US-CERT Vulnerability Summary for the Week of May 26, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects–Daily College Class Work Report Book | A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwr_entry.php. The manipulation of the argument Date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5205 |
| argoproj–argo-cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4. | 2025-05-29 | 9.1 | CVE-2025-47933 |
| Avast–Avast Business Antivirus | Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. | 2025-05-28 | 7.3 | CVE-2025-4134 |
| bestpractical–RT | Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. | 2025-05-28 | 7.2 | CVE-2025-30087 |
| bestpractical–RT | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. | 2025-05-28 | 7.2 | CVE-2025-31500 |
| bestpractical–RT | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. | 2025-05-28 | 7.2 | CVE-2025-31501 |
| codingjoe–django-select2 | Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1. | 2025-05-27 | 8.2 | CVE-2025-48383 |
| Consilium Safety–CS5000 Fire Panel | The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device’s operation if exploited. | 2025-05-29 | 9.8 | CVE-2025-41438 |
| Consilium Safety–CS5000 Fire Panel | The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues. | 2025-05-29 | 9.8 | CVE-2025-46352 |
| contrid–Newsletters | The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the ‘file’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2025-05-31 | 7.2 | CVE-2025-4857 |
| D-Link–DCS-5020L | A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-27 | 8.8 | CVE-2025-5215 |
| Dassault Systmes–City Referential Manager | A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4983 |
| Dassault Systmes–City Referential Manager | A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4984 |
| Dassault Systmes–Collaborative Industry Innovator | A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-0602 |
| Dassault Systmes–Collaborative Industry Innovator | A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4991 |
| Dassault Systmes–Multidisciplinary Optimization Engineer | A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4988 |
| Dassault Systmes–Product Manager | A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4986 |
| Dassault Systmes–Product Manager | A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4989 |
| Dassault Systmes–Product Manager | A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4990 |
| Dassault Systmes–Project Portfolio Manager | A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4985 |
| Dassault Systmes–Service Process Engineer | A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. | 2025-05-30 | 8.7 | CVE-2025-4992 |
| empoweringprowebsite–PSW Front-end Login & Registration | The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover. | 2025-05-31 | 9.8 | CVE-2025-4607 |
| Esri–Portal for ArcGIS | Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. | 2025-05-29 | 9.1 | CVE-2025-4967 |
| fabiolb–fabio | Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6. | 2025-05-30 | 9.1 | CVE-2025-48865 |
| Fortinet–FortiClientMac | An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | 2025-05-28 | 7.4 | CVE-2025-25251 |
| Fortinet–FortiProxy | A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. | 2025-05-28 | 9 | CVE-2025-22252 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5217 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5218 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5219 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5220 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5221 |
| GitLab–GitLab | An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user’s browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | 2025-05-30 | 8.7 | CVE-2025-1763 |
| Hitachi Energy–Asset Suite | A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. | 2025-05-30 | 7.4 | CVE-2025-2500 |
| IBM–Tivoli Monitoring | IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | 2025-05-28 | 9.8 | CVE-2025-3357 |
| Instantel–Micromate | Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. | 2025-05-29 | 9.8 | CVE-2025-1907 |
| ISC–Kea | Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | 2025-05-28 | 7.8 | CVE-2025-32801 |
| JCT–Airpointer | Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | 2025-05-30 | 7.8 | CVE-2025-4636 |
| jokob-sk–NetAlertX | NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14. | 2025-05-27 | 10 | CVE-2025-32440 |
| Kashipara–Responsive Online Learing Platform | A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the affected product appears to have a typo in it. | 2025-05-26 | 7.3 | CVE-2025-5214 |
| Lenovo–PC Manager | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | 2025-05-30 | 7.8 | CVE-2025-2501 |
| Lenovo–PC Manager | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | 2025-05-30 | 7.8 | CVE-2025-2502 |
| Lenovo–PC Manager | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | 2025-05-30 | 7.1 | CVE-2025-2503 |
| Lovable–Lovable | An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. | 2025-05-30 | 9.3 | CVE-2025-48757 |
| luminfire–WP-GeoMeta | The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | 2025-05-31 | 8.8 | CVE-2025-4103 |
| Mitsubishi Electric Corporation–MELSEC iQ-F Series FX5U-32MT/ES | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery. | 2025-05-29 | 9.1 | CVE-2025-3755 |
| n/a–Econtrata | A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 7.3 | CVE-2025-5172 |
| N/A–N/A | Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user’s (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges | 2025-05-26 | 7.8 | CVE-2025-23395 |
| offsprout–Offsprout Page Builder | The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create, update or delete any user meta, including flipping their own wp_capabilities to administrator and fully escalate their privileges. | 2025-05-31 | 8.8 | CVE-2025-4672 |
| Pepperl+Fuchs–Profinet Gateway FB8122A.1.EL | An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog. | 2025-05-26 | 8.2 | CVE-2025-41654 |
| Pepperl+Fuchs–Profinet Gateway FB8122A.1.EL | An unauthenticated remote attacker can access a URL which causes the device to reboot. | 2025-05-26 | 7.5 | CVE-2025-41655 |
| PHPGurukul–Employee Record Management System | A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /loginerms.php. The manipulation of the argument Email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5210 |
| PHPGurukul–Employee Record Management System | A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This issue affects some unknown processing of the file /myprofile.php. The manipulation of the argument EmpCode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5211 |
| PHPGurukul–Employee Record Management System | A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file /admin/editempexp.php. The manipulation of the argument emp1name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5212 |
| PHPGurukul–Student Record System | A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-27 | 7.3 | CVE-2025-5216 |
| projectworlds–Responsive E-Learning System | A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5213 |
| Realce Tecnologia–Queue Ticket Kiosk | A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been declared as critical. This vulnerability affects unknown code of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to sql injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 7.3 | CVE-2025-5176 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution. | 2025-05-27 | 7.3 | CVE-2025-48796 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. | 2025-05-27 | 7.3 | CVE-2025-48797 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. | 2025-05-27 | 7.3 | CVE-2025-48798 |
