High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| AutomationDirect–MB-Gateway | The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. | 2025-05-21 | 10 | CVE-2025-36535 |
| mojoomla–Hospital Management System | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | 2025-05-19 | 10 | CVE-2025-39380 |
| mojoomla–WPAMS | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 10 | CVE-2025-39401 |
| TemplateInvaders–TI WooCommerce Wishlist | Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2. | 2025-05-19 | 10 | CVE-2025-47577 |
| STAGGS–STAGGS | Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0. | 2025-05-23 | 10 | CVE-2025-47637 |
| printcart–Printcart Web to Print Product Designer for WooCommerce | Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. | 2025-05-23 | 10 | CVE-2025-47641 |
| Ajar Productions–Ajar in5 Embed | Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5. | 2025-05-23 | 10 | CVE-2025-47642 |
| StoreKeeper B.V.–StoreKeeper for WooCommerce | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4. | 2025-05-23 | 10 | CVE-2025-47687 |
| TYPO3–sr feuser register extension | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. | 2025-05-21 | 10 | CVE-2025-48200 |
| ABB–ASPECT-Enterprise | An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a “non” root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 9 | CVE-2024-48853 |
| Canon Inc.–Satera MF656Cdw | Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe. | 2025-05-25 | 9.8 | CVE-2025-2146 |
| ABB–ASPECT-Enterprise | File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 9.1 | CVE-2025-2409 |
| ABB–ASPECT-Enterprise | Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 9.1 | CVE-2025-2410 |
| dkszone–Eximius | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | 2025-05-19 | 9.9 | CVE-2025-26872 |
| dkszone–Celestial Aura | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | 2025-05-19 | 9.9 | CVE-2025-26892 |
| ABB–ASPECT-Enterprise | System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 9 | CVE-2025-30171 |
| themeton–Dash | Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3. | 2025-05-23 | 9.8 | CVE-2025-31049 |
| Techspawn–WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Techspawn WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0. | 2025-05-23 | 9.3 | CVE-2025-31056 |
| themeton–HotStar Multi-Purpose Business Theme | Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4. | 2025-05-23 | 9.8 | CVE-2025-31069 |
| smartcms–Bus Ticket Booking with Seat Reservation for WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce allows SQL Injection. This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a through 1.7. | 2025-05-23 | 9.3 | CVE-2025-31397 |
| AncoraThemes–Umberto | Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8. | 2025-05-23 | 9.8 | CVE-2025-31423 |
| themeton–The Business | Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | 2025-05-23 | 9.8 | CVE-2025-31430 |
| AncoraThemes–Fish House | Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object Injection. This issue affects Fish House: from n/a through 1.2.7. | 2025-05-23 | 9.8 | CVE-2025-31631 |
| kamleshyadav–Pixel WordPress Form BuilderPlugin & Autoresponder | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2. | 2025-05-23 | 9.3 | CVE-2025-31914 |
| joy2012bd–JP Students Result Management System Premium | Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a. | 2025-05-23 | 9 | CVE-2025-31916 |
| quantumcloud–Simple Business Directory Pro | Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple Business Directory Pro: from n/a through 15.4.8. | 2025-05-23 | 9.8 | CVE-2025-31918 |
| themeton–Acerola | Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5. | 2025-05-23 | 9.8 | CVE-2025-31927 |
| AncoraThemes–Jarvis Night Club, Concert, Festival WordPress | Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11. | 2025-05-23 | 9.8 | CVE-2025-32292 |
| ThemeGoods–Grand Restaurant WordPress | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | 2025-05-19 | 9.8 | CVE-2025-32926 |
| Chimpstudio–FoodBakery | Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3. | 2025-05-19 | 9.8 | CVE-2025-32927 |
| ThemeGoods–Altair | Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2. | 2025-05-19 | 9.8 | CVE-2025-32928 |
| ThemeGoods–Grand Restaurant WordPress | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | 2025-05-19 | 9.8 | CVE-2025-39348 |
| Potenzaglobalsolutions–CiyaShop | Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0. | 2025-05-19 | 9.8 | CVE-2025-39349 |
| ThemeGoods–Grand Conference | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | 2025-05-19 | 9.8 | CVE-2025-39354 |
| Chimpstudio–Foodbakery Sticky Cart | Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through 3.2. | 2025-05-19 | 9.8 | CVE-2025-39356 |
| mojoomla–Hospital Management System | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | 2025-05-19 | 9.3 | CVE-2025-39386 |
| Solid Plugins–AnalyticsWP | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2. | 2025-05-19 | 9.3 | CVE-2025-39389 |
| mojoomla–WPAMS | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 9.3 | CVE-2025-39395 |
| mojoomla–WPAMS | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 9.9 | CVE-2025-39402 |
| mojoomla–WPAMS | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in mojoomla WPAMS allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through 44.0. | 2025-05-19 | 9.8 | CVE-2025-39406 |
| themegusta–Smart Sections Theme Builder – WPBakery Page Builder Addon | Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder – WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder – WPBakery Page Builder Addon: from n/a through 1.7.8. | 2025-05-19 | 9.8 | CVE-2025-39410 |
| highwarden–Super Store Finder | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2. | 2025-05-19 | 9.3 | CVE-2025-39445 |
| ThemeMakers–Car Dealer | Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection. This issue affects Car Dealer: from n/a through 1.6.6. | 2025-05-23 | 9.8 | CVE-2025-39480 |
| ThemeGoods–Grand Tour | Travel Agency WordPress | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1. | 2025-05-23 | 9.8 | CVE-2025-39485 |
| pebas–CouponXL | Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0. | 2025-05-23 | 9.8 | CVE-2025-39489 |
| BoldThemes–Avantage | Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6. | 2025-05-23 | 9.8 | CVE-2025-39495 |
| BoldThemes–Medicare | Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0. | 2025-05-23 | 9.8 | CVE-2025-39499 |
| GoodLayers–Goodlayers Hostel | Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2. | 2025-05-23 | 9.8 | CVE-2025-39500 |
| GoodLayers–Goodlayers Hostel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2. | 2025-05-23 | 9.3 | CVE-2025-39501 |
| GoodLayers–Goodlayers Hotel | Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4. | 2025-05-23 | 9.8 | CVE-2025-39503 |
| GoodLayers–Goodlayers Hotel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GoodLayers Goodlayers Hotel allows Blind SQL Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4. | 2025-05-23 | 9.3 | CVE-2025-39504 |
| Spring–Spring Security | Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods | 2025-05-21 | 9.1 | CVE-2025-41232 |
| Vertiv–Liebert RDU101 | Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device. | 2025-05-21 | 9.8 | CVE-2025-41426 |
| StylemixThemes–Motors – Car Dealer, Rental & Listing WordPress theme | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account. | 2025-05-20 | 9.8 | CVE-2025-4322 |
| WPStylish–Madara Responsive and modern WordPress theme for manga sites | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2025-05-21 | 9.8 | CVE-2025-4524 |
| emagicone–eMagicOne Store Manager for WooCommerce | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | 2025-05-24 | 9.1 | CVE-2025-4603 |
| Vertiv–Liebert RDU101 | Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. | 2025-05-21 | 9.8 | CVE-2025-46412 |
| IndigoThemes–WP HRM LITE | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IndigoThemes WP HRM LITE allows SQL Injection. This issue affects WP HRM LITE: from n/a through 1.1. | 2025-05-23 | 9.3 | CVE-2025-46455 |
| Detheme–Easy Guide | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through 1.0.0. | 2025-05-23 | 9.3 | CVE-2025-46460 |
| WPFable–Fable Extra | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WPFable Fable Extra allows PHP Local File Inclusion. This issue affects Fable Extra: from n/a through 1.0.6. | 2025-05-23 | 9.8 | CVE-2025-46468 |
| wordwebsoftware–Crossword Compiler Puzzles | Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles: from n/a through 5.2. | 2025-05-23 | 9.9 | CVE-2025-46490 |
| WPFable–Fable Extra | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6. | 2025-05-23 | 9.3 | CVE-2025-46539 |
| langroid–langroid | Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. | 2025-05-20 | 9.8 | CVE-2025-46724 |
| vllm-project–vllm | vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `–kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured. | 2025-05-20 | 9.8 | CVE-2025-47277 |
| WPFunnels–WPFunnels | Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18. | 2025-05-23 | 9.8 | CVE-2025-47530 |
| CoinPayments–CoinPayments.net Payment Gateway for WooCommerce | Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce allows Object Injection. This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through 1.0.17. | 2025-05-23 | 9.8 | CVE-2025-47532 |
| Themewinter–Eventin | Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26. | 2025-05-23 | 9.8 | CVE-2025-47539 |
| ZoomIt–ZoomSounds | Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91. | 2025-05-23 | 9.8 | CVE-2025-47568 |
| Elbisnero–WordPress Events Calendar Registration & Tickets | Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0. | 2025-05-19 | 9.8 | CVE-2025-47581 |
| QuantumCloud–WPBot Pro WordPress Chatbot | Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro WordPress Chatbot allows Object Injection.This issue affects WPBot Pro WordPress Chatbot: from n/a through 12.7.0. | 2025-05-19 | 9.8 | CVE-2025-47582 |
| facturante–Facturante | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11. | 2025-05-23 | 9.3 | CVE-2025-47599 |
| printcart–Printcart Web to Print Product Designer for WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. | 2025-05-23 | 9.3 | CVE-2025-47640 |
| Gilblas Ngunte Possi–PSW Front-end Login & Registration | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration allows Password Recovery Exploitation. This issue affects PSW Front-end Login & Registration: from n/a through 1.13. | 2025-05-23 | 9.8 | CVE-2025-47646 |
| ELEXtensions–ELEX WordPress HelpDesk & Customer Ticketing System | Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through 3.2.7. | 2025-05-23 | 9.9 | CVE-2025-47658 |
| mojoomla–Hospital Management System | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | 2025-05-23 | 9.9 | CVE-2025-47663 |
| Schweitzer Engineering Laboratories–SEL-5056 Software-Defined Network Flow Controller | Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files | 2025-05-20 | 9 | CVE-2025-48017 |
| Majestic Support–Majestic Support | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0. | 2025-05-23 | 9.3 | CVE-2025-48283 |
| Pagaleve–Pix 4x sem juros – Pagaleve | Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros – Pagaleve allows Object Injection.This issue affects Pix 4x sem juros – Pagaleve: from n/a through 1.6.9. | 2025-05-23 | 9.8 | CVE-2025-48287 |
| AncoraThemes–Kids Planet | Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14. | 2025-05-23 | 9.8 | CVE-2025-48289 |
| Danny Vink–User Profile Meta Manager | Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02. | 2025-05-19 | 9.8 | CVE-2025-48340 |
| Netgear–DGND3700 | A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | 2025-05-20 | 9.8 | CVE-2025-4978 |
| emagicone–eMagicOne Store Manager for WooCommerce | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | 2025-05-24 | 9.8 | CVE-2025-5058 |
| ABB–ASPECT-Enterprise | Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 8.4 | CVE-2024-13952 |
| ABB–ASPECT-Enterprise | 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 8.8 | CVE-2024-13955 |
| Ericsson–Ericsson RAN Compute Basebands (all BB variants) | Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. | 2025-05-22 | 8.8 | CVE-2024-25010 |
| WSO2–WSO2 API Manager | An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the “/services” context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the “Security Guidelines for Production Deployment” by disabling exposure to untrusted networks. | 2025-05-22 | 8.8 | CVE-2024-6914 |
| ABB–ASPECT-Enterprise | Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 8 | CVE-2024-9639 |
| Cisco–Cisco Identity Services Engine Software | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload. | 2025-05-21 | 8.6 | CVE-2025-20152 |
| bslthemes–Tastyc | Path Traversal: ‘…/…//’ vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. | 2025-05-19 | 8.1 | CVE-2025-27010 |
| ABB–ASPECT-Enterprise | Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 8 | CVE-2025-30172 |
| Canon Inc.–imageRUNNER ADVANCE Series | A passback vulnerability which relates to production printers and office multifunction printers. | 2025-05-19 | 8.7 | CVE-2025-3078 |
| Canon Inc.–imageRUNNER Series | A passback vulnerability which relates to office/small office multifunction printers and laser printers. | 2025-05-19 | 8.7 | CVE-2025-3079 |
| ApusTheme–Capie | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40. | 2025-05-23 | 8.1 | CVE-2025-31060 |
| gavias–Vizeon – Business Consulting | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Vizeon – Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon – Business Consulting: from n/a through 1.1.7. | 2025-05-23 | 8.1 | CVE-2025-31064 |
| SpyroPress–La Boom | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7. | 2025-05-23 | 8.1 | CVE-2025-31632 |
| gavias–Kiamo – Responsive Business Service WordPress Theme | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Kiamo – Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo – Responsive Business Service WordPress Theme: from n/a through 1.3.3. | 2025-05-23 | 8.1 | CVE-2025-31633 |
| gavias–Enzio – Responsive Business WordPress Theme | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Enzio – Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio – Responsive Business WordPress Theme: from n/a through 1.1.8. | 2025-05-23 | 8.1 | CVE-2025-31912 |
| ApusTheme–Ogami | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ApusTheme Ogami allows PHP Local File Inclusion. This issue affects Ogami: from n/a through 1.53. | 2025-05-23 | 8.1 | CVE-2025-31913 |
| designthemes–Crafts & Arts | Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object Injection. This issue affects Crafts & Arts: from n/a through 2.5. | 2025-05-23 | 8.8 | CVE-2025-31924 |
| designthemes–Pet World | Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection. This issue affects Pet World: from n/a through 2.8. | 2025-05-23 | 8.8 | CVE-2025-32284 |
| ApusTheme–Butcher | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ApusTheme Butcher allows PHP Local File Inclusion. This issue affects Butcher: from n/a through 2.40. | 2025-05-23 | 8.1 | CVE-2025-32286 |
| ApusTheme–Yozi | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ApusTheme Yozi allows PHP Local File Inclusion. This issue affects Yozi: from n/a through 2.0.52. | 2025-05-23 | 8.1 | CVE-2025-32289 |
| designthemes–Finance Consultant | Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant allows Object Injection. This issue affects Finance Consultant: from n/a through 2.8. | 2025-05-23 | 8.8 | CVE-2025-32293 |
