Alert: CVE-2025-36520

July 23, 2025

Vulnerability Summary: CVE-2025-36520 A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1....

CVE Alert: CVE-2025-35966

July 23, 2025

Vulnerability Summary: CVE-2025-35966 A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1....

CVE Alert: CVE-2025-51463

July 23, 2025

Vulnerability Summary: CVE-2025-51463 Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's...

CVE Alert: CVE-2025-48498

July 23, 2025

Vulnerability Summary: CVE-2025-48498 A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing...

CVE Alert: CVE-2025-46354

July 23, 2025

Vulnerability Summary: CVE-2025-46354 A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1....

CVE Alert: CVE-2025-51480

July 23, 2025

Vulnerability Summary: CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted...

CVE Alert: CVE-2025-36512

July 23, 2025

Vulnerability Summary: CVE-2025-36512 A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction...

CVE Alert: CVE-2025-7371

July 23, 2025

Vulnerability Summary: CVE-2025-7371 Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an...

CVE Alert: CVE-2025-5042

July 23, 2025

Vulnerability Summary: CVE-2025-5042 A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A...

CVE Alert: CVE-2025-6523

July 23, 2025

Vulnerability Summary: CVE-2025-6523 Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass...

CVE Alert: CVE-2025-8019

July 23, 2025

Vulnerability Summary: CVE-2025-8019 A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected...

Vulnerability Summary: CVE-2025-51482 Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code...

CVE Alert: CVE-2025-48964

July 23, 2025

Vulnerability Summary: CVE-2025-48964 ping in iputils through 20240905 allows a denial of service (application error in adaptive ping mode or...

CVE Alert: CVE-2025-51464

July 23, 2025

Vulnerability Summary: CVE-2025-51464 Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers...

CVE Alert: CVE-2025-51481

July 23, 2025

Vulnerability Summary: CVE-2025-51481 Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to...

CVE Alert: CVE-2024-38335

July 23, 2025

Vulnerability Summary: CVE-2024-38335 IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a...

CVE Alert: CVE-2025-6741

July 23, 2025

Vulnerability Summary: CVE-2025-6741 Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized...

CVE Alert: CVE-2025-51459

July 23, 2025

Vulnerability Summary: CVE-2025-51459 File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via...

CVE Alert: CVE-2025-31511

July 23, 2025

Vulnerability Summary: CVE-2025-31511 An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user...

Vulnerabilities

CVE Alert: CVE-2025-51859

CVE Alert: CVE-2025-51864

CVE Alert: CVE-2025-8015

CVE Alert: CVE-2025-8018

CVE Alert: CVE-2025-51863

CVE Alert: CVE-2025-36520

CVE Alert: CVE-2025-35966

CVE Alert: CVE-2025-51463

CVE Alert: CVE-2025-48498

CVE Alert: CVE-2025-46354

CVE Alert: CVE-2025-51480

CVE Alert: CVE-2025-36512

CVE Alert: CVE-2025-7371

CVE Alert: CVE-2025-5042

CVE Alert: CVE-2025-6523

CVE Alert: CVE-2025-8019

CVE Alert: CVE-2025-51482

CVE Alert: CVE-2025-48964

CVE Alert: CVE-2025-51464

CVE Alert: CVE-2025-51481

CVE Alert: CVE-2024-38335

CVE Alert: CVE-2025-6741

CVE Alert: CVE-2025-51459

CVE Alert: CVE-2025-31511

HackerOne Bug Bounty Disclosure: stack-buffer-overflow-in-curl-cookie-parsing-leads-to-rce-batuhanilgarr

BugCrowd Bug Bounty Disclosure: P3 – Publicly Editable Google Docs Linked from NASA SnowEx PPT –

BugCrowd Bug Bounty Disclosure: P3 – Details of the collaboration between NASA and Inmarsat Government and the type of contract –

Apple Products Multiple Vulnerabilities

Miljödata – 870,108 breached accounts

You may have missed