| RedHat–Red Hat Enterprise Linux 10 | A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the ‘subtag’ struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | 2025-05-27 | 7 | CVE-2025-5222 |
| sorich87–Browse As | The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the ‘IS_BA_Browse_As::notice’ function with the ‘is_ba_original_user_COOKIEHASH’ cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2025-05-30 | 8.8 | CVE-2025-5190 |
| SourceCodester–Online Hospital Management System | A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 7.3 | CVE-2025-5208 |
| StylemixThemes–MasterStudy LMS Pro | The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible. | 2025-05-28 | 8.8 | CVE-2025-4800 |
| themeglow–Property Real Estate Directory Listing | The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Authorâ€level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form. | 2025-05-27 | 8.8 | CVE-2025-5117 |
| ThimPress–Course Builder | Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6. | 2025-05-29 | 9.8 | CVE-2025-48336 |
| unitybusinesstechnology–The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis | The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose ‘_datatype’ is set to ‘users’,. This allows unauthenticated attackers to write arbitrary strings straight into the user’s wp_capabilities meta field, potentially elevating the privileges of an existing user account or a newly created one to that of an administrator. | 2025-05-31 | 9.8 | CVE-2025-4631 |
| valtimo-platform–valtimo-backend-libraries | Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. At time of publication, no known patches exist. A workaround for this issue involves overriding the endpoint security as defined in ObjectenApiHttpSecurityConfigurer and ObjectManagementHttpSecurityConfigurer. Depending on the implementation, this could result in loss of functionality. | 2025-05-30 | 8.3 | CVE-2025-48881 |
| Vanquish–WooCommerce Orders & Customers Exporter | Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. | 2025-05-30 | 7.5 | CVE-2025-48331 |
| vBulletin–vBulletin | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers’ methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025. | 2025-05-27 | 10 | CVE-2025-48827 |
| vBulletin–vBulletin | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the “var_dump”(“test”) syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025. | 2025-05-27 | 9 | CVE-2025-48828 |
| VMware–Spring cloud Gateway | Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. | 2025-05-30 | 8.6 | CVE-2025-41235 |
| Weidmueller–IE-SW-VL05M-5TX | Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise. | 2025-05-27 | 9.8 | CVE-2025-41651 |
| Weidmueller–IE-SW-VL05M-5TX | The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device. | 2025-05-27 | 9.8 | CVE-2025-41652 |
| Weidmueller–IE-SW-VL05M-5TX | An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. | 2025-05-27 | 7.5 | CVE-2025-41649 |
| Weidmueller–IE-SW-VL05M-5TX | An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. | 2025-05-27 | 7.5 | CVE-2025-41650 |
| Weidmueller–IE-SW-VL05M-5TX | An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device’s web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive. | 2025-05-27 | 7.5 | CVE-2025-41653 |
| Wondershare–Filmora | A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 7 | CVE-2025-5180 |
| zitadel–zitadel | Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user’s password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2. | 2025-05-30 | 8.1 | CVE-2025-48936 |
| ZKTeco–BioTime | ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value ‘123456’. Users should change their passwords (located under the Attendance Settings tab as “Self-Password”). | 2025-05-27 | 7.3 | CVE-2024-13966 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| AMI–AptioV | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity. | 2025-05-29 | 5.8 | CVE-2025-33043 |
| Arista Networks–EOS | On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries. | 2025-05-27 | 6.5 | CVE-2024-11185 |
| Arista Networks–EOS | On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability. Note: this issue does not affect VXLANSec or MACSec encryption functionality. | 2025-05-27 | 5.3 | CVE-2025-2796 |
| bc2018–Woo Slider Pro Drag Drop Slider Builder For WooCommerce | The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | 2025-05-30 | 6.5 | CVE-2025-4597 |
| BinaryCarpenter–Woo Slider Pro | Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action “woo_slide_pro_delete_slider”. | 2025-05-30 | 6.5 | CVE-2025-48334 |
| Canonical–Apport | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1). | 2025-05-30 | 4.7 | CVE-2025-5054 |
| choijun–LA-Studio Element Kit for Elementor | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-30 | 6.4 | CVE-2025-4943 |
| choijun–LA-Studio Element Kit for Elementor | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-30 | 6.4 | CVE-2025-4944 |
| crmperks–Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2025-05-30 | 5.3 | CVE-2025-4659 |
| daisycon–Daisycon prijsvergelijkers | The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘daisycon_uitvaart’ shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-31 | 6.4 | CVE-2025-4590 |
| DBAR Productions–Volunteer Sign Up Sheets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5. The patch is available exclusively on GitHub at https://github.com/dbarproductions/pta-volunteer-sign-up-sheets , as the vendor encounters difficulties using SVN to deploy to the WordPress.org repository. | 2025-05-27 | 5.9 | CVE-2025-3704 |
| Dell–PowerStore | Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account’s privileges. | 2025-05-28 | 6.5 | CVE-2025-36572 |
| Dell–ThinOS | Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | 2025-05-29 | 4.9 | CVE-2025-32752 |
| django-helpdesk Project–django-helpdesk | django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. | 2025-05-31 | 5.1 | CVE-2018-25111 |
| erdogant–pypickle | A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component. | 2025-05-26 | 5.3 | CVE-2025-5174 |
| erdogant–pypickle | A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component. | 2025-05-26 | 5.3 | CVE-2025-5175 |
| Fortinet–FortiClientWindows | A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | 2025-05-28 | 4.8 | CVE-2025-24473 |
| Fortinet–FortiOS | A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. | 2025-05-28 | 4.8 | CVE-2025-47294 |
| goiblas–Map Block Leaflet | The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-29 | 6.4 | CVE-2025-5122 |
| gradio-app–gradio | Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio’s flagging feature allows unauthenticated attackers to copy any readable file from the server’s filesystem. While attackers can’t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0. | 2025-05-30 | 5.3 | CVE-2025-48889 |
| H3C–SecCenter SMP-E1114P02 | A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile_2 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 6.3 | CVE-2025-5162 |
| H3C–SecCenter SMP-E1114P02 | A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 4.3 | CVE-2025-5160 |
| H3C–SecCenter SMP-E1114P02 | A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 4.3 | CVE-2025-5161 |