| gavias–Oxpitan | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Oxpitan allows PHP Local File Inclusion. This issue affects Oxpitan: from n/a through 1.3.1. | 2025-05-23 | 8.1 | CVE-2025-32294 |
| gavias–Winnex | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Winnex allows PHP Local File Inclusion. This issue affects Winnex: from n/a through 1.3.2. | 2025-05-23 | 8.1 | CVE-2025-32302 |
| ThemeMove–Healsoul | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2. | 2025-05-23 | 8.1 | CVE-2025-32309 |
| roninwp–Revy | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1. | 2025-05-19 | 8.5 | CVE-2025-32924 |
| FantasticPlugins–SUMO Reward Points | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0. | 2025-05-19 | 8.3 | CVE-2025-32925 |
| ManageEngine–ADAudit Plus | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | 2025-05-23 | 8.3 | CVE-2025-36527 |
| appleple inc.–a-blog cms | Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request. | 2025-05-19 | 8.6 | CVE-2025-36560 |
| ManageEngine–ADAudit Plus | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | 2025-05-22 | 8.3 | CVE-2025-3836 |
| Rocket Apps–wProject | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | 2025-05-19 | 8.2 | CVE-2025-39350 |
| ThemeGoods–Grand Restaurant WordPress | Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | 2025-05-19 | 8.2 | CVE-2025-39352 |
| roninwp–FAT Services Booking | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in roninwp FAT Services Booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through 5.6. | 2025-05-19 | 8.5 | CVE-2025-39355 |
| mojoomla–Hospital Management System | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | 2025-05-19 | 8.5 | CVE-2025-39357 |
| Rocket Apps–wProject | Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | 2025-05-19 | 8.8 | CVE-2025-39366 |
| mojoomla–WPAMS | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 8.5 | CVE-2025-39403 |
| mojoomla–WPAMS | Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 8.8 | CVE-2025-39405 |
| Mikado-Themes–Foton | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2. | 2025-05-19 | 8.1 | CVE-2025-39458 |
| Mikado-Themes–Backpack Traveler | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion. This issue affects Backpack Traveler: from n/a through 2.7. | 2025-05-23 | 8.1 | CVE-2025-39490 |
| Mikado-Themes–Wilmr | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a. | 2025-05-23 | 8.1 | CVE-2025-39494 |
| NasaTheme–Nasa Core | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. | 2025-05-23 | 8.1 | CVE-2025-39506 |
| Chimpstudio–JobHunt Job Alerts | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6. | 2025-05-23 | 8.2 | CVE-2025-39536 |
| n/a–VMware vCenter Server | The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server. | 2025-05-20 | 8.8 | CVE-2025-41225 |
| n/a–VMware Cloud Foundation | VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services. | 2025-05-20 | 8.2 | CVE-2025-41229 |
| ManageEngine–ADAudit Plus | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | 2025-05-22 | 8.3 | CVE-2025-41403 |
| ManageEngine–ADAudit Plus | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | 2025-05-23 | 8.3 | CVE-2025-41407 |
| emagicone–eMagicOne Store Manager for WooCommerce | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | 2025-05-24 | 8.1 | CVE-2025-4336 |
| scripteo–Ads Pro Plugin | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects Ads Pro Plugin: from n/a through 4.88. | 2025-05-23 | 8.1 | CVE-2025-46444 |
| x000x–occupancyplan | Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows SQL Injection. This issue affects occupancyplan: from n/a through 1.0.3.0. | 2025-05-23 | 8.2 | CVE-2025-46458 |
| Yamna Khawaja–Mailing Group Listserv | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection. This issue affects Mailing Group Listserv: from n/a through 3.0.4. | 2025-05-23 | 8.5 | CVE-2025-46463 |
| SEUR OFICIAL–SEUR Oficial | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23. | 2025-05-23 | 8.1 | CVE-2025-46474 |
| Microsoft–Microsoft Edge (Chromium-based) Updater | Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | 2025-05-22 | 8.8 | CVE-2025-47181 |
| wpjobportal–WP Job Portal | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.3.1. | 2025-05-23 | 8.1 | CVE-2025-47438 |
| Xylus Themes–WP Smart Import | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion. This issue affects WP Smart Import: from n/a through 1.1.3. | 2025-05-23 | 8.1 | CVE-2025-47453 |
| mediaticus–Subaccounts for WooCommerce | Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects Subaccounts for WooCommerce: from n/a through 1.6.6. | 2025-05-23 | 8.8 | CVE-2025-47461 |
| Metagauss–ProfileGrid | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0. | 2025-05-23 | 8.5 | CVE-2025-47478 |
| add-ons.org–Drag and Drop File Upload for Elementor Forms | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.4.3. | 2025-05-23 | 8.6 | CVE-2025-47492 |
| tainacan–Tainacan | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in tainacan Tainacan allows Path Traversal. This issue affects Tainacan: from n/a through 0.21.14. | 2025-05-23 | 8.6 | CVE-2025-47512 |
| wpopal–Opal Woo Custom Product Variation | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0. | 2025-05-23 | 8.6 | CVE-2025-47535 |
| mojoomla–School Management | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0. | 2025-05-23 | 8.5 | CVE-2025-47575 |
| Bringthepixel–Bimber – Viral Magazine WordPress Theme | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Bringthepixel Bimber – Viral Magazine WordPress Theme.This issue affects Bimber – Viral Magazine WordPress Theme: from n/a through 9.2.5. | 2025-05-19 | 8.8 | CVE-2025-47576 |
| mojoomla–Hospital Management System | Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | 2025-05-23 | 8.8 | CVE-2025-47631 |
| Codexpert, Inc–WC Affiliate | Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC Affiliate: from n/a through 2.9.1. | 2025-05-23 | 8.8 | CVE-2025-47660 |
| miniOrange–WordPress Social Login and Register | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n/a through 7.6.10. | 2025-05-23 | 8.1 | CVE-2025-47670 |
| miniOrange–miniOrange Discord Integration | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a through 2.2.2. | 2025-05-23 | 8.1 | CVE-2025-47672 |
| smackcoders–Lead Form Data Collection to CRM | Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | 2025-05-23 | 8.8 | CVE-2025-47690 |
| TYPO3–ns backup extension | The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | 2025-05-21 | 8.6 | CVE-2025-48201 |
| TYPO3–sr feuser register extension | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. | 2025-05-21 | 8.6 | CVE-2025-48205 |
| TYPO3–reint downloadmanager extension | The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. | 2025-05-21 | 8.6 | CVE-2025-48207 |
| bunny.net–bunny.net | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bunny.net bunny.net allows Stored XSS. This issue affects bunny.net: from n/a through 2.3.0. | 2025-05-19 | 8.5 | CVE-2025-48236 |
| davidfcarr–RSVPMarker | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.5.6. | 2025-05-19 | 8.5 | CVE-2025-48278 |
| GoodLayers–Tourmaster | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8. | 2025-05-23 | 8.1 | CVE-2025-48292 |
| Tenda–FH451 | A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 8.8 | CVE-2025-5080 |
| Sony–SNC-M1 | A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they “have published the ‘Hardening Guide’ on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords”. | 2025-05-24 | 8.1 | CVE-2025-5124 |
| FLIR–AX8 | A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file usrwwwapplicationmodelssettingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 8.8 | CVE-2025-5126 |
| Siemens–SiPass integrated | A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. | 2025-05-23 | 7.5 | CVE-2022-31812 |
| ABB–ASPECT-Enterprise | SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 7.2 | CVE-2024-13928 |
| ABB–ASPECT-Enterprise | Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 7.2 | CVE-2024-13929 |
| ABB–ASPECT-Enterprise | Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 7.2 | CVE-2024-13931 |
| ABB–ASPECT-Enterprise | Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 7.3 | CVE-2024-13948 |
| ABB–ASPECT-Enterprise | One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 7.6 | CVE-2024-13951 |
| ABB–ASPECT-Enterprise | SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 7.6 | CVE-2024-13957 |
| ABB–ASPECT-Enterprise | Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 7.2 | CVE-2024-48850 |
| itech–iLabClient | itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database. | 2025-05-21 | 7.7 | CVE-2024-56429 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. | 2025-05-22 | 7.5 | CVE-2025-0993 |
| solidwp–Solid Mail SMTP email and logging made by SolidWP | The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-23 | 7.2 | CVE-2025-1123 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system. | 2025-05-21 | 7.1 | CVE-2025-20113 |
| mythemes–my white | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8. | 2025-05-19 | 7.1 | CVE-2025-22678 |
| Asmedia–Tuaug4 | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4. | 2025-05-19 | 7.1 | CVE-2025-22687 |
| Forcepoint–FIE Endpoint | Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05. | 2025-05-22 | 7 | CVE-2025-2272 |
| fyrewurks–polka dots | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2. | 2025-05-19 | 7.1 | CVE-2025-22789 |
| asmedia–moseter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1. | 2025-05-19 | 7.1 | CVE-2025-22790 |
| twh–offset writing | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in twh offset writing allows Reflected XSS.This issue affects offset writing: from n/a through 1.2. | 2025-05-19 | 7.1 | CVE-2025-22791 |
| jinwen–Js O3 Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2. | 2025-05-19 | 7.1 | CVE-2025-22792 |
| duwasai–Flashy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1. | 2025-05-19 | 7.1 | CVE-2025-23979 |
| Takimi Themes–CarZine | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6. | 2025-05-19 | 7.1 | CVE-2025-23981 |
| Tijaji–Tijaji | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43. | 2025-05-19 | 7.1 | CVE-2025-23983 |
| fyrewurks–Tiki Time | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3. | 2025-05-19 | 7.1 | CVE-2025-23986 |
| Bruno Cavalcante–Ghostwriter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4. | 2025-05-19 | 7.1 | CVE-2025-23988 |
| Tenable–Network Monitor | When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | 2025-05-23 | 7 | CVE-2025-24916 |
| Tenable–Network Monitor | In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. | 2025-05-23 | 7.8 | CVE-2025-24917 |
| OpenCTI-Platform–opencti | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue. | 2025-05-19 | 7.6 | CVE-2025-26621 |
| Candid themes–Grip | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9. | 2025-05-19 | 7.5 | CVE-2025-26735 |
| validas–Wireless Butler | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11. | 2025-05-19 | 7.1 | CVE-2025-26997 |
| PowerDNS–DNSdist | In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention. | 2025-05-20 | 7.5 | CVE-2025-30193 |
| jocoxdesign–Tiger | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0. | 2025-05-19 | 7.1 | CVE-2025-31027 |
| quantumcloud–KBx Pro Ultimate | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8. | 2025-05-23 | 7.7 | CVE-2025-31053 |
| SaurabhSharma–WP Post Modules for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0. | 2025-05-23 | 7.1 | CVE-2025-31636 |
| ApusTheme–Butcher | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ApusTheme Butcher allows Reflected XSS. This issue affects Butcher: from n/a through 2.40. | 2025-05-23 | 7.1 | CVE-2025-32285 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient’s encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue. | 2025-05-23 | 7.6 | CVE-2025-32794 |
| IBM–Aspera Faspex | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data. | 2025-05-22 | 7.1 | CVE-2025-33136 |
| IBM–Aspera Faspex | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | 2025-05-22 | 7.1 | CVE-2025-33137 |
| PluginEver–Product Category Slider for WooCommerce | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in PluginEver Product Category Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: from n/a through 4.3.4. | 2025-05-19 | 7.5 | CVE-2025-39364 |
| Rocket Apps–wProject | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0. | 2025-05-19 | 7.1 | CVE-2025-39365 |
| Tridium–Niagara Framework | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 7.7 | CVE-2025-3937 |
| Cnilsson–iCafe Library | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3. | 2025-05-19 | 7.6 | CVE-2025-39370 |
| elbisnero–WordPress Events Calendar Registration & Tickets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0. | 2025-05-19 | 7.1 | CVE-2025-39372 |
| aseem1234–Best Posts Summary | Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through 1.0. | 2025-05-19 | 7.1 | CVE-2025-39374 |
| mojoomla–WPAMS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 2025-05-19 | 7.1 | CVE-2025-39392 |
| mojoomla–Hospital Management System | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue affects Hospital Management System: from n/a through 47.0 (20-11-2023). | 2025-05-19 | 7.1 | CVE-2025-39393 |
| Crocoblock–JetReviews | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6. | 2025-05-19 | 7.5 | CVE-2025-39396 |
| Caseproof, LLC–Memberpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a through 1.11.37. | 2025-05-19 | 7.1 | CVE-2025-39407 |
| pressaholic–WordPress Video Robot – The Ultimate Video Importer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pressaholic WordPress Video Robot – The Ultimate Video Importer.This issue affects WordPress Video Robot – The Ultimate Video Importer: from n/a through 1.20.0. | 2025-05-19 | 7.1 | CVE-2025-39409 |
| Indie_Plugins–WhatsApp Click to Chat Plugin for WordPress | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through 2.2.12. | 2025-05-19 | 7.5 | CVE-2025-39411 |
| Tridium–Niagara Framework | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 7.2 | CVE-2025-3944 |
| Pluggabl LLC–Booster Plus for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4. | 2025-05-19 | 7.1 | CVE-2025-39446 |
| Crocoblock–JetElements For Elementor | Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | 2025-05-19 | 7.5 | CVE-2025-39447 |
| Crocoblock–JetWooBuilder | Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18. | 2025-05-19 | 7.5 | CVE-2025-39449 |
| Tridium–Niagara Framework | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 7.2 | CVE-2025-3945 |
| Crocoblock–JetBlocks For Elementor | Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16. | 2025-05-19 | 7.5 | CVE-2025-39451 |
| Contempo Themes–Real Estate 7 | Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2. | 2025-05-19 | 7.3 | CVE-2025-39459 |
| GoodLayers–Goodlayers Hostel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS. This issue affects Goodlayers Hostel: from n/a through 3.1.2. | 2025-05-23 | 7.1 | CVE-2025-39502 |
| GoodLayers–Goodlayers Hotel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4. | 2025-05-23 | 7.1 | CVE-2025-39505 |
| ISC–BIND 9 | When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7. | 2025-05-21 | 7.5 | CVE-2025-40775 |
| Grafana–Grafana | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive. | 2025-05-22 | 7.6 | CVE-2025-4123 |
| n/a–VMware Cloud Foundation | VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information. | 2025-05-20 | 7.5 | CVE-2025-41230 |