| HCL Software–HCL Glovius Cloud | Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs | 2025-05-30 | 6.8 | CVE-2024-23589 |
| HCL Software–HCL Traveler for Microsoft Outlook (HTMO) | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | 2025-05-30 | 6.5 | CVE-2024-42190 |
| HCL Software–HCL Traveler for Microsoft Outlook (HTMO) | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | 2025-05-30 | 6.5 | CVE-2024-42191 |
| Hitachi Energy–Asset Suite | A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. | 2025-05-30 | 6.5 | CVE-2025-1484 |
| HumanSignal–label-studio-ml-backend | A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-05-26 | 5.3 | CVE-2025-5173 |
| IBM–Controller | IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | 2025-05-27 | 6.5 | CVE-2025-33079 |
| IBM–Db2 for Linux, UNIX and Windows | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2025-05-29 | 6.5 | CVE-2024-49350 |
| IBM–Db2 for Linux, UNIX and Windows | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2025-05-29 | 5.3 | CVE-2025-2518 |
| IBM–Db2 for Linux, UNIX and Windows | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources. | 2025-05-29 | 5.3 | CVE-2025-3050 |
| IBM–Hardware Management Console | IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-05-27 | 5.5 | CVE-2024-45094 |
| IBM–InfoSphere Information Server | IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | 2025-06-01 | 6.5 | CVE-2025-1499 |
| IBM–Planning Analytics Local | IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. | 2025-06-01 | 6.5 | CVE-2025-33004 |
| IBM–Planning Analytics Local | IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | 2025-06-01 | 6.3 | CVE-2025-33005 |
| IBM–Planning Analytics Local | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-06-01 | 5.4 | CVE-2025-25044 |
| IBM–Planning Analytics Local | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-06-01 | 4.8 | CVE-2025-2896 |
| IBM–Security Guardium | IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-05-28 | 4.3 | CVE-2025-25025 |
| IBM–Security Guardium | IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | 2025-05-28 | 4.3 | CVE-2025-25026 |
| IBM–Security Guardium | IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. | 2025-05-28 | 4.9 | CVE-2025-25029 |
| IBM–Sterling Secure Proxy | IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2025-05-28 | 5.9 | CVE-2024-38341 |
| IBM–Sterling Secure Proxy | IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. | 2025-05-28 | 4.3 | CVE-2024-51453 |
| inspireui–MStore API Create Native Android & iOS Apps On The Cloud | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts. | 2025-05-27 | 4.3 | CVE-2025-4683 |
| ISC–Kea | Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | 2025-05-28 | 6.1 | CVE-2025-32802 |
| ISC–Kea | In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | 2025-05-28 | 4 | CVE-2025-32803 |
| JCT–Airpointer | Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal | 2025-05-30 | 6.5 | CVE-2025-4633 |
| JCT–Airpointer | A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user. | 2025-05-30 | 6.6 | CVE-2025-4635 |
| JCT–Airpointer | The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem | 2025-05-30 | 4.1 | CVE-2025-4634 |
| jtewes–FastSpring | The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fastspring/block-fastspringblocks-complete-product-catalog’ block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the ‘color’ attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-31 | 6.4 | CVE-2025-4595 |
| krasenslavov–Featured Image Plus Quick & Bulk Edit with Unsplash | The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post. | 2025-05-30 | 4.3 | CVE-2025-4431 |
| Lenovo–Legion Space for Legion Go | An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. | 2025-05-30 | 5.3 | CVE-2025-1479 |
| llisoft–MTA Maita Training System | A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file com\llisoft\controller\admin\shiti\AdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 6.3 | CVE-2025-5170 |
| llisoft–MTA Maita Training System | A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 6.3 | CVE-2025-5171 |
| Mattermost–Mattermost | Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens. | 2025-05-30 | 5.4 | CVE-2025-3230 |
| Mattermost–Mattermost | Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the ‘invite user’ permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint. | 2025-05-29 | 5.3 | CVE-2025-3913 |
| Mattermost–Mattermost | Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow. | 2025-05-30 | 4.2 | CVE-2025-2571 |
| Mautic–Mautic | SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL. MitigationUpdate Mautic to the latest Mautic version. By default, Mautic does not use .env files for production data. For Apache users: Ensure your web server is configured to respect .htaccess files. For Nginx users: As Nginx does not inherently support .htaccess files, you must manually add a configuration block to your Nginx server configuration to deny access to .env files. Add the following to your Nginx configuration for the Mautic site: location ~ /\.env { deny all; } After modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect. | 2025-05-28 | 5.1 | CVE-2024-47056 |
| Mautic–Mautic | SummaryThis advisory addresses a security vulnerability in Mautic related to the “Forget your password” functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the “Forget your password” functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack. MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence. | 2025-05-28 | 5.3 | CVE-2024-47057 |
| Mautic–Mautic | SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions. | 2025-05-28 | 4.3 | CVE-2024-47055 |
| milmor–WP Attachments | The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-05-28 | 6.1 | CVE-2025-5082 |
| N/A–N/A | The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. | 2025-05-26 | 5 | CVE-2025-46803 |
| N/A–N/A | Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. | 2025-05-26 | 5.5 | CVE-2025-46805 |
| n/a–Pixelimity | A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 4.7 | CVE-2025-5206 |
| N/A–Vuetify | Improper neutralization of the value of the ‘eventMoreText’ property of the ‘VCalendar’ component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the default Vuetify translator will return the translation key as the translation, if it can’t find an actual translation. This issue affects Vuetify versions greater than or equal to 2.0.0 and less than 3.0.0. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ . | 2025-05-28 | 5.6 | CVE-2025-1461 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution. | 2025-05-27 | 4.4 | CVE-2025-23247 |
| Pepperl+Fuchs–Profinet Gateway FB8122A.1.EL | Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device. | 2025-05-26 | 6.1 | CVE-2025-1985 |
| pluginsandsnippets–Simple Page Access Restriction | The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This makes it possible for unauthenticated attackers to (1) enable or disable access protection on all post types or taxonomies, (2) force every new page/post to be public or private, regardless of meta-box settings, (3) cause a silent wipe of all plugin data when it’s later removed, or (4) to conduct URL redirection attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-05-30 | 6.5 | CVE-2025-5142 |
| Realce Tecnologia–Queue Ticket Kiosk | A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files[] leads to unrestricted upload. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 6.3 | CVE-2025-5178 |
| Realce Tecnologia–Queue Ticket Kiosk | A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 4.3 | CVE-2025-5177 |
| Red Hat–AMQ Broker 7.13.0.OPR.1.GA | A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | 2025-05-26 | 5.5 | CVE-2025-4057 |
| Red Hat–Red Hat Advanced Cluster Security 4 | A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product. | 2025-05-27 | 5 | CVE-2025-5198 |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original’s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner’s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original’s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. | 2025-05-30 | 4.7 | CVE-2025-4598 |
| redis–redis | Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | 2025-05-29 | 4.7 | CVE-2025-27151 |
| Relevanssi–Relevanssi A Better Search (Pro) | The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-31 | 4.7 | CVE-2025-5016 |
| SIGB–PMB | In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. | 2025-05-27 | 6.4 | CVE-2025-48744 |
| SIGB–PMB | The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. | 2025-05-27 | 5.4 | CVE-2025-48742 |
| SIGB–PMB | SIGB PMB before 8.0.1.2 allows SQL injection. | 2025-05-27 | 5.3 | CVE-2025-48743 |
| smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy | The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-29 | 6.4 | CVE-2025-4670 |
| smub–Smash Balloon Social Photo Feed Easy Social Feeds Plugin | The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-29 | 5.4 | CVE-2025-4583 |
| SourceCodester–Client Database Management System | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument nickname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 4.7 | CVE-2025-5207 |
| Spotlight–Spotlight – Social Media Feeds (Premium) | Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight – Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight – Social Media Feeds (Premium): from n/a through 1.7.1. | 2025-05-26 | 5.3 | CVE-2025-39498 |
| strapi–strapi | Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2. | 2025-05-29 | 4.9 | CVE-2024-52588 |
| Summer Pearl Group–Vacation Rental Management Platform | A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handler. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2025-05-26 | 4.3 | CVE-2025-5182 |
| Summer Pearl Group–Vacation Rental Management Platform | A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2025-05-26 | 4.3 | CVE-2025-5184 |
| Summer Pearl Group–Vacation Rental Management Platform | A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2025-05-26 | 4.3 | CVE-2025-5185 |
| SUSE–Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3. | 2025-05-26 | 5.2 | CVE-2025-23392 |
| SUSE–Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3. | 2025-05-27 | 5.2 | CVE-2025-23393 |
| SUSE–SUSE Linux Enterprise Micro 5.3 | For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | 2025-05-26 | 6 | CVE-2025-46802 |
| syntactics–Free Booking Plugin for Hotels, Restaurants and Car Rentals eaSYNC Booking | The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the ‘view_request_details’ due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the details of any booking request. The vulnerability was partially patched in versions 1.3.18 and 1.3.21. | 2025-05-31 | 5.3 | CVE-2025-4691 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. | 2025-05-28 | 5.3 | CVE-2025-48927 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025. | 2025-05-28 | 4.3 | CVE-2025-48925 |
| TeleMessage–service | The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025. | 2025-05-28 | 4.3 | CVE-2025-48926 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a “core dump” in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. | 2025-05-28 | 4 | CVE-2025-48928 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025. | 2025-05-28 | 4 | CVE-2025-48929 |
| thinkgem–JeeSite | A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-26 | 6.3 | CVE-2025-5186 |
| timstrifler–Exclusive Addons for Elementor | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-26 | 6.4 | CVE-2025-4783 |
| vllm-project–vllm | vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. The pattern contains multiple nested quantifiers, optional groups, and inner repetitions which make it vulnerable to catastrophic backtracking. Version 0.9.0 contains a patch for the issue. | 2025-05-30 | 6.5 | CVE-2025-48887 |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue. | 2025-05-30 | 6.5 | CVE-2025-48942 |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xg/CVE-2025-48942, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue. | 2025-05-30 | 6.5 | CVE-2025-48943 |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the “pattern” and “type” fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue. | 2025-05-30 | 6.5 | CVE-2025-48944 |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30×100 and 100×30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0. | 2025-05-29 | 4.2 | CVE-2025-46722 |
| Wing–FTP Server | A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 7.4.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: “[W]e do not consider it as a security vulnerability, because the system admin in WingFTP has full permissions […], but you can suggest the user run WingFTP service as Normal User rather than SYSTEM/Root, it will be safer.” | 2025-05-26 | 6.6 | CVE-2025-5196 |
| wpdevteam–Essential Blocks AI-Powered Page Builder Gutenberg Blocks, Patterns & Templates | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-27 | 6.4 | CVE-2025-4682 |
| wpextended–The Ultimate WordPress Toolkit WP Extended | The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-05-28 | 6.4 | CVE-2025-4963 |
| wproyal–Royal Elementor Addons and Templates | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-31 | 6.4 | CVE-2025-3813 |
| WSO2–WSO2 Open Banking AM | An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation. | 2025-05-30 | 4.3 | CVE-2024-7097 |
| WSO2–WSO2 Open Banking IAM | A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are accessible to the attacker. * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration. * At least one custom role exists with non-default permissions. * The attacker has knowledge of the custom role and the internal attribute used in the deployment. Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms. | 2025-05-30 | 4.2 | CVE-2024-7096 |
| yangshare –warehouseManager | A vulnerability, which was classified as problematic, was found in yangshare 技术æ¨å·¥ warehouseManager 仓库管ç†ç³»ç»Ÿ 1.0. This affects an unknown part. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 5.3 | CVE-2025-5163 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Arista Networks–EOS | n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted. | 2025-05-27 | 2.6 | CVE-2025-2826 |
| discourse–discourse-policy | Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories. | 2025-05-29 | 3.5 | CVE-2025-47288 |
| Fortinet–FortiManager | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests. | 2025-05-28 | 2.1 | CVE-2024-54020 |
| Fortinet–FortiOS | A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker’s control. | 2025-05-28 | 3.4 | CVE-2025-47295 |
| Fortinet–FortiPortal | A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. | 2025-05-28 | 2.2 | CVE-2025-46777 |
| GibbonEdu–Gibbon | Gibbon before 29.0.00 allows CSRF. | 2025-05-27 | 3.7 | CVE-2025-26211 |
| Mattermost–Mattermost | Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint. | 2025-05-30 | 3.1 | CVE-2025-1792 |