| n/a–VMware Cloud Foundation | VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | 2025-05-20 | 7.3 | CVE-2025-41231 |
| MSP360–Backup | An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15). | 2025-05-22 | 7.8 | CVE-2025-43596 |
| andreyk–Remote Images Grabber | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through 0.6. | 2025-05-19 | 7.1 | CVE-2025-43832 |
| Amir Helzer–Absolute Links | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1. | 2025-05-19 | 7.6 | CVE-2025-43833 |
| confuzzledduck–Syndicate Out | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in confuzzledduck Syndicate Out allows Reflected XSS.This issue affects Syndicate Out: from n/a through 0.9. | 2025-05-19 | 7.1 | CVE-2025-43836 |
| binti76–Total Donations | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in binti76 Total Donations allows Reflected XSS.This issue affects Total Donations: from n/a through 3.0.8. | 2025-05-19 | 7.1 | CVE-2025-43837 |
| shanebp–BP Messages Tool | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in shanebp BP Messages Tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through 2.2. | 2025-05-19 | 7.1 | CVE-2025-43839 |
| Ref–CheckBot | Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05. | 2025-05-19 | 7.1 | CVE-2025-43840 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue. | 2025-05-23 | 7.6 | CVE-2025-43860 |
| TeamT5–ThreatSonar Anti-Ransomware | The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. | 2025-05-19 | 7.2 | CVE-2025-4477 |
| tayoricom–Tayori Form | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tayoricom Tayori Form allows Reflected XSS. This issue affects Tayori Form: from n/a through 1.2.9. | 2025-05-23 | 7.1 | CVE-2025-46437 |
| Mark–kStats Reloaded | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4. | 2025-05-23 | 7.1 | CVE-2025-46440 |
| ivanrojas–Libro de Reclamaciones | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1. | 2025-05-23 | 7.1 | CVE-2025-46446 |
| reifsnyderb–Document Management System | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24. | 2025-05-23 | 7.1 | CVE-2025-46448 |
| svil4ok–Meta Keywords & Description | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in svil4ok Meta Keywords & Description allows PHP Local File Inclusion. This issue affects Meta Keywords & Description: from n/a through 0.8. | 2025-05-23 | 7.5 | CVE-2025-46454 |
| Jason–Theme Blvd Sliders | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5. | 2025-05-23 | 7.1 | CVE-2025-46456 |
| sftranna–EC Authorize.net | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3. | 2025-05-23 | 7.1 | CVE-2025-46487 |
| dastan800–Visual Builder | Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2. | 2025-05-23 | 7.1 | CVE-2025-46488 |
| M A Vinoth Kumar–Category Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a through 2.0.2. | 2025-05-23 | 7.1 | CVE-2025-46515 |
| janekniefeldt–My Custom Widgets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5. | 2025-05-23 | 7.1 | CVE-2025-46526 |
| ctltwp–Section Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1. | 2025-05-23 | 7.1 | CVE-2025-46537 |
| sandboxie-plus–Sandboxie | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue. | 2025-05-22 | 7.8 | CVE-2025-46713 |
| sandboxie-plus–Sandboxie | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue. | 2025-05-22 | 7.8 | CVE-2025-46714 |
| sandboxie-plus–Sandboxie | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue. | 2025-05-22 | 7.8 | CVE-2025-46715 |
| B2itech–B2i Investor Tools | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9. | 2025-05-23 | 7.1 | CVE-2025-47458 |
| WPFunnels–Mail Mint | Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7. | 2025-05-23 | 7.5 | CVE-2025-47541 |
| RomanCode–MapSVG | Missing Authorization vulnerability in RomanCode MapSVG allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MapSVG: from n/a through 8.5.31. | 2025-05-23 | 7.5 | CVE-2025-47558 |
| Belingo–belingoGeo | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0. | 2025-05-23 | 7.5 | CVE-2025-47603 |
| Khaled–User Meta | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Khaled User Meta allows Reflected XSS. This issue affects User Meta: from n/a through 3.1.2. | 2025-05-23 | 7.1 | CVE-2025-47611 |
| mojoomla–School Management | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0. | 2025-05-23 | 7.1 | CVE-2025-47613 |
| Mortgage Calculator–BMI Adult & Kid Calculator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Reflected XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2. | 2025-05-23 | 7.1 | CVE-2025-47618 |
| LETSCMS MLM Software–Binary MLM Plan | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0. | 2025-05-23 | 7.6 | CVE-2025-47671 |
| tychesoftwares–Arconix Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16. | 2025-05-23 | 7.1 | CVE-2025-47673 |
| FunnelCockpit–FunnelCockpit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2. | 2025-05-23 | 7.1 | CVE-2025-47678 |
| Michel – xiligroup dev–xili-tidy-tags | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06. | 2025-05-23 | 7.1 | CVE-2025-47680 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47749 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47750 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47751 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47752 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47753 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47754 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47755 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47756 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47757 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47758 |
| FUJI ELECTRIC CO., LTD.–S-SFT | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47759 |
| FUJI ELECTRIC CO., LTD.–V-SFT | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. | 2025-05-19 | 7.8 | CVE-2025-47760 |
| asterisk–asterisk | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. | 2025-05-22 | 7.7 | CVE-2025-47779 |
| expressjs–multer | Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. | 2025-05-19 | 7.5 | CVE-2025-47935 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | 2025-05-20 | 7.2 | CVE-2025-47940 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem. | 2025-05-20 | 7.2 | CVE-2025-47941 |
| expressjs–multer | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. | 2025-05-19 | 7.5 | CVE-2025-47944 |
| owasp-modsecurity–ModSecurity | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload’s content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available. | 2025-05-21 | 7.5 | CVE-2025-47947 |
| Schweitzer Engineering Laboratories–SEL-5056 Software-Defined Network Flow Controller | Password guessing limits could be bypassed when using LDAP authentication. | 2025-05-20 | 7.5 | CVE-2025-48014 |
| Schweitzer Engineering Laboratories–SEL-5030 acSELerator QuickSet Software | An authenticated user can modify application state data. | 2025-05-20 | 7.5 | CVE-2025-48018 |
| steinrein–Glossary by WPPedia Best Glossary plugin for WordPress | The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the ‘posttypes’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-05-21 | 7.2 | CVE-2025-4803 |
| affmngr–Affiliates Manager Google reCAPTCHA Integration | Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through 1.0.6. | 2025-05-19 | 7.1 | CVE-2025-48233 |
| awcode–AWcode Toolkit | Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through 1.0.18. | 2025-05-19 | 7.1 | CVE-2025-48238 |
| Soft8Soft LLC–Verge3D | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3. | 2025-05-23 | 7.1 | CVE-2025-48241 |
| fullworks–Quick Contact Form | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1. | 2025-05-23 | 7.1 | CVE-2025-48245 |
| wpjobportal–WP Job Portal | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2. | 2025-05-23 | 7.5 | CVE-2025-48273 |
| Ruben Garcia–AutomatorWP | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3. | 2025-05-19 | 7.6 | CVE-2025-48280 |
| catkin–ReDi Restaurant Reservation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209. | 2025-05-23 | 7.1 | CVE-2025-48286 |
| JetBrains–YouTrack | In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API | 2025-05-20 | 7.7 | CVE-2025-48391 |
| PHPGurukul–Notice Board System | A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4906 |
| PHPGurukul–Daily Expense Tracker System | A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4907 |
| PHPGurukul–Daily Expense Tracker System | A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4908 |
| SourceCodester–Client Database Management System | A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4909 |
| PHPGurukul–Zoo Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/edit-animal-details.php. The manipulation of the argument aname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-19 | 7.3 | CVE-2025-4910 |
| PHPGurukul–Zoo Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4911 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4913 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4914 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4915 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-19 | 7.3 | CVE-2025-4916 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument drivername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-19 | 7.3 | CVE-2025-4917 |
| SourceCodester–Client Database Management System | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4923 |
| SourceCodester–Client Database Management System | A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4924 |
| PHPGurukul–Daily Expense Tracker System | A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4925 |
| PHPGurukul–Online Marriage Registration System | A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4927 |
| projectworlds–Online Lawyer Management System | A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | 2025-05-19 | 7.3 | CVE-2025-4928 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4929 |
| Campcodes–Online Shopping Portal | A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4930 |
| projectworlds–Online Lawyer Management System | A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4931 |
| projectworlds–Online Lawyer Management System | A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4932 |
| PHPGurukul–User Registration & Login and User Management System | A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4934 |
| SourceCodester–Stock Management System | A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4935 |
| projectworlds–Online Food Ordering System | A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4936 |
| SourceCodester–Apartment Visitor Management System | A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-19 | 7.3 | CVE-2025-4937 |
| 1000 Projects–Daily College Class Work Report Book | A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4940 |
| PHPGurukul–Credit Card Application Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 7.3 | CVE-2025-4941 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. | 2025-05-19 | 7.5 | CVE-2025-4948 |
| SourceCodester–Client Database Management System | A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 7.3 | CVE-2025-5002 |
| projectworlds–Online Time Table Generator | A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 7.3 | CVE-2025-5003 |
| projectworlds–Online Time Table Generator | A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 7.3 | CVE-2025-5004 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 7.3 | CVE-2025-5006 |
| projectworlds–Online Time Table Generator | A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-20 | 7.3 | CVE-2025-5008 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. | 2025-05-22 | 7.4 | CVE-2025-5024 |
| Campcodes–Online Shopping Portal | A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5032 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5049 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown processing of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5050 |
| FreeFloat–FTP Server | A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5051 |
| FreeFloat–FTP Server | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5052 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5053 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 7.3 | CVE-2025-5056 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-21 | 7.3 | CVE-2025-5057 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5073 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5074 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component DEBUG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5075 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5076 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5077 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5078 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-22 | 7.3 | CVE-2025-5079 |
| Campcodes–Cybercafe Management System | A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-22 | 7.3 | CVE-2025-5081 |
| TOZED–ZLT W51 | A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-23 | 7.3 | CVE-2025-5105 |
| Fujian–Kelixun | A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/fax_view.php of the component Filename Handler. The manipulation of the argument fax_file leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-23 | 7.3 | CVE-2025-5106 |
| FreeFloat–FTP Server | A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-23 | 7.3 | CVE-2025-5109 |
| FreeFloat–FTP Server | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-23 | 7.3 | CVE-2025-5110 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-23 | 7.3 | CVE-2025-5111 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-23 | 7.3 | CVE-2025-5112 |
| Emlog–Pro | A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. | 2025-05-23 | 7.3 | CVE-2025-5119 |
| ScriptAndTools–Real-Estate-website-in-PHP | A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 7.3 | CVE-2025-5128 |
| Sangfor– aTrust | A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 7 | CVE-2025-5129 |
| n/a–Qualitor | A vulnerability was found in Qualitor 8.20. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php. The manipulation of the argument nmconexao leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-25 | 7.3 | CVE-2025-5139 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Siemens–SiPass integrated AC5102 (ACC-G2) | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware “on the fly”. | 2025-05-23 | 6.2 | CVE-2022-31807 |
| IBM–Security ReaQta EDR | IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | 2025-05-20 | 6.5 | CVE-2023-33861 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions. | 2025-05-22 | 6.8 | CVE-2024-12093 |
| wecantrack–Affiliate Sales in Google Analytics and other tools | The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the ‘afflink’ parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | 2025-05-21 | 6.1 | CVE-2024-12561 |
| softaculous–Page Builder: Pagelayer Drag and Drop website builder | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 1.9.9 and completely fixed in version 2.0.1. | 2025-05-24 | 6.4 | CVE-2024-13427 |
| ABB–ASPECT-Enterprise | Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-23 | 6 | CVE-2024-13945 |
| ABB–ASPECT-Enterprise | DLL’s are not digitally signed when loaded in ASPECT’s configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.8 | CVE-2024-13946 |
| ABB–ASPECT-Enterprise | Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6 | CVE-2024-13947 |
| ABB–ASPECT-Enterprise | Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.8 | CVE-2024-13949 |
| ABB–ASPECT-Enterprise | Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.8 | CVE-2024-13950 |