| Mattermost–Mattermost | Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with ‘No access’ to Teams in the System Console. | 2025-05-30 | 3.1 | CVE-2025-3611 |
| N/A–N/A | A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. | 2025-05-26 | 3.3 | CVE-2025-46804 |
| n/a–PerfreeBlog | A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 3.7 | CVE-2025-5164 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5165 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5166 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5167 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5168 |
| Open Asset Import Library–Assimp | A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5169 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5200 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5201 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5202 |
| Open Asset Import Library–Assimp | A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5203 |
| Open Asset Import Library–Assimp | A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | 2025-05-26 | 3.3 | CVE-2025-5204 |
| open-quantum-safe–liboqs | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification. | 2025-05-30 | 3.7 | CVE-2025-48946 |
| Realce Tecnologia–Queue Ticket Kiosk | A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-26 | 2.4 | CVE-2025-5179 |
| Summer Pearl Group–Vacation Rental Management Platform | A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2025-05-26 | 3.5 | CVE-2025-5181 |
| Summer Pearl Group–Vacation Rental Management Platform | A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2025-05-26 | 3.5 | CVE-2025-5183 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort. | 2025-05-28 | 3.2 | CVE-2025-48931 |
| TeleMessage–service | The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025. | 2025-05-28 | 2.8 | CVE-2025-48930 |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0. | 2025-05-29 | 2.6 | CVE-2025-46570 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Absolute Security–Secure Access | CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high. | 2025-05-28 | not yet calculated | CVE-2025-27702 |
| Absolute Security–Secure Access | CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | 2025-05-28 | not yet calculated | CVE-2025-27703 |
| Absolute Security–Secure Access | CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability. | 2025-05-28 | not yet calculated | CVE-2025-27706 |
| AES Multimedia–Gestnet | SQL injection vulnerability in AES Multimedia’s Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint. | 2025-05-26 | not yet calculated | CVE-2025-40671 |
| Apache Software Foundation–Apache Commons BeanUtils 1.x | Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user’s guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue. | 2025-05-28 | not yet calculated | CVE-2025-48734 |
| Apache Software Foundation–Apache InLong | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong’s 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11732 | 2025-05-28 | not yet calculated | CVE-2025-27522 |
| Apache Software Foundation–Apache InLong | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong’s 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747 | 2025-05-28 | not yet calculated | CVE-2025-27526 |
| Apache Software Foundation–Apache InLong | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong’s 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747 | 2025-05-28 | not yet calculated | CVE-2025-27528 |
| Apache Software Foundation–Apache NuttX RTOS | Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX’s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0. | 2025-05-26 | not yet calculated | CVE-2025-35003 |
| Apache Software Foundation–Apache Superset | An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into ‘sqlExpression’ fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue. | 2025-05-30 | not yet calculated | CVE-2025-48912 |
| Apache Software Foundation–Apache Tomcat | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat’s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. | 2025-05-29 | not yet calculated | CVE-2025-46701 |
| Apple–iOS and iPadOS | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy. | 2025-05-29 | not yet calculated | CVE-2025-30466 |
| Apple–iOS and iPadOS | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-05-29 | not yet calculated | CVE-2025-31199 |
| Apple–macOS | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-05-29 | not yet calculated | CVE-2025-31189 |
| Apple–macOS | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation. | 2025-05-29 | not yet calculated | CVE-2025-31198 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information. | 2025-05-29 | not yet calculated | CVE-2025-31231 |
| Apple–macOS | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | 2025-05-29 | not yet calculated | CVE-2025-31261 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. | 2025-05-29 | not yet calculated | CVE-2025-31263 |
| Apple–macOS | An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | 2025-05-29 | not yet calculated | CVE-2025-31264 |
| aryan6673–project-ai | Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version. | 2025-05-30 | not yet calculated | CVE-2025-48491 |
| Be-Tech–Mifare Classic cards | The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks. | 2025-05-26 | not yet calculated | CVE-2025-4053 |
| Blackmagic Design–DaVinci Resolve | Use of entitlement “com.apple.security.cs.disable-library-validation” and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue affects DaVinci Resolve on macOS in all versions. Last tested version: 19.1.3 | 2025-05-29 | not yet calculated | CVE-2025-4081 |
| chrome-php–chrome | Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding manually to their selectors if they are unable to upgrade. | 2025-05-30 | not yet calculated | CVE-2025-48883 |
| cli–go-gh | go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user’s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading. | 2025-05-30 | not yet calculated | CVE-2025-48938 |
| Clickedu–Clickedu | Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards. | 2025-05-26 | not yet calculated | CVE-2025-40650 |
| codelibs–fess | Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only. | 2025-05-27 | not yet calculated | CVE-2025-48382 |
| CoverManager–CoverManager | Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server. The malicious scripts are executed in the browser of any user visiting the affected page without the user having to take any further action. This can allow the attacker to steal sensitive information, such as session cookies, login credentials, and perform actions on behalf of the affected user. | 2025-05-26 | not yet calculated | CVE-2025-40652 |
| curl–curl | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks. | 2025-05-28 | not yet calculated | CVE-2025-4947 |
| curl–curl | libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing. | 2025-05-28 | not yet calculated | CVE-2025-5025 |
| cvat-ai–cvat | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has been patched in version 2.38.0. | 2025-05-30 | not yet calculated | CVE-2025-48381 |
| Devolutions–Server | Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both “User Management” and “User Group Management” permissions to perform privilege escalation by adding users to groups with administrative privileges. | 2025-05-30 | not yet calculated | CVE-2025-4433 |
| Devolutions–Server | Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | 2025-05-28 | not yet calculated | CVE-2025-4493 |
| DinoRANK–DinoRANK | A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint ‘/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf’ because there is no access control. The pdf filename can be obtained via OSINT, insecure network traffic or brute force. | 2025-05-28 | not yet calculated | CVE-2025-40673 |
| Evertz–3080ipx-10G | The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others. | 2025-05-28 | not yet calculated | CVE-2025-4009 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols (\r, \n, \t)to the application. This issue has been patched in version 1.8.178. | 2025-05-29 | not yet calculated | CVE-2025-48388 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get method, deserialization will occur, which will allow arbitrary code execution This issue has been patched in version 1.8.178. | 2025-05-29 | not yet calculated | CVE-2025-48389 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking user input, the file_exists function is also called to check for the presence of such a file (folder) in the file system. A user with the administrator role can create a translation for the language, which will create a folder in the file system. Further in tools.php, the user can specify the path to this folder as php_path, which will lead to the execution of code in backticks. This issue has been patched in version 1.8.178. | 2025-05-29 | not yet calculated | CVE-2025-48390 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179. | 2025-05-29 | not yet calculated | CVE-2025-48471 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have access to the mailbox, then after disabling (enabling) notifications for this mailbox, the user will gain access to it. This issue has been patched in version 1.8.179. | 2025-05-29 | not yet calculated | CVE-2025-48472 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other mailboxes or from other conversations to which they do not have access (access restriction to conversations is implemented by the show_only_assigned_conversations setting, which is also not checked). This issue has been patched in version 1.8.179. | 2025-05-29 | not yet calculated | CVE-2025-48473 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations. This issue has been patched in version 1.8.180. | 2025-05-29 | not yet calculated | CVE-2025-48474 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which “clients” of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conversations, has the ability to view and edit the System’s clients. The limitation of client visibility can be implemented by the limit_user_customer_visibility setting, however, in the specified scenarios, there is no check for the presence of this setting. This issue has been patched in version 1.8.180. | 2025-05-29 | not yet calculated | CVE-2025-48475 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48476 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application’s logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48477 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48478 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48479 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user’s avatar ../.htaccess during creation, and then delete the user’s avatar, resulting in the deletion of the file .htaccess in the folder /storage/app/public. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48480 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link from the email to gain initial access to the account. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48481 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the fill() method is called with all client-provided data, including unexpected values for channel and channel_id, leading to a mass assignment vulnerability. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48482 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user’s browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Additionally, if an administrator accesses one of these emails with a modified signature, it could result in a subsequent Cross-Site Request Forgery (CSRF) vulnerability. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48483 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in version 1.8.178. | 2025-05-30 | not yet calculated | CVE-2025-48484 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48485 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper filtering. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48486 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48487 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48488 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180. | 2025-05-30 | not yet calculated | CVE-2025-48489 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system’s incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.181. | 2025-05-30 | not yet calculated | CVE-2025-48875 |
| freescout-help-desk–freescout | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181. | 2025-05-30 | not yet calculated | CVE-2025-48880 |
| GetSimpleCMS-CE–GetSimpleCMS-CE | GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22. | 2025-05-30 | not yet calculated | CVE-2025-48492 |
| Google–Android | There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-05-27 | not yet calculated | CVE-2024-56193 |
| Google–Android | There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-05-27 | not yet calculated | CVE-2025-27700 |
| Google–Android | In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. | 2025-05-27 | not yet calculated | CVE-2025-27701 |
| Google–Chrome | Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-05-27 | not yet calculated | CVE-2025-5063 |
| Google–Chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2025-05-27 | not yet calculated | CVE-2025-5064 |
| Google–Chrome | Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-05-27 | not yet calculated | CVE-2025-5065 |
| Google–Chrome | Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-05-27 | not yet calculated | CVE-2025-5066 |
| Google–Chrome | Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-05-27 | not yet calculated | CVE-2025-5067 |
| Grupo Espiral MS–Panloader.exe | A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). | 2025-05-26 | not yet calculated | CVE-2025-40672 |
| hackney–hackney | Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release. | 2025-05-28 | not yet calculated | CVE-2025-3864 |
| i2A–Cronos | Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user’s personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time. | 2025-05-26 | not yet calculated | CVE-2025-40663 |
| Icinga–icinga2 | Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6. | 2025-05-27 | not yet calculated | CVE-2025-48057 |
| Kruger&Matz–com.pri.applock | An application “com.pri.applock”, which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed “com.android.providers.settings.fingerprint.PriFpShareProvider” content provider’s public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code. Vendor did not provide information about vulnerable versions. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability | 2025-05-30 | not yet calculated | CVE-2024-13916 |