| ABB–ASPECT-Enterprise | Serialized configuration information may be disclosed during device commissioning while using ASPECT’s configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.5 | CVE-2024-13954 |
| ABB–ASPECT-Enterprise | SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.7 | CVE-2024-13956 |
| IBM–Security ReaQta EDR | IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | 2025-05-20 | 6.5 | CVE-2024-45641 |
| ABB–ASPECT-Enterprise | Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.5 | CVE-2024-48848 |
| ABB–ASPECT-Enterprise | Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6 | CVE-2024-51552 |
| ABB–ASPECT-Enterprise | Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 6.5 | CVE-2024-51553 |
| aknieriem–Simplelightbox | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-20 | 6.4 | CVE-2024-5878 |
| WSO2–WSO2 API Manager | A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking. | 2025-05-22 | 6.1 | CVE-2024-5962 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. | 2025-05-23 | 6.5 | CVE-2024-7803 |
| MapSVG–MapSVG | The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-05-22 | 6.4 | CVE-2024-9544 |
| Cisco–Cisco Unified Contact Center Enterprise | A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device. | 2025-05-21 | 6.5 | CVE-2025-20242 |
| Cisco–Cisco Webex Meetings | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | 2025-05-21 | 6.1 | CVE-2025-20246 |
| Cisco–Cisco Webex Meetings | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | 2025-05-21 | 6.1 | CVE-2025-20247 |
| Cisco–Cisco Webex Meetings | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | 2025-05-21 | 6.1 | CVE-2025-20250 |
| Cisco–Cisco Secure Network Analytics | A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | 2025-05-21 | 6.5 | CVE-2025-20256 |
| Cisco–Cisco Secure Network Analytics | A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device. | 2025-05-21 | 6.5 | CVE-2025-20257 |
| UBtech–Freepass | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) | 2025-05-22 | 6.1 | CVE-2025-23183 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | 2025-05-22 | 6.5 | CVE-2025-2853 |
| smub–All in One SEO Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-19 | 6.4 | CVE-2025-2892 |
| ABB–ASPECT-Enterprise | File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 6.7 | CVE-2025-30169 |
| ABB–ASPECT-Enterprise | File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 6.7 | CVE-2025-30173 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | 2025-05-22 | 6.5 | CVE-2025-3111 |
| TemplateInvaders–TI WooCommerce Wishlist | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2. | 2025-05-19 | 6.5 | CVE-2025-32920 |
| ManageEngine–ServiceDesk Plus MSP | Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. | 2025-05-22 | 6.5 | CVE-2025-3444 |
| johnzenausa–Network Posts Extended | The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-3750 |
| creativefreedomau–Raisely Donation Form | The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s raisely_donation_form shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-3781 |
| 4stats–4stats | The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-05-24 | 6.1 | CVE-2025-3869 |
| Tridium–Niagara Framework | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 6.5 | CVE-2025-3936 |
| Sihibbs–Posts for Page | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1. | 2025-05-19 | 6.5 | CVE-2025-39369 |
| Tridium–Niagara Framework | Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 6.8 | CVE-2025-3938 |
| Crocoblock–JetElements For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | 2025-05-19 | 6.5 | CVE-2025-39448 |
| Crocoblock–JetTabs | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.7. | 2025-05-19 | 6.5 | CVE-2025-39450 |
| n/a–VMware ESXi | VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. | 2025-05-20 | 6.8 | CVE-2025-41226 |
| measuremarketing–WP YouTube Video Optimizer | The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ib_youtube’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-4217 |
| darkyudex–DPEPress | The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dpe’ shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-4219 |
| baswaniyash–Animated Buttons | The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘auto-downloader’ shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-4221 |
| Lantronix–Device Installer | Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application. | 2025-05-22 | 6.8 | CVE-2025-4338 |
| ChoPlugins–Custom PC Builder Lite for WooCommerce | Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1. | 2025-05-19 | 6.5 | CVE-2025-43838 |
| jamesdbruner–WP Vegas | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2. | 2025-05-19 | 6.5 | CVE-2025-43841 |
| tournamatch–Tournamatch | The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘trn-ladder-registration-button’ shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-23 | 6.4 | CVE-2025-4594 |
| rilwis–Slim SEO Fast & Automated WordPress SEO Plugin | The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-21 | 6.4 | CVE-2025-4611 |
| Zack Katz–Mad Mimi for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1. | 2025-05-19 | 6.5 | CVE-2025-46262 |
| Lloyd Saunders–Author Box After Posts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lloyd Saunders Author Box After Posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through 1.6. | 2025-05-19 | 6.5 | CVE-2025-46263 |
| wordwebsoftware–Crossword Compiler Puzzles | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3. | 2025-05-23 | 6.5 | CVE-2025-46493 |
| phpaddicted–IGIT Related Posts With Thumb Image After Posts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3. | 2025-05-23 | 6.5 | CVE-2025-46518 |
| LikeCoin–Web3Press | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0. | 2025-05-23 | 6.5 | CVE-2025-46527 |
| Charly Leetham–Enhanced Paypal Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a. | 2025-05-19 | 6.5 | CVE-2025-46543 |
| ABUP–ABUP IoT Cloud Platform | Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. | 2025-05-22 | 6.8 | CVE-2025-4692 |
| UX Design Experts–Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin | Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | 2025-05-23 | 6.5 | CVE-2025-47529 |
| 6Storage–6Storage Rentals | Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4. | 2025-05-23 | 6.5 | CVE-2025-47619 |
| symfony–ux | Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute values directly without escaping. If these values are unsafe (e.g. contain user input), this can lead to HTML attribute injection and XSS vulnerabilities. The issue is fixed in version `2.25.1` of `symfony/ux-twig-component` Those who use `symfony/ux-live-component` must also update it to `2.25.1` to benefit from the fix, as it reuses the `ComponentAttributes` class internally. As a workaround, avoid rendering `{{ attributes }}` or derived objects directly if it may contain untrusted values. Instead, use `{{ attributes.render(‘name’) }}` for safe output of individual attributes. | 2025-05-19 | 6.1 | CVE-2025-47946 |
| wireapp–wire-webapp | wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary clients (marking the device as a public computer on login) and regular clients instructing the deletion of all personal information and conversations upon logout. Access to the machine is required to access the data. If encryption-at-rest is used, cryptographic material can’t be exported. The underlying issue has been fixed with wire-webapp version 2025-05-14-production.0. In order to mitigate potential impact, the database must be manually deleted on devices where the option “This is a public computer” was used prior to log in or a log out with the request to delete local data with the affected versions has happened before. | 2025-05-22 | 6 | CVE-2025-48066 |
| Shopify–ejson2env | ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters. | 2025-05-21 | 6.6 | CVE-2025-48069 |
| TYPO3–cs seo extension | The cs_seo extension through 9.2.0 for TYPO3 allows XSS. | 2025-05-21 | 6.4 | CVE-2025-48203 |
| TYPO3–ns backup extension | The ns_backup extension through 13.0.0 for TYPO3 allows command injection. | 2025-05-21 | 6.8 | CVE-2025-48204 |
| Xpro–Xpro Addons For Beaver Builder – Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xpro Xpro Addons For Beaver Builder – Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through 1.5.5. | 2025-05-19 | 6.5 | CVE-2025-48232 |
| Ultimate Blocks–Ultimate Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.3.0. | 2025-05-19 | 6.5 | CVE-2025-48234 |
| Bogdan Bendziukov–WP Image Mask | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS. This issue affects WP Image Mask: from n/a through 3.1.2. | 2025-05-19 | 6.5 | CVE-2025-48235 |
| WPFactory–Wishlist for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 3.2.2. | 2025-05-19 | 6.5 | CVE-2025-48237 |
| WPFactory–Product Notes Tab & Private Admin Notes for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce allows Stored XSS. This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/a through 3.1.0. | 2025-05-19 | 6.5 | CVE-2025-48239 |
| WPFactory–Cost of Goods for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Cost of Goods for WooCommerce allows Stored XSS. This issue affects Cost of Goods for WooCommerce: from n/a through 3.7.0. | 2025-05-19 | 6.5 | CVE-2025-48240 |
| wpWax–Legal Pages | Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5. | 2025-05-19 | 6.5 | CVE-2025-48242 |
| WPFactory–Sitewide Discount for WooCommerce: Apply Discount to All Products | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products allows Stored XSS. This issue affects Sitewide Discount for WooCommerce: Apply Discount to All Products: from n/a through 2.2.1. | 2025-05-19 | 6.5 | CVE-2025-48248 |
| WPFactory–EAN for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6. | 2025-05-19 | 6.5 | CVE-2025-48249 |
| WPFactory–Coupons & Add to Cart by URL Links for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce allows Stored XSS. This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from n/a through 1.7.7. | 2025-05-19 | 6.5 | CVE-2025-48250 |
| WPFactory–Additional Custom Emails & Recipients for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce allows Stored XSS. This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a through 3.5.1. | 2025-05-19 | 6.5 | CVE-2025-48251 |
| WPFactory–Back Button Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8. | 2025-05-19 | 6.5 | CVE-2025-48252 |
| WPFactory–Free Shipping Bar: Amount Left for Free Shipping for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce allows Stored XSS. This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through 2.4.6. | 2025-05-19 | 6.5 | CVE-2025-48253 |
| WPFactory–Change Add to Cart Button Text for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Change Add to Cart Button Text for WooCommerce allows Stored XSS. This issue affects Change Add to Cart Button Text for WooCommerce: from n/a through 2.2.2. | 2025-05-19 | 6.5 | CVE-2025-48254 |
| Xylus Themes–Import Social Events | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5. | 2025-05-19 | 6.5 | CVE-2025-48256 |
| Projectopia–Projectopia | Missing Authorization vulnerability in Projectopia Projectopia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projectopia: from n/a through 5.1.17. | 2025-05-19 | 6.5 | CVE-2025-48257 |
| jetmonsters–Mega Menu Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jetmonsters Mega Menu Block allows Stored XSS. This issue affects Mega Menu Block: from n/a through 1.0.6. | 2025-05-19 | 6.5 | CVE-2025-48258 |
| MultiVendorX–MultiVendorX | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22. | 2025-05-19 | 6.5 | CVE-2025-48263 |
| RealMag777–Active Products Tables for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored XSS. This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.8. | 2025-05-19 | 6.5 | CVE-2025-48266 |
| Greg Winiarski–WPAdverts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.3. | 2025-05-19 | 6.5 | CVE-2025-48269 |
| sonalsinha21–SKT Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sonalsinha21 SKT Blocks allows DOM-Based XSS. This issue affects SKT Blocks: from n/a through 2.2. | 2025-05-19 | 6.5 | CVE-2025-48270 |
| Leadinfo–Leadinfo | Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1. | 2025-05-23 | 6.5 | CVE-2025-48271 |
| dastan800–Visual Header | Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3. | 2025-05-23 | 6.5 | CVE-2025-48275 |
| Visual Composer–Visual Composer Website Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0. | 2025-05-19 | 6.5 | CVE-2025-48276 |
| Element Invader–ElementInvader Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Element Invader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.5. | 2025-05-19 | 6.5 | CVE-2025-48288 |
| CyberDAVA–CyberDAVA | An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved). | 2025-05-23 | 6.4 | CVE-2025-48695 |
| ConnectWise–Risk Assessment | ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning. | 2025-05-19 | 6 | CVE-2025-4876 |
| ponaravindb–Hospital-Management-System | A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 6.3 | CVE-2025-4933 |
| PHPGurukul–Employee Record Management System | A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registererms.php. The manipulation of the argument Email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 6.3 | CVE-2025-4938 |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). | 2025-05-21 | 6.5 | CVE-2025-4969 |
| H3C–R2+ProG | A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit_BasicSSID/Edit_GuestSSIDFor2P4G/Edit_BasicSSID_5G/SetAPInfoById of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-20 | 6.5 | CVE-2025-4997 |
| H3C–Magic R200G | A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-20 | 6.5 | CVE-2025-4998 |
| Linksys–FGW3000-AH | A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-20 | 6.3 | CVE-2025-4999 |
| Linksys–FGW3000-AH | A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-20 | 6.3 | CVE-2025-5000 |
| automattic–WooCommerce | The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the ‘customize-store’ page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-05-22 | 6.1 | CVE-2025-5062 |
| tobiasbg–TablePress Tables in WordPress made easy | The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-caption’, ‘data-s-content-padding’, ‘data-s-title’, and ‘data-footer’ data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-23 | 6.4 | CVE-2025-5096 |
| Fujian–Kelixun | A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-23 | 6.3 | CVE-2025-5107 |
| zongzhige–ShopXO | A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-23 | 6.3 | CVE-2025-5108 |
| easysoft–zentaopms | A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-23 | 6.3 | CVE-2025-5114 |
| Seeyon–Zhiyuan OA Web Application System | A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file comourswwwehropenPlatform1open4ClientTypecontrollerThirdMenuController.class. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-25 | 6.3 | CVE-2025-5140 |
| Netcore–NBR1005GPEV2 | A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-25 | 6.3 | CVE-2025-5145 |
| Masteriyo–Masteriyo – LMS | Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo – LMS. Unauth access to course progress.This issue affects Masteriyo – LMS: from n/a through 1.7.3. | 2025-05-19 | 5.3 | CVE-2024-33939 |
| WSO2–WSO2 Identity Server | An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process. | 2025-05-22 | 5.8 | CVE-2024-7487 |
| Cisco–Cisco Emergency Responder | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor. | 2025-05-21 | 5.1 | CVE-2025-20112 |