| Kruger&Matz–com.pri.applock | An application “com.pri.applock”, which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed “com.pri.applock.LockUI” activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it. Vendor did not provide information about vulnerable versions. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability | 2025-05-30 | not yet calculated | CVE-2024-13917 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc’s limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen. This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines. | 2025-05-26 | not yet calculated | CVE-2025-37992 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. when trying to send CAN frames with cansend from can-utils: | BUG: spinlock bad magic on CPU#0, cansend/95 | lock: 0xff60000002ec1010, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 | CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE | Hardware name: MachineWare SIM-V (DT) | Call Trace: | [<ffffffff800133e0>] dump_backtrace+0x1c/0x24 | [<ffffffff800022f2>] show_stack+0x28/0x34 | [<ffffffff8000de3e>] dump_stack_lvl+0x4a/0x68 | [<ffffffff8000de70>] dump_stack+0x14/0x1c | [<ffffffff80003134>] spin_dump+0x62/0x6e | [<ffffffff800883ba>] do_raw_spin_lock+0xd0/0x142 | [<ffffffff807a6fcc>] _raw_spin_lock_irqsave+0x20/0x2c | [<ffffffff80536dba>] m_can_start_xmit+0x90/0x34a | [<ffffffff806148b0>] dev_hard_start_xmit+0xa6/0xee | [<ffffffff8065b730>] sch_direct_xmit+0x114/0x292 | [<ffffffff80614e2a>] __dev_queue_xmit+0x3b0/0xaa8 | [<ffffffff8073b8fa>] can_send+0xc6/0x242 | [<ffffffff8073d1c0>] raw_sendmsg+0x1a8/0x36c | [<ffffffff805ebf06>] sock_write_iter+0x9a/0xee | [<ffffffff801d06ea>] vfs_write+0x184/0x3a6 | [<ffffffff801d0a88>] ksys_write+0xa0/0xc0 | [<ffffffff801d0abc>] __riscv_sys_write+0x14/0x1c | [<ffffffff8079ebf8>] do_trap_ecall_u+0x168/0x212 | [<ffffffff807a830a>] handle_exception+0x146/0x152 Initializing the spin lock in m_can_class_allocate_dev solves that problem. | 2025-05-29 | not yet calculated | CVE-2025-37993 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal. | 2025-05-29 | not yet calculated | CVE-2025-37994 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In ‘lookup_or_create_module_kobject()’, an internal kobject is created using ‘module_ktype’. So call to ‘kobject_put()’ on error handling path causes an attempt to use an uninitialized completion pointer in ‘module_kobject_release()’. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether ‘complete()’ is actually required makes ‘kobject_put()’ safe. | 2025-05-29 | not yet calculated | CVE-2025-37995 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 (“KVM: arm64: Plumb the pKVM MMU in KVM”) made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map(). This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging. Fix this by making sure that memcache is always valid. | 2025-05-29 | not yet calculated | CVE-2025-37996 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts. | 2025-05-29 | not yet calculated | CVE-2025-37997 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. | 2025-05-29 | not yet calculated | CVE-2025-37998 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O request via erofs_fileio_rq_submit() and allocate a new I/O request with an empty `struct bio`. Then it retries the bio_add_folio() call. However, at this point, erofs_onlinefolio_split() has already been called which increments `folio->private`; the retry will call erofs_onlinefolio_split() again, but there will never be a matching erofs_onlinefolio_end() call. This leaves the folio locked forever and all waiters will be stuck in folio_wait_bit_common(). This bug has been added by commit ce63cb62d794 (“erofs: support unencoded inodes for fileio”), but was practically unreachable because there was room for 256 folios in the `struct bio` – until commit 9f74ae8c9ac9 (“erofs: shorten bvecs[] for file-backed mounts”) which reduced the array capacity to 16 folios. It was now trivial to trigger the bug by manually invoking readahead from userspace, e.g.: posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED); This should be fixed by invoking erofs_onlinefolio_split() only after bio_add_folio() has succeeded. This is safe: asynchronous completions invoking erofs_onlinefolio_end() will not unlock the folio because erofs_fileio_scan_folio() is still holding a reference to be released by erofs_onlinefolio_end() at the end. | 2025-05-29 | not yet calculated | CVE-2025-37999 |
| Lomkit–laravel-rest-api | Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0. | 2025-05-30 | not yet calculated | CVE-2025-48490 |
| M3M–M3M Printer Server Web | User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames. | 2025-05-26 | not yet calculated | CVE-2025-40653 |
| MICI Network Co. Ltd.–NetFax Server | An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials. | 2025-05-29 | not yet calculated | CVE-2025-48045 |
| MICI Network Co. Ltd.–NetFax Server | An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint. | 2025-05-29 | not yet calculated | CVE-2025-48046 |
| MICI Network Co. Ltd.–NetFax Server | An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. | 2025-05-29 | not yet calculated | CVE-2025-48047 |
| Mobatime–AMX MTAPI | Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5. | 2025-05-27 | not yet calculated | CVE-2025-2407 |
| n/a–n/a | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | 2025-05-29 | not yet calculated | CVE-2023-41591 |
| n/a–n/a | yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c. | 2025-05-29 | not yet calculated | CVE-2024-22653 |
| n/a–n/a | tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. | 2025-05-29 | not yet calculated | CVE-2024-22654 |
| n/a–n/a | An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service. | 2025-05-27 | not yet calculated | CVE-2024-49196 |
| n/a–n/a | An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access. | 2025-05-27 | not yet calculated | CVE-2024-49197 |
| n/a–n/a | An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component | 2025-05-29 | not yet calculated | CVE-2024-51392 |
| n/a–n/a | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. | 2025-05-29 | not yet calculated | CVE-2024-53423 |
| n/a–n/a | MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. | 2025-05-29 | not yet calculated | CVE-2024-54952 |
| n/a–n/a | Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. | 2025-05-28 | not yet calculated | CVE-2024-57336 |
| n/a–n/a | An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file. | 2025-05-28 | not yet calculated | CVE-2024-57337 |
| n/a–n/a | An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file. | 2025-05-28 | not yet calculated | CVE-2024-57338 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists in the GPRS protocol implementation because of a mismatch between the actual length of the payload and the length declared within the payload. | 2025-05-27 | not yet calculated | CVE-2025-22377 |
| n/a–n/a | Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components | 2025-05-29 | not yet calculated | CVE-2025-29632 |
| n/a–n/a | Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack. | 2025-05-30 | not yet calculated | CVE-2025-44612 |
| n/a–n/a | Tinxy WiFi Lock Controller v1 RF was discovered to store users’ sensitive information, including credentials and mobile phone numbers, in plaintext. | 2025-05-30 | not yet calculated | CVE-2025-44614 |
| n/a–n/a | Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. | 2025-05-30 | not yet calculated | CVE-2025-44619 |
| n/a–n/a | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | 2025-05-30 | not yet calculated | CVE-2025-44904 |
| n/a–n/a | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. | 2025-05-30 | not yet calculated | CVE-2025-44905 |
| n/a–n/a | jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c. | 2025-05-30 | not yet calculated | CVE-2025-44906 |