| Cisco–Cisco Duo | A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users. | 2025-05-21 | 5.4 | CVE-2025-20258 |
| Eniture Technology–LTL Freight Quotes FreightQuote Edition | Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | 2025-05-19 | 5.4 | CVE-2025-22287 |
| EnterpriseDB–pglogical | When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5. To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol. | 2025-05-22 | 5.3 | CVE-2025-2506 |
| Themes4WP–Bulk | Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11. | 2025-05-19 | 5.3 | CVE-2025-26867 |
| PressMaximum–Customify | Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8. | 2025-05-19 | 5.4 | CVE-2025-26920 |
| ABB–ASPECT-Enterprise | Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 5.5 | CVE-2025-30170 |
| GE Vernova–WorkstationST | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier. | 2025-05-19 | 5.9 | CVE-2025-3223 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue. | 2025-05-23 | 5.4 | CVE-2025-32967 |
| appleple inc.–a-blog cms | Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | 2025-05-19 | 5.4 | CVE-2025-32999 |
| IBM–Aspera Faspex | IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. | 2025-05-22 | 5.4 | CVE-2025-33138 |
| Grafana–Grafana | An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: – Not part of any organization, or – Part of the same organization as the Organization administrator Impact: – Organization administrators can permanently delete Server administrator accounts – If the only Server administrator is deleted, the Grafana instance becomes unmanageable – No super-user permissions remain in the system – Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance. | 2025-05-23 | 5.5 | CVE-2025-3580 |
| ThemeGoods–Grand Restaurant WordPress | Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | 2025-05-19 | 5.3 | CVE-2025-39353 |
| ed4becky–Rootspersona | Missing Authorization vulnerability in ed4becky Rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through 3.7.5. | 2025-05-19 | 5.3 | CVE-2025-39368 |
| jegtheme–JNews | Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5. | 2025-05-19 | 5.3 | CVE-2025-39373 |
| Solid Plugins–AnalyticsWP | Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0. | 2025-05-19 | 5.3 | CVE-2025-39388 |
| Tridium–Niagara Framework | Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 5.3 | CVE-2025-3939 |
| Solid Plugins–AnalyticsWP | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. | 2025-05-19 | 5.3 | CVE-2025-39394 |
| Tridium–Niagara Framework | Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 5.3 | CVE-2025-3940 |
| Tridium–Niagara Framework | Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 5.4 | CVE-2025-3941 |
| ThimPress–Eduma | Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4. | 2025-05-19 | 5.3 | CVE-2025-39460 |
| splitit–Splitit | The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the ‘splitIt-flexfields-payment-gateway.php’ file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa. | 2025-05-21 | 5.4 | CVE-2025-4105 |
| n/a–VMware ESXi | VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. | 2025-05-20 | 5.5 | CVE-2025-41227 |
| tox82–cookieBAR | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR: from n/a through 1.7.0. | 2025-05-19 | 5.9 | CVE-2025-43834 |
| emagicone–eMagicOne Store Manager for WooCommerce | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | 2025-05-24 | 5.9 | CVE-2025-4602 |
| ctltwp–Section Widget | Path Traversal: ‘…/…//’ vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | 2025-05-19 | 5.3 | CVE-2025-46441 |
| sandboxie-plus–Sandboxie | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue. | 2025-05-22 | 5.5 | CVE-2025-46716 |
| Dimitri Grassi–Salon booking system | Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system <= 10.16 versions. | 2025-05-19 | 5.4 | CVE-2025-47583 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | 2025-05-20 | 5.4 | CVE-2025-47939 |
| openedx–edx-platform | The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. | 2025-05-21 | 5.3 | CVE-2025-47942 |
| cilium–hubble | Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor. | 2025-05-20 | 5.3 | CVE-2025-48056 |
| wireapp–wire-webapp | wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting “This is a public computer” during login or the user selects “Delete all your personal information and conversations on this device” upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client. | 2025-05-22 | 5.6 | CVE-2025-48061 |
| TYPO3–femanager extension | The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | 2025-05-21 | 5.3 | CVE-2025-48202 |
| Tim Strifler–Exclusive Addons Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9. | 2025-05-19 | 5.9 | CVE-2025-48244 |
| The Events Calendar–The Events Calendar | Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1. | 2025-05-19 | 5.4 | CVE-2025-48246 |
| wpjobportal–WP Job Portal | Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2. | 2025-05-19 | 5.3 | CVE-2025-48272 |
| Stylemix–Cost Calculator Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74. | 2025-05-19 | 5.9 | CVE-2025-48277 |
| Majestic Support–Majestic Support | Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0. | 2025-05-19 | 5.3 | CVE-2025-48282 |
| shohei.tanaka–Japanized For WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40. | 2025-05-19 | 5.4 | CVE-2025-48284 |
| 10Web–Form Maker by 10Web | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33. | 2025-05-19 | 5.9 | CVE-2025-48341 |
| RedefiningTheWeb–Dynamic Pricing & Discounts Lite for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through 2.0.3. | 2025-05-19 | 5.4 | CVE-2025-48342 |
| ed4becky–Rootspersona | Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5. | 2025-05-19 | 5.4 | CVE-2025-48344 |
| Etsy360–Embed and Integrate Etsy Shop | Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4. | 2025-05-19 | 5.3 | CVE-2025-48346 |
| openDCIM–openDCIM | openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. | 2025-05-23 | 5.4 | CVE-2025-48701 |
| D-Link–DI-7003GV2 | A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 5.3 | CVE-2025-4902 |
| D-Link–DI-7003GV2 | A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 5.3 | CVE-2025-4903 |
| D-Link–DI-7003GV2 | A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 5.3 | CVE-2025-4904 |
| iop-apl-uw–basestation3 | A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | 2025-05-19 | 5.3 | CVE-2025-4905 |
| SourceCodester–Student Result Management System | A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 5.4 | CVE-2025-4912 |
| Netgear–DGND3700 | A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | 2025-05-20 | 5.3 | CVE-2025-4977 |
| Netgear–DGND3700 | A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | 2025-05-20 | 5.3 | CVE-2025-4980 |
| Kingdee–Cloud Galaxy Private Cloud BBC System | A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | 2025-05-21 | 5.4 | CVE-2025-5029 |
| Ackites–KillWxapkg | A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 5 | CVE-2025-5030 |
| ABB–ASPECT-Enterprise | An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-05-22 | 4.9 | CVE-2024-13930 |
| ABB–ASPECT-Enterprise | Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 4.9 | CVE-2024-13953 |
| ABB–ASPECT-Enterprise | Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | 2025-05-22 | 4.8 | CVE-2024-13958 |
| jqlang–jq | jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. | 2025-05-21 | 4.3 | CVE-2024-23337 |
| WSO2–WSO2 Identity Server | A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking. | 2025-05-22 | 4.6 | CVE-2024-7103 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | 2025-05-22 | 4.6 | CVE-2025-0605 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | 2025-05-22 | 4.3 | CVE-2025-0679 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system. | 2025-05-21 | 4.3 | CVE-2025-20114 |
| Cisco–Cisco Webex Meetings | A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients. | 2025-05-21 | 4.3 | CVE-2025-20255 |
| Cisco–Cisco Identity Services Engine Software | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2025-05-21 | 4.8 | CVE-2025-20267 |
| UBtech–Freepass | CWE-203: Observable Discrepancy | 2025-05-22 | 4.3 | CVE-2025-23182 |
| ThemeGoods–Grand Restaurant WordPress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | 2025-05-19 | 4.3 | CVE-2025-39351 |
| Sanjeev Mohindra–Author Box Plugin With Different Description | Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5. | 2025-05-19 | 4.3 | CVE-2025-39371 |
| Ashok G–Easy Child Theme Creator | Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through 1.3.1. | 2025-05-19 | 4.3 | CVE-2025-39375 |
| QuanticaLabs–Car Park Booking System for WordPress | Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from n/a through 2.6. | 2025-05-19 | 4.3 | CVE-2025-39376 |
| Themovation–Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue | Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2. | 2025-05-19 | 4.3 | CVE-2025-39398 |
| Averta–Master Slider | Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8. | 2025-05-19 | 4.3 | CVE-2025-39412 |
| Tridium–Niagara Framework | Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 4.3 | CVE-2025-3942 |
| Tridium–Niagara Framework | Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | 2025-05-22 | 4.1 | CVE-2025-3943 |
| Jeroen Peters–Name Directory | Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0. | 2025-05-19 | 4.3 | CVE-2025-39454 |
| n/a–VMware vCenter Server | VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites. | 2025-05-20 | 4.3 | CVE-2025-41228 |
| appleple inc.–a-blog cms | a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user’s session. | 2025-05-19 | 4.8 | CVE-2025-41429 |
| softaculous–Page Builder: Pagelayer Drag and Drop website builder | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. A valid username/password pair needs to be supplied in order to be successfully exploited and any injected scripts will only execute in the context of that authenticated user. | 2025-05-24 | 4.7 | CVE-2025-4223 |
| ktsvetkov–wp-cyr-cho | Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1. | 2025-05-19 | 4.3 | CVE-2025-43835 |
| hotwptemplates–Hot Random Image | The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-22 | 4.9 | CVE-2025-4405 |
| hotwptemplates–Hot Random Image | The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the ‘path’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory. | 2025-05-22 | 4.3 | CVE-2025-4419 |
| totalprocessing–Nomupay Payment Processing Gateway | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7. | 2025-05-23 | 4.9 | CVE-2025-46486 |
| James Laforge–Infocob CRM Forms | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in James Laforge Infocob CRM Forms allows Path Traversal. This issue affects Infocob CRM Forms: from n/a through 2.4.0. | 2025-05-23 | 4.9 | CVE-2025-47513 |
| JetBrains–YouTrack | In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning | 2025-05-20 | 4.3 | CVE-2025-47850 |
| JetBrains–TeamCity | In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible | 2025-05-20 | 4.8 | CVE-2025-47851 |
| JetBrains–TeamCity | In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible | 2025-05-20 | 4.8 | CVE-2025-47852 |
| JetBrains–TeamCity | In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible | 2025-05-20 | 4.8 | CVE-2025-47853 |
| JetBrains–TeamCity | In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | 2025-05-20 | 4.3 | CVE-2025-47854 |
| Schweitzer Engineering Laboratories–SEL-5056 Software-Defined Network Flow Controller | OpenFlow discovery protocol can exhaust resources because it is not rate limited | 2025-05-20 | 4.3 | CVE-2025-48016 |
| Bill Minozzi–reCAPTCHA for all | Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.26. | 2025-05-19 | 4.3 | CVE-2025-48243 |
| Blair Williams–Shortlinks by Pretty Links | Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15. | 2025-05-19 | 4.3 | CVE-2025-48247 |
| videowhisper–Broadcast Live Video Live Streaming : WebRTC, HLS, RTSP, RTMP | Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a through 6.2.4. | 2025-05-19 | 4.3 | CVE-2025-48255 |
| Juan Carlos–WP Mapa Politico Espaa | Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0. | 2025-05-19 | 4.3 | CVE-2025-48259 |
| Ninja Team–GDPR CCPA Compliance Support | Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3. | 2025-05-19 | 4.3 | CVE-2025-48260 |
| Michael Revellin-Clerc–Url Rewrite Analyzer | Missing Authorization vulnerability in Michael Revellin-Clerc Url Rewrite Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Url Rewrite Analyzer: from n/a through 1.3.3. | 2025-05-19 | 4.3 | CVE-2025-48262 |
| artiosmedia–Product Code for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce allows Cross Site Request Forgery. This issue affects Product Code for WooCommerce: from n/a through 1.5.0. | 2025-05-19 | 4.3 | CVE-2025-48264 |
| Pektsekye–Year Make Model Search for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11. | 2025-05-19 | 4.3 | CVE-2025-48265 |
| Guru Team–Bot for Telegram on WooCommerce | Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bot for Telegram on WooCommerce: from n/a through 1.2.6. | 2025-05-19 | 4.3 | CVE-2025-48268 |
| sbouey–Falang multilanguage | Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61. | 2025-05-19 | 4.3 | CVE-2025-48285 |
| Artifex–Ghostscript | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | 2025-05-23 | 4 | CVE-2025-48708 |
| BOS–IP camera | A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via crafted input in the request body. | 2025-05-23 | 4.3 | CVE-2025-48735 |
| PHPGurukul–Car Rental Project | A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 4.7 | CVE-2025-4926 |
| PHPGurukul–Credit Card Application Management System | A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-19 | 4.3 | CVE-2025-4939 |
| Rapid7–AppSpider Pro | Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the “ScanName” field. Despite the application preventing the inclusion of special characters within the “ScanName” field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018 | 2025-05-20 | 4.6 | CVE-2025-4951 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | 2025-05-22 | 4.9 | CVE-2025-4979 |
| n/a–HkCms | A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 4.3 | CVE-2025-5013 |
| XiaoBingby–TeaCMS | A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 4.3 | CVE-2025-5033 |
| edgarrojas–Smart Forms when you need more than just a contact form | The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-05-24 | 4.4 | CVE-2025-5055 |
| Campcodes–Online Shopping Portal | A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 4.7 | CVE-2025-5059 |
| Tmall–Demo | A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 4.7 | CVE-2025-5130 |
| Tmall–Demo | A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 4.7 | CVE-2025-5131 |
| Tmall–Demo | A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 4.3 | CVE-2025-5132 |
| Tmall–Demo | A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 4.3 | CVE-2025-5133 |
| n/a–DedeCMS | A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-25 | 4.7 | CVE-2025-5137 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| GitLab–GitLab | A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | 2025-05-23 | 3.5 | CVE-2024-9163 |
| appleple inc.–a-blog cms | Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server. | 2025-05-19 | 3.8 | CVE-2025-27566 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target internal resources (e.g., localhost or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator-level backend user account is required to exploit this vulnerability. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem. | 2025-05-20 | 3.3 | CVE-2025-47936 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | 2025-05-20 | 3.7 | CVE-2025-47937 |
| TYPO3–typo3 | TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | 2025-05-20 | 3.8 | CVE-2025-47938 |
| Schweitzer Engineering Laboratories–SEL-5056 Software-Defined Network Flow Controller | Failed login response could be different depending on whether the username was local or central. | 2025-05-20 | 3.7 | CVE-2025-48015 |
| desktop–desktop | GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. This affects GitHub Desktop users on Windows that view malicious commits in the history view. macOS users are not affected. When viewing a file diff in the history view GitHub Desktop will call `git log` or `git diff` with the object id (SHA) of the commit, the name of the file, and the old name of the file if the file has been renamed. As a security precaution Git will attempt to fully resolve the old and new path via `realpath`, traversing symlinks, to ensure that the resolved paths reside within the repository working directory. This can lead to Git attempting to access a path that resides on a network share (UNC path) and in doing so Windows will attempt to perform NTLM authentication which passes information such as the computer name, the currently signed in (Windows) user name, and an NTLM hash. GitHub Desktop 3.4.20 and later fix this vulnerability. The beta channel includes the fix in 3.4.20-beta3. As a workaround to use until upgrading is possible, only browse commits in the history view that comes from trusted sources. | 2025-05-21 | 3.3 | CVE-2025-48064 |
| makeplane–plane | Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue. | 2025-05-21 | 3.5 | CVE-2025-48070 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue. | 2025-05-23 | 3.5 | CVE-2025-48376 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. | 2025-05-19 | 3.7 | CVE-2025-4945 |
| GNU–PSPP | A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 3.3 | CVE-2025-5001 |
| n/a–Part-DB | A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component. | 2025-05-20 | 3.5 | CVE-2025-5007 |
| Ackites–KillWxapkg | A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 3.1 | CVE-2025-5031 |
| FLIR–AX8 | A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 3.5 | CVE-2025-5127 |
| Tmall–Demo | A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 3.5 | CVE-2025-5134 |
| Tmall–Demo | A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 3.7 | CVE-2025-5136 |
| n/a–Bitwarden | A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-25 | 3.5 | CVE-2025-5138 |
| TagLib–TagLib | TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. | 2025-05-22 | 2.9 | CVE-2023-47466 |
| cJSON project–cJSON | parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {“1”:1, with no trailing newline if cJSON_ParseWithLength is called. | 2025-05-23 | 2.9 | CVE-2023-53154 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | 2025-05-22 | 2.7 | CVE-2025-1110 |
| tickbh–ProcessLock | The process_lock crate 0.1.0 for Rust allows data races in unlock. | 2025-05-24 | 2.9 | CVE-2025-48751 |
| Forestryks–process-sync-rs | In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. | 2025-05-24 | 2.9 | CVE-2025-48752 |
| obsidiandynamics–anode | In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. | 2025-05-24 | 2.9 | CVE-2025-48753 |
| FractalFir–memory_pages | In the memory_pages crate 0.1.0 for Rust, division by zero can occur. | 2025-05-24 | 2.9 | CVE-2025-48754 |
| blyssprivacy–sdk | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). | 2025-05-24 | 2.9 | CVE-2025-48755 |
| maboroshinokiseki–scsir | In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number. | 2025-05-24 | 2.9 | CVE-2025-48756 |
| Intelbras–RF 301K | A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. | 2025-05-20 | 2.4 | CVE-2025-4996 |
| moonlightL–hexo-boot | A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-20 | 2.4 | CVE-2025-5010 |
| moonlightL–hexo-boot | A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-21 | 2.4 | CVE-2025-5011 |
| Tmall–Demo | A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-05-24 | 2.4 | CVE-2025-5135 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| N/A–N/A | Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service. | 2025-05-23 | not yet calculated | CVE-2018-25110 |
| Clickhouse–DB | Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. | 2025-05-21 | not yet calculated | CVE-2019-16536 |
| Yandex–Browser Lite | Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. | 2025-05-21 | not yet calculated | CVE-2021-25254 |
| Yandex–Browser Lite | Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. | 2025-05-21 | not yet calculated | CVE-2021-25255 |
| Yandex–Browser | Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. | 2025-05-21 | not yet calculated | CVE-2021-25262 |
| MOBOTIX–P3 | On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code. | 2025-05-23 | not yet calculated | CVE-2023-34873 |
| n/a–n/a | An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. | 2025-05-22 | not yet calculated | CVE-2024-40458 |
| n/a–n/a | An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function | 2025-05-22 | not yet calculated | CVE-2024-40459 |
| n/a–n/a | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE | 2025-05-22 | not yet calculated | CVE-2024-40460 |
| n/a–n/a | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component | 2025-05-22 | not yet calculated | CVE-2024-40461 |
| n/a–n/a | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component | 2025-05-22 | not yet calculated | CVE-2024-40462 |
| n/a–n/a | An issue in Ocuco Innovation – INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | 2025-05-22 | not yet calculated | CVE-2024-41195 |
| n/a–n/a | An issue in Ocuco Innovation – REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | 2025-05-22 | not yet calculated | CVE-2024-41196 |
| n/a–n/a | An issue in Ocuco Innovation – INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | 2025-05-22 | not yet calculated | CVE-2024-41197 |
| n/a–n/a | An issue in Ocuco Innovation – REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | 2025-05-22 | not yet calculated | CVE-2024-41198 |
| n/a–n/a | An issue in Ocuco Innovation – JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | 2025-05-22 | not yet calculated | CVE-2024-41199 |
| n/a–n/a | AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. | 2025-05-21 | not yet calculated | CVE-2024-42922 |
| n/a–n/a | PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. | 2025-05-23 | not yet calculated | CVE-2024-48702 |
| n/a–n/a | Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. | 2025-05-23 | not yet calculated | CVE-2024-48704 |
| n/a–n/a | A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload into the searchdata parameter. | 2025-05-23 | not yet calculated | CVE-2024-51099 |
| n/a–n/a | PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. | 2025-05-23 | not yet calculated | CVE-2024-51101 |
| n/a–n/a | PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters. | 2025-05-23 | not yet calculated | CVE-2024-51102 |
| n/a–n/a | PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters. | 2025-05-23 | not yet calculated | CVE-2024-51103 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. | 2025-05-19 | not yet calculated | CVE-2024-51106 |
| n/a–n/a | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. | 2025-05-23 | not yet calculated | CVE-2024-51107 |
| n/a–n/a | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. | 2025-05-23 | not yet calculated | CVE-2024-51108 |
| n/a–n/a | An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | 2025-05-23 | not yet calculated | CVE-2024-51360 |
| n/a–n/a | In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. | 2025-05-22 | not yet calculated | CVE-2024-52874 |
| n/a–n/a | An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request. | 2025-05-20 | not yet calculated | CVE-2024-53359 |
| n/a–n/a | Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access. | 2025-05-22 | not yet calculated | CVE-2024-54188 |
| n/a–n/a | Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to /international/settings/keyboard; the (4) timezone parameter to /international/settings/timezone. | 2025-05-19 | not yet calculated | CVE-2024-55063 |
| n/a–n/a | The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client. | 2025-05-21 | not yet calculated | CVE-2024-56428 |
| n/a–n/a | Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. | 2025-05-21 | not yet calculated | CVE-2024-57529 |
| HYPR–Passwordless | Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | 2025-05-21 | not yet calculated | CVE-2025-0372 |
| Pure Storage–PX Backup | A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions. | 2025-05-19 | not yet calculated | CVE-2025-1308 |
| Proget–Proget | A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a task_id, but since it’s a low integer and there is no limit of requests an attacker can perform to a vulnerable endpoint, the task_id might be simply brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1415 |
| Proget–Proget | In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-1417. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1416 |
| Proget–Proget | In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416. Successful exploitation requires UUID of a targeted backup, which cannot be brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1417 |
| Proget–Proget | A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices). This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1418 |
| Proget–Proget | Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1419 |
| Proget–Proget | Input provided in a field containing “activationMessage” in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1420 |
| Proget–Proget | Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user’s PC. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). | 2025-05-21 | not yet calculated | CVE-2025-1421 |
| Unknown–Qi Blocks | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-19 | not yet calculated | CVE-2025-1625 |
| Unknown–Qi Blocks | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-19 | not yet calculated | CVE-2025-1626 |
| Unknown–Qi Blocks | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-19 | not yet calculated | CVE-2025-1627 |
| Checkmk GmbH–Checkmk | Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 2025-05-21 | not yet calculated | CVE-2025-1712 |
| huggingface–huggingface/transformers | A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario. | 2025-05-19 | not yet calculated | CVE-2025-2099 |
| HYPR–Passwordless | Improper Link Resolution Before File Access (‘Link Following’) vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | 2025-05-21 | not yet calculated | CVE-2025-2102 |
| Atlassian–Jira Core Data Center | This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program. | 2025-05-20 | not yet calculated | CVE-2025-22157 |
| TIBCO Software Inc–TIBCO BPM Enterprise | Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user’s browser under the privileges of the web application. | 2025-05-21 | not yet calculated | CVE-2025-2261 |
| Ubiquiti Inc–UniFi Protect Cameras | A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware. | 2025-05-19 | not yet calculated | CVE-2025-23123 |
| Ubiquiti Inc–UniFi Protect Application | A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a “Share Livestream” link to maintain access to the corresponding livestream subsequent to such link becoming disabled. | 2025-05-19 | not yet calculated | CVE-2025-23164 |
| nodejs–node | In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22. | 2025-05-19 | not yet calculated | CVE-2025-23165 |
| nodejs–node | The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime. | 2025-05-19 | not yet calculated | CVE-2025-23166 |
| nodejs–node | A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `rnrX` instead of the required `rnrn`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. | 2025-05-19 | not yet calculated | CVE-2025-23167 |
| Ecovacs–Ecovacs Mobile and Android Application | Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | 2025-05-23 | not yet calculated | CVE-2025-2394 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local user may be able to modify protected parts of the file system. | 2025-05-19 | not yet calculated | CVE-2025-24183 |
| Apple–visionOS | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination. | 2025-05-19 | not yet calculated | CVE-2025-24184 |
| Apple–visionOS | The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption. | 2025-05-19 | not yet calculated | CVE-2025-24189 |
| Unknown–Ninja Forms | The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-19 | not yet calculated | CVE-2025-2524 |
| n/a–n/a | Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu. | 2025-05-21 | not yet calculated | CVE-2025-25539 |
| Unknown–Ninja Forms | The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-19 | not yet calculated | CVE-2025-2560 |
| Unknown–Ninja Forms | The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-19 | not yet calculated | CVE-2025-2561 |
| n/a–n/a | An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication. | 2025-05-20 | not yet calculated | CVE-2025-26086 |
| n/a–n/a | IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard. | 2025-05-21 | not yet calculated | CVE-2025-27558 |
| GStreamer–GStreamer | GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448. | 2025-05-22 | not yet calculated | CVE-2025-2759 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data. | 2025-05-21 | not yet calculated | CVE-2025-27803 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions. | 2025-05-21 | not yet calculated | CVE-2025-27804 |
| n/a–n/a | An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:ProgramData directory. | 2025-05-21 | not yet calculated | CVE-2025-27997 |
| n/a–n/a | An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. | 2025-05-21 | not yet calculated | CVE-2025-27998 |
| n/a–n/a | EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password. | 2025-05-19 | not yet calculated | CVE-2025-28371 |
| Unknown–Order Delivery Date | The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-05-20 | not yet calculated | CVE-2025-2929 |
| n/a–n/a | Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm. | 2025-05-19 | not yet calculated | CVE-2025-30072 |
| Apple–iOS and iPadOS | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. | 2025-05-19 | not yet calculated | CVE-2025-31185 |
| Apple–visionOS | A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system. | 2025-05-19 | not yet calculated | CVE-2025-31262 |
| n/a–n/a | An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. | 2025-05-22 | not yet calculated | CVE-2025-32813 |
| n/a–n/a | An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. | 2025-05-22 | not yet calculated | CVE-2025-32814 |
| n/a–n/a | An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. | 2025-05-22 | not yet calculated | CVE-2025-32815 |
| Checkmk GmbH–Checkmk | Packages downloaded by Checkmk’s automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | 2025-05-22 | not yet calculated | CVE-2025-32915 |
| Versa–Concerto | The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | 2025-05-21 | not yet calculated | CVE-2025-34025 |
| Versa–Concerto | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | 2025-05-21 | not yet calculated | CVE-2025-34026 |
| Versa–Concerto | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | 2025-05-21 | not yet calculated | CVE-2025-34027 |
| MedDream–WEB DICOM Viewer | MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842. | 2025-05-22 | not yet calculated | CVE-2025-3480 |