| n/a–n/a | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. | 2025-05-28 | not yet calculated | CVE-2025-45343 |
| n/a–n/a | maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. | 2025-05-29 | not yet calculated | CVE-2025-45474 |
| n/a–n/a | maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. | 2025-05-27 | not yet calculated | CVE-2025-45475 |
| n/a–n/a | An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor. | 2025-05-27 | not yet calculated | CVE-2025-45529 |
| n/a–n/a | Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg. | 2025-05-28 | not yet calculated | CVE-2025-45997 |
| n/a–n/a | HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server | 2025-05-29 | not yet calculated | CVE-2025-46078 |
| n/a–n/a | HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server. | 2025-05-29 | not yet calculated | CVE-2025-46080 |
| n/a–n/a | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. | 2025-05-27 | not yet calculated | CVE-2025-46173 |
| n/a–n/a | Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. | 2025-05-28 | not yet calculated | CVE-2025-47748 |
| n/a–n/a | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. | 2025-05-28 | not yet calculated | CVE-2025-48746 |
| n/a–n/a | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. | 2025-05-28 | not yet calculated | CVE-2025-48747 |
| n/a–n/a | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | 2025-05-29 | not yet calculated | CVE-2025-48748 |
| n/a–n/a | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. | 2025-05-28 | not yet calculated | CVE-2025-48749 |
| Nagvis–Nagvis | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | 2025-05-27 | not yet calculated | CVE-2024-38866 |
| Nagvis–Nagvis | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | 2025-05-27 | not yet calculated | CVE-2024-47090 |
| navidrome–navidrome | Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue. | 2025-05-30 | not yet calculated | CVE-2025-48948 |
| navidrome–navidrome | Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue. | 2025-05-30 | not yet calculated | CVE-2025-48949 |
| openmrs–openmrs-module-fhir2 | openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch. | 2025-05-29 | not yet calculated | CVE-2025-46823 |
| OpenText–Advanced Authentication | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. | 2025-05-27 | not yet calculated | CVE-2025-2236 |
| perl–perl | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 | 2025-05-30 | not yet calculated | CVE-2025-40909 |
| PHPOffice–Math | PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability. | 2025-05-30 | not yet calculated | CVE-2025-48882 |
| radashi-org–radashi | Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor. | 2025-05-27 | not yet calculated | CVE-2025-48054 |
| Real Easy Store–Real Easy Store | Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | 2025-05-28 | not yet calculated | CVE-2025-40651 |
| RRWO–Net::CIDR::Set | Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154. | 2025-05-27 | not yet calculated | CVE-2025-40911 |
| run-llama–run-llama/llama_index | LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `–files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute arbitrary shell commands. This vulnerability can be exploited locally if the attacker has control over the CLI arguments, and remotely if a web application calls the LLama-Index CLI with a user-controlled filename. This issue can lead to arbitrary code execution on the affected system. | 2025-05-28 | not yet calculated | CVE-2025-1753 |
| servo–rust-url | Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. | 2025-05-30 | not yet calculated | CVE-2024-12224 |
| SparkLabs–Viscosity | On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity’s TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 1.11.5 of Viscosity. | 2025-05-27 | not yet calculated | CVE-2025-4412 |
| supabase–auth-js | auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1. | 2025-05-27 | not yet calculated | CVE-2025-48370 |
| SUSE–openSUSE Tumbleweed | A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1. | 2025-05-26 | not yet calculated | CVE-2025-23394 |
| SYNCK GRAPHICA–Mailform Pro CGI | Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature. | 2025-05-26 | not yet calculated | CVE-2025-41441 |
| TCMAN–GIM | Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser. | 2025-05-26 | not yet calculated | CVE-2025-40664 |
| TCMAN–GIM | Time-based blind SQL injection vulnerabilities in TCMAN’s GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx. | 2025-05-26 | not yet calculated | CVE-2025-40665 |
| TCMAN–GIM | Time-based blind SQL injection vulnerabilities in TCMAN’s GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx. | 2025-05-26 | not yet calculated | CVE-2025-40666 |
| TCMAN–GIM | Missing authorization vulnerability in TCMAN’s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin. | 2025-05-26 | not yet calculated | CVE-2025-40667 |
| Teltonika Networks–RMS | In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7. | 2025-05-29 | not yet calculated | CVE-2025-4687 |
| TIMLEGGE–IO::Compress::Brotli | A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a “one-shot” decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the “streaming” API as opposed to the “one-shot” API, and impose chunk size limits. | 2025-05-30 | not yet calculated | CVE-2020-36846 |
| TINITA–YAML::LibYAML | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified | 2025-06-01 | not yet calculated | CVE-2025-40908 |
| traefik–traefik | Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1. | 2025-05-30 | not yet calculated | CVE-2025-47952 |
| UCHIDA YOKO CO., LTD.–wivia 5 | An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user. | 2025-05-30 | not yet calculated | CVE-2025-41385 |
| UCHIDA YOKO CO., LTD.–wivia 5 | Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user. | 2025-05-30 | not yet calculated | CVE-2025-41406 |
| UCHIDA YOKO CO., LTD.–wivia 5 | Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. | 2025-05-30 | not yet calculated | CVE-2025-47697 |
| Ulefone–com.pri.factorytest | Android based smartphones from vendors such as Ulefone and Krüger&Matz contain “com.pri.factorytest” application preloaded onto devices during manufacturing process. The application “com.pri.factorytest” (version name: 1.0, version code: 1) exposes a “com.pri.factorytest.emmc.FactoryResetService” service allowing any application to perform a factory reset of the device. Application update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Krüger&Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well). | 2025-05-30 | not yet calculated | CVE-2024-13915 |
| Unknown–Gearside Developer Dashboard | The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-30 | not yet calculated | CVE-2025-4429 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in version 15.2.2. | 2025-05-30 | not yet calculated | CVE-2025-48068 |
| xwikisas–application-urlshortener | application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don’t exist already. This can enable guest users to denature the structure of wiki pages, by creating 1000’s of pages with random name, that then become very difficult to handle by admins. Version 1.2.4 fixes the issue. No known workarounds are available. | 2025-05-30 | not yet calculated | CVE-2025-48885 |
| Yandex–Browser | A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682 | 2025-05-30 | not yet calculated | CVE-2023-26226 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