| MedDream–PACS Server | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25827. | 2025-05-22 | not yet calculated | CVE-2025-3481 |
| MedDream–PACS Server | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25826. | 2025-05-22 | not yet calculated | CVE-2025-3482 |
| MedDream–PACS Server | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825. | 2025-05-22 | not yet calculated | CVE-2025-3483 |
| MedDream–PACS Server | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25853. | 2025-05-22 | not yet calculated | CVE-2025-3484 |
| Allegra–Allegra | Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-25730. | 2025-05-22 | not yet calculated | CVE-2025-3486 |
| TIBCO Software Inc–TIBCO ActiveMatrix BusinessWorks | The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information | 2025-05-21 | not yet calculated | CVE-2025-3751 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max size for a MIDI1 UMP packet data. However, the implementation overlooked that SysEx is handled in a different format, and it can be up to 6 bytes, as found in do_convert_to_ump(). It leads eventually to a buffer overflow, and may corrupt the memory when a longer SysEx message is received. The fix is simply to extend the buffer size to 6 to fit with the SysEx UMP message. | 2025-05-19 | not yet calculated | CVE-2025-37891 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails. | 2025-05-20 | not yet calculated | CVE-2025-37892 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to be returned from the functions __inet_lookup_established() and __inet6_lookup_established(). This can cause a crash when the returned pointer is of type struct inet_timewait_sock and sock_put() is called on it. The following is a crash call stack that shows sk->sk_wmem_alloc being accessed in sk_free() during the call to sock_put() on a struct inet_timewait_sock pointer. To avoid this issue, use sock_gen_put() instead of sock_put() when sk->sk_state is TCP_TIME_WAIT. mrdump.ko ipanic() + 120 vmlinux notifier_call_chain(nr_to_call=-1, nr_calls=0) + 132 vmlinux atomic_notifier_call_chain(val=0) + 56 vmlinux panic() + 344 vmlinux add_taint() + 164 vmlinux end_report() + 136 vmlinux kasan_report(size=0) + 236 vmlinux report_tag_fault() + 16 vmlinux do_tag_recovery() + 16 vmlinux __do_kernel_fault() + 88 vmlinux do_bad_area() + 28 vmlinux do_tag_check_fault() + 60 vmlinux do_mem_abort() + 80 vmlinux el1_abort() + 56 vmlinux el1h_64_sync_handler() + 124 vmlinux > 0xFFFFFFC080011294() vmlinux __lse_atomic_fetch_add_release(v=0xF2FFFF82A896087C) vmlinux __lse_atomic_fetch_sub_release(v=0xF2FFFF82A896087C) vmlinux arch_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux raw_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux __refcount_sub_and_test(i=1, r=0xF2FFFF82A896087C, oldp=0) + 8 vmlinux __refcount_dec_and_test(r=0xF2FFFF82A896087C, oldp=0) + 8 vmlinux refcount_dec_and_test(r=0xF2FFFF82A896087C) + 8 vmlinux sk_free(sk=0xF2FFFF82A8960700) + 28 vmlinux sock_put() + 48 vmlinux tcp6_check_fraglist_gro() + 236 vmlinux tcp6_gro_receive() + 624 vmlinux ipv6_gro_receive() + 912 vmlinux dev_gro_receive() + 1116 vmlinux napi_gro_receive() + 196 ccmni.ko ccmni_rx_callback() + 208 ccmni.ko ccmni_queue_recv_skb() + 388 ccci_dpmaif.ko dpmaif_rxq_push_thread() + 1088 vmlinux kthread() + 268 vmlinux 0xFFFFFFC08001F30C() | 2025-05-20 | not yet calculated | CVE-2025-37894 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() fails because we call cancel_work_sync() on dim work that has not been initialized. WARNING: CPU: 37 PID: 5223 at kernel/workqueue.c:4201 __flush_work.isra.0+0x212/0x230 The driver relies on the BNXT_STATE_NAPI_DISABLED bit to check if dim work has already been cancelled. But in the bnxt_open() path, BNXT_STATE_NAPI_DISABLED is not set and this causes the error path to think that it needs to cancel the uninitalized dim work. Fix it by setting BNXT_STATE_NAPI_DISABLED during initialization. The bit will be cleared when we enable NAPI and initialize dim work. | 2025-05-20 | not yet calculated | CVE-2025-37895 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. For example, in Winbond SPINAND flash memory devices, the `write_cache` and `update_cache` operation variants have zero dummy bytes. Calculating the duration for SPI memory operations with zero dummy bytes causes a divide error when `ncycles` is calculated in the spi_mem_calc_op_duration(). Add changes to skip the ‘ncylcles’ calculation for zero dummy bytes. Following divide error is fixed by this change: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI … ? do_trap+0xdb/0x100 ? do_error_trap+0x75/0xb0 ? spi_mem_calc_op_duration+0x56/0xb0 ? exc_divide_error+0x3b/0x70 ? spi_mem_calc_op_duration+0x56/0xb0 ? asm_exc_divide_error+0x1b/0x20 ? spi_mem_calc_op_duration+0x56/0xb0 ? spinand_select_op_variant+0xee/0x190 [spinand] spinand_match_and_init+0x13e/0x1a0 [spinand] spinand_manufacturer_match+0x6e/0xa0 [spinand] spinand_probe+0x357/0x7f0 [spinand] ? kernfs_activate+0x87/0xd0 spi_mem_probe+0x7a/0xb0 spi_probe+0x7d/0x130 | 2025-05-20 | not yet calculated | CVE-2025-37896 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used when probe fails or after the device is disconnected. In both cases mac->lock can not be held as the driver is not working with the device at the moment. All functions that use mac->lock unlock it just after it was held. There is also no need to hold mac->lock for plfxlc_mac_release() itself, as mac data is not affected, except for mac->flags, which is modified atomically. This bug leads to the following warning: ================================================================ WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0 Modules linked in: CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event RIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106 Call Trace: <TASK> probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785 driver_probe_device+0x50/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429 __device_attach+0x359/0x570 drivers/base/dd.c:1015 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489 device_add+0xb48/0xfd0 drivers/base/core.c:3696 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785 driver_probe_device+0x50/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429 __device_attach+0x359/0x570 drivers/base/dd.c:1015 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489 device_add+0xb48/0xfd0 drivers/base/core.c:3696 usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5477 [inline] hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] port_event drivers/usb/core/hub.c:5773 [inline] hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> ================================================================ Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-05-20 | not yet calculated | CVE-2025-37897 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least one patchable function entry, which is not always the case (modules that export data but no code), otherwise it returns -ENOEXEC and thus the section header sh_size is set to that value. During module_memory_alloc() the size is passed to execmem_alloc() after being page-aligned and thus set to zero which will cause it to fail the allocation (and thus module loading) as __vmalloc_node_range() checks for zero-sized allocs and returns null: [ 115.466896] module_64: cast_common: doesn’t contain __patchable_function_entries. [ 115.469189] ————[ cut here ]———— [ 115.469496] WARNING: CPU: 0 PID: 274 at mm/vmalloc.c:3778 __vmalloc_node_range_noprof+0x8b4/0x8f0 … [ 115.478574] —[ end trace 0000000000000000 ]— [ 115.479545] execmem: unable to allocate memory Fix this by removing the check completely, since it is anyway not helpful to propagate this as an error upwards. | 2025-05-20 | not yet calculated | CVE-2025-37898 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free’d. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user. | 2025-05-20 | not yet calculated | CVE-2025-37899 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it: https://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com And Alok pointed out a typo at the same time: https://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com Since both issues were copied from iommu_copy_struct_from_user(), fix them first in the current header. | 2025-05-20 | not yet calculated | CVE-2025-37900 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should not be handled inside the MPM driver. The IRQ domain hierarchy is always applied, so it’s required to explicitly disconnect the hierarchy for those. The pinctrl-msm driver marks these with GPIO_NO_WAKE_IRQ. qcom-pdc has a check for this, but irq-qcom-mpm is currently missing the check. This is causing crashes when setting up interrupts for non-wake GPIOs: root@rb1:~# gpiomon -c gpiochip1 10 irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1 Unable to handle kernel paging request at virtual address ffff8000a1dc3820 Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT) pc : mpm_set_type+0x80/0xcc lr : mpm_set_type+0x5c/0xcc Call trace: mpm_set_type+0x80/0xcc (P) qcom_mpm_set_type+0x64/0x158 irq_chip_set_type_parent+0x20/0x38 msm_gpio_irq_set_type+0x50/0x530 __irq_set_trigger+0x60/0x184 __setup_irq+0x304/0x6bc request_threaded_irq+0xc8/0x19c edge_detector_setup+0x260/0x364 linereq_create+0x420/0x5a8 gpio_ioctl+0x2d4/0x6c0 Fix this by copying the check for GPIO_NO_WAKE_IRQ from qcom-pdc.c, so that MPM is removed entirely from the hierarchy for non-wake GPIOs. | 2025-05-20 | not yet calculated | CVE-2025-37901 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] —truncated— | 2025-05-20 | not yet calculated | CVE-2025-37903 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ————[ cut here ]———— kernel BUG at fs/super.c:650! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:generic_shutdown_super+0x2e9/0x390 fs/super.c:650 Call Trace: <TASK> kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2099 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xe2/0x100 fs/super.c:502 cleanup_mnt+0x21f/0x440 fs/namespace.c:1435 task_work_run+0x14d/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x269/0x290 kernel/entry/common.c:218 do_syscall_64+0xd4/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> [CAUSE] When btrfs_alloc_path() failed, btrfs_iget() directly returned without releasing the inode already allocated by btrfs_iget_locked(). This results the above busy inode and trigger the kernel BUG. [FIX] Fix it by calling iget_failed() if btrfs_alloc_path() failed. If we hit error inside btrfs_read_locked_inode(), it will properly call iget_failed(), so nothing to worry about. Although the iget_failed() cleanup inside btrfs_read_locked_inode() is a break of the normal error handling scheme, let’s fix the obvious bug and backport first, then rework the error handling later. | 2025-05-20 | not yet calculated | CVE-2025-37904 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provided release methods upon devices destruction. As a consequence, one of the structures that is not freed properly upon destruction is the internal struct device_private dev->p populated by the drivers subsystem core. KMemleak detects this situation since loading/unloding some SCMI driver causes related devices to be created/destroyed without calling any device_release method. unreferenced object 0xffff00000f583800 (size 512): comm “insmod”, pid 227, jiffies 4294912190 hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 …..N………. ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff ……..`6…… backtrace (crc 114e2eed): kmemleak_alloc+0xbc/0xd8 __kmalloc_cache_noprof+0x2dc/0x398 device_add+0x954/0x12d0 device_register+0x28/0x40 __scmi_device_create.part.0+0x1bc/0x380 scmi_device_create+0x2d0/0x390 scmi_create_protocol_devices+0x74/0xf8 scmi_device_request_notifier+0x1f8/0x2a8 notifier_call_chain+0x110/0x3b0 blocking_notifier_call_chain+0x70/0xb0 scmi_driver_register+0x350/0x7f0 0xffff80000a3b3038 do_one_initcall+0x12c/0x730 do_init_module+0x1dc/0x640 load_module+0x4b20/0x5b70 init_module_from_file+0xec/0x158 $ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0 device_add+0x954/0x12d0: kmalloc_noprof at include/linux/slab.h:901 (inlined by) kzalloc_noprof at include/linux/slab.h:1037 (inlined by) device_private_init at drivers/base/core.c:3510 (inlined by) device_add at drivers/base/core.c:3561 Balance device refcount by issuing a put_device() on devices found via device_find_child(). | 2025-05-20 | not yet calculated | CVE-2025-37905 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, but we may have scheduled task work via io_uring_cmd_complete_in_task() for dispatching request, then kernel crash can be triggered. Fix it by not trying to canceling the command if ublk block request is started. | 2025-05-20 | not yet calculated | CVE-2025-37906 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submitted_jobs (#1). After the last job is destroyed, it proceeds to release the related context and locks file_priv (#2). Meanwhile, in the job submission thread, the file_priv lock (#2) is taken first, and then the submitted_jobs lock (#1) is obtained when a job is added to the submitted jobs list. CPU0 CPU1 —- —- (for example due to a fault) (jobs submissions keep coming) lock(&vdev->submitted_jobs_lock) #1 ivpu_jobs_abort_all() job_destroy() lock(&file_priv->lock) #2 lock(&vdev->submitted_jobs_lock) #1 file_priv_release() lock(&vdev->context_list_lock) lock(&file_priv->lock) #2 This order of locking causes a deadlock. To resolve this issue, change the order of locking in ivpu_job_submit(). | 2025-05-20 | not yet calculated | CVE-2025-37907 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error, shutdown_mem_profiling() is called: slab->obj_exts which previously allocated remains. It won’t be cleared by unaccount_slab() because of mem_alloc_profiling_enabled() not true. It’s incorrect, slab->obj_exts should always be cleaned up in unaccount_slab() to avoid following error: […]BUG: Bad page state in process… .. […]page dumped because: page still charged to cgroup [andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user] | 2025-05-20 | not yet calculated | CVE-2025-37908 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak | 2025-05-20 | not yet calculated | CVE-2025-37909 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call __handle_signal_outputs() or __handle_signal_inputs() while the `irig` and `dcf` pointers are uninitialized, leading to a NULL pointer dereference in __handle_signal() and causing a kernel crash. Adva boards don’t use `irig` or `dcf` functionality, so add Adva-specific callbacks `ptp_ocp_sma_adva_set_outputs()` and `ptp_ocp_sma_adva_set_inputs()` that avoid invoking `irig` or `dcf` input/output routines. | 2025-05-20 | not yet calculated | CVE-2025-37910 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45): __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] ethtool_get_dump_data+0xdc/0x1a0 __dev_ethtool+0xa1e/0x1af0 dev_ethtool+0xa8/0x170 dev_ioctl+0x1b5/0x580 sock_do_ioctl+0xab/0xf0 sock_ioctl+0x1ce/0x2e0 __x64_sys_ioctl+0x87/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x78/0x80 … This happens when copying the coredump segment list in bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command. The info->dest_buf buffer is allocated based on the number of coredump segments returned by the FW. The segment list is then DMA’ed by the FW and the length of the DMA is returned by FW. The driver then copies this DMA’ed segment list to info->dest_buf. In some cases, this DMA length may exceed the info->dest_buf length and cause the above BUG condition. Fix it by capping the copy length to not exceed the length of info->dest_buf. The extra DMA data contains no useful information. This code path is shared for the HWRM_DBG_COREDUMP_LIST and the HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different for these 2 FW commands. To simplify the logic, we need to move the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE up, so that the new check to cap the copy length will work for both commands. | 2025-05-20 | not yet calculated | CVE-2025-37911 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 (“ice: always check VF VSI pointer values”), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it. | 2025-05-20 | not yet calculated | CVE-2025-37912 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard’s report [1], there are use cases where a netem child qdisc will make the parent qdisc’s enqueue callback reentrant. In the case of qfq, there won’t be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. This patch checks whether the class was already added to the agg->active list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ | 2025-05-20 | not yet calculated | CVE-2025-37913 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard’s report [1], there are use cases where a netem child qdisc will make the parent qdisc’s enqueue callback reentrant. In the case of ets, there won’t be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ | 2025-05-20 | not yet calculated | CVE-2025-37914 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard’s report [1], there are use cases where a netem child qdisc will make the parent qdisc’s enqueue callback reentrant. In the case of drr, there won’t be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before adding to the list to cover for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ | 2025-05-20 | not yet calculated | CVE-2025-37915 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47): [Mon Apr 21 21:21:33 2025] pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] pdsc_remove+0xc0/0x1b0 [pds_core] [Mon Apr 21 21:21:33 2025] pci_device_remove+0x24/0x70 [Mon Apr 21 21:21:33 2025] device_release_driver_internal+0x11f/0x180 [Mon Apr 21 21:21:33 2025] driver_detach+0x45/0x80 [Mon Apr 21 21:21:33 2025] bus_remove_driver+0x83/0xe0 [Mon Apr 21 21:21:33 2025] pci_unregister_driver+0x1a/0x80 The actual device uninit usually happens on a separate thread scheduled after this code runs, but there is no guarantee of order of thread execution, so this could be a problem. There’s no actual need to clear the client_id at this point, so simply remove the offending code. | 2025-05-20 | not yet calculated | CVE-2025-37916 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx poll. “` BUG: spinlock recursion on CPU#0, swapper/0/0 lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0, .owner_cpu: 0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT Hardware name: MediaTek MT8365 Open Platform EVK (DT) Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x60/0x80 dump_stack+0x18/0x24 spin_dump+0x78/0x88 do_raw_spin_lock+0x11c/0x120 _raw_spin_lock+0x20/0x2c mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac] __handle_irq_event_percpu+0x48/0x140 handle_irq_event+0x4c/0xb0 handle_fasteoi_irq+0xa0/0x1bc handle_irq_desc+0x34/0x58 generic_handle_domain_irq+0x1c/0x28 gic_handle_irq+0x4c/0x120 do_interrupt_handler+0x50/0x84 el1_interrupt+0x34/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 regmap_mmio_read32le+0xc/0x20 (P) _regmap_bus_reg_read+0x6c/0xac _regmap_read+0x60/0xdc regmap_read+0x4c/0x80 mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac] __napi_poll+0x38/0x188 net_rx_action+0x164/0x2c0 handle_softirqs+0x100/0x244 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x20 call_on_irq_stack+0x24/0x64 do_softirq_own_stack+0x1c/0x40 __irq_exit_rcu+0xd4/0x10c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 cpuidle_enter_state+0xac/0x320 (P) cpuidle_enter+0x38/0x50 do_idle+0x1e4/0x260 cpu_startup_entry+0x34/0x3c rest_init+0xdc/0xe0 console_on_rootfs+0x0/0x6c __primary_switched+0x88/0x90 “` | 2025-05-20 | not yet calculated | CVE-2025-37917 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() A NULL pointer dereference can occur in skb_dequeue() when processing a QCA firmware crash dump on WCN7851 (0489:e0f3). [ 93.672166] Bluetooth: hci0: ACL memdump size(589824) [ 93.672475] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 93.672517] Workqueue: hci0 hci_devcd_rx [bluetooth] [ 93.672598] RIP: 0010:skb_dequeue+0x50/0x80 The issue stems from handle_dump_pkt_qca() returning 0 even when a dump packet is successfully processed. This is because it incorrectly forwards the return value of hci_devcd_init() (which returns 0 on success). As a result, the caller (btusb_recv_acl_qca() or btusb_recv_evt_qca()) assumes the packet was not handled and passes it to hci_recv_frame(), leading to premature kfree() of the skb. Later, hci_devcd_rx() attempts to dequeue the same skb from the dump queue, resulting in a NULL pointer dereference. Fix this by: 1. Making handle_dump_pkt_qca() return 0 on success and negative errno on failure, consistent with kernel conventions. 2. Splitting dump packet detection into separate functions for ACL and event packets for better structure and readability. This ensures dump packets are properly identified and consumed, avoiding double handling and preventing NULL pointer access. | 2025-05-20 | not yet calculated | CVE-2025-37918 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Update chip data using dev_get_drvdata(dev->parent) to fix NULL pointer deref in acp_i2s_set_tdm_slot. | 2025-05-20 | not yet calculated | CVE-2025-37919 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xsk_buff_pool. RX queue is exclusive to xsk_socket, while FILL queue can be shared between multiple sockets. This could result in race condition where two CPU cores access RX path of two different sockets sharing the same umem. Protect both queues by acquiring spinlock in shared xsk_buff_pool. Lock contention may be minimized in the future by some per-thread FQ buffering. It’s safe and necessary to move spin_lock_bh(rx_lock) after xsk_rcv_check(): * xs->pool and spinlock_init is synchronized by xsk_bind() -> xsk_is_bound() memory barriers. * xsk_rcv_check() may return true at the moment of xsk_release() or xsk_unbind_dev(), however this will not cause any data races or race conditions. xsk_unbind_dev() removes xdp socket from all maps and waits for completion of all outstanding rx operations. Packets in RX path will either complete safely or drop. | 2025-05-20 | not yet calculated | CVE-2025-37920 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in ‘vnifilter’ mode, the FDB entry associated with the default remote (assuming one was configured) is deleted without holding the hash lock. This is wrong and will result in a warning [1] being generated by the lockdep annotation that was added by commit ebe642067455 (“vxlan: Create wrappers for FDB lookup”). Reproducer: # ip link add vx0 up type vxlan dstport 4789 external vnifilter local 192.0.2.1 # bridge vni add vni 10010 remote 198.51.100.1 dev vx0 # bridge vni del vni 10010 dev vx0 Fix by acquiring the hash lock before the deletion and releasing it afterwards. Blame the original commit that introduced the issue rather than the one that exposed it. [1] WARNING: CPU: 3 PID: 392 at drivers/net/vxlan/vxlan_core.c:417 vxlan_find_mac+0x17f/0x1a0 […] RIP: 0010:vxlan_find_mac+0x17f/0x1a0 […] Call Trace: <TASK> __vxlan_fdb_delete+0xbe/0x560 vxlan_vni_delete_group+0x2ba/0x940 vxlan_vni_del.isra.0+0x15f/0x580 vxlan_process_vni_filter+0x38b/0x7b0 vxlan_vnifilter_process+0x3bb/0x510 rtnetlink_rcv_msg+0x2f7/0xb70 netlink_rcv_skb+0x131/0x360 netlink_unicast+0x426/0x710 netlink_sendmsg+0x75a/0xc20 __sock_sendmsg+0xc1/0x150 ____sys_sendmsg+0x5aa/0x7b0 ___sys_sendmsg+0xfc/0x180 __sys_sendmsg+0x121/0x1b0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 | 2025-05-20 | not yet calculated | CVE-2025-37921 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap start address to PAGE_SIZE A vmemmap altmap is a device-provided region used to provide backing storage for struct pages. For each namespace, the altmap should belong to that same namespace. If the namespaces are created unaligned, there is a chance that the section vmemmap start address could also be unaligned. If the section vmemmap start address is unaligned, the altmap page allocated from the current namespace might be used by the previous namespace also. During the free operation, since the altmap is shared between two namespaces, the previous namespace may detect that the page does not belong to its altmap and incorrectly assume that the page is a normal page. It then attempts to free the normal page, which leads to a kernel crash. Kernel attempted to read user page (18) – exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000018 Faulting instruction address: 0xc000000000530c7c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries CPU: 32 PID: 2104 Comm: ndctl Kdump: loaded Tainted: G W NIP: c000000000530c7c LR: c000000000530e00 CTR: 0000000000007ffe REGS: c000000015e57040 TRAP: 0300 Tainted: G W MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 84482404 CFAR: c000000000530dfc DAR: 0000000000000018 DSISR: 40000000 IRQMASK: 0 GPR00: c000000000530e00 c000000015e572e0 c000000002c5cb00 c00c000101008040 GPR04: 0000000000000000 0000000000000007 0000000000000001 000000000000001f GPR08: 0000000000000005 0000000000000000 0000000000000018 0000000000002000 GPR12: c0000000001d2fb0 c0000060de6b0080 0000000000000000 c0000060dbf90020 GPR16: c00c000101008000 0000000000000001 0000000000000000 c000000125b20f00 GPR20: 0000000000000001 0000000000000000 ffffffffffffffff c00c000101007fff GPR24: 0000000000000001 0000000000000000 0000000000000000 0000000000000000 GPR28: 0000000004040201 0000000000000001 0000000000000000 c00c000101008040 NIP [c000000000530c7c] get_pfnblock_flags_mask+0x7c/0xd0 LR [c000000000530e00] free_unref_page_prepare+0x130/0x4f0 Call Trace: free_unref_page+0x50/0x1e0 free_reserved_page+0x40/0x68 free_vmemmap_pages+0x98/0xe0 remove_pte_table+0x164/0x1e8 remove_pmd_table+0x204/0x2c8 remove_pud_table+0x1c4/0x288 remove_pagetable+0x1c8/0x310 vmemmap_free+0x24/0x50 section_deactivate+0x28c/0x2a0 __remove_pages+0x84/0x110 arch_remove_memory+0x38/0x60 memunmap_pages+0x18c/0x3d0 devm_action_release+0x30/0x50 release_nodes+0x68/0x140 devres_release_group+0x100/0x190 dax_pmem_compat_release+0x44/0x80 [dax_pmem_compat] device_for_each_child+0x8c/0x100 [dax_pmem_compat_remove+0x2c/0x50 [dax_pmem_compat] nvdimm_bus_remove+0x78/0x140 [libnvdimm] device_remove+0x70/0xd0 Another issue is that if there is no altmap, a PMD-sized vmemmap page will be allocated from RAM, regardless of the alignment of the section start address. If the section start address is not aligned to the PMD size, a VM_BUG_ON will be triggered when setting the PMD-sized page to page table. In this patch, we are aligning the section vmemmap start address to PAGE_SIZE. After alignment, the start address will not be part of the current namespace, and a normal page will be allocated for the vmemmap mapping of the current section. For the remaining sections, altmaps will be allocated. During the free operation, the normal page will be correctly freed. In the same way, a PMD_SIZE vmemmap page will be allocated only if the section start address is PMD_SIZE-aligned; otherwise, it will fall back to a PAGE-sized vmemmap allocation. Without this patch ================== NS1 start NS2 start _________________________________________________________ | NS1 | NS2 | ——————————————————— | Altmap| Altmap | …..|Altmap| Altmap | ……….. | NS1 | NS1 —truncated— | 2025-05-20 | not yet calculated | CVE-2025-37922 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 …. ================================================================== It has been reported that trace_seq_to_buffer() tries to copy more data than PAGE_SIZE to buf. Therefore, to prevent this, we should use the smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument. | 2025-05-20 | not yet calculated | CVE-2025-37923 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL. | 2025-05-20 | not yet calculated | CVE-2025-37924 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition between ksmbd_session_rpc_open() and __session_rpc_close(). Add rpc_lock to the session to protect it. | 2025-05-20 | not yet calculated | CVE-2025-37926 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn’t take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. The same applies to the hid string with length 13 and uid string with length 250. Check the length of hid and uid strings separately to prevent buffer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-05-20 | not yet calculated | CVE-2025-37927 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don’t schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops – BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] —[ end trace 0000000000000000 ]— dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. | 2025-05-20 | not yet calculated | CVE-2025-37928 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d (“arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists”) added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new ‘k’ values for the workaround to be effective. Unfortunately, the new arrays omitted the sentinel entry and so is_midr_in_range_list() will walk off the end when it doesn’t find a match. With UBSAN enabled, this leads to a crash during boot when is_midr_in_range_list() is inlined (which was more common prior to c8c2647e69be (“arm64: Make _midr_in_range_list() an exported function”)): | Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP | pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=–) | pc : spectre_bhb_loop_affected+0x28/0x30 | lr : is_spectre_bhb_affected+0x170/0x190 | […] | Call trace: | spectre_bhb_loop_affected+0x28/0x30 | update_cpu_capabilities+0xc0/0x184 | init_cpu_features+0x188/0x1a4 | cpuinfo_store_boot_cpu+0x4c/0x60 | smp_prepare_boot_cpu+0x38/0x54 | start_kernel+0x8c/0x478 | __primary_switched+0xc8/0xd4 | Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020) | —[ end trace 0000000000000000 ]— | Kernel panic – not syncing: aarch64 BRK: Fatal exception Add the missing sentinel entries. | 2025-05-20 | not yet calculated | CVE-2025-37929 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it’s expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (race) a signaled fence remains in the pending list for a while, until it gets removed by nouveau_fence_update(). Should nouveau_fence_context_kill() run in the meantime, this would be a bug because the function would attempt to set an error code on an already signaled fence. Have nouveau_fence_context_kill() check for a fence being signaled. | 2025-05-20 | not yet calculated | CVE-2025-37930 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn’t dirty we do bit_start++; to move onto the next bit. The problem is the bitmap is based on the number of sectors that an EB has. So in this case, we have a 64k pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4 bits for every node. With a 64k page size we end up with 4 nodes per page. To make this easier this is how everything looks [0 16k 32k 48k ] logical address [0 4 8 12 ] radix tree offset [ 64k page ] folio [ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers [ | | | | | | | | | | | | | | | | ] bitmap Now we use all of our addressing based on fs_info->sectorsize_bits, so as you can see the above our 16k eb->start turns into radix entry 4. When we find a dirty range for our eb, we correctly do bit_start += sectors_per_node, because if we start at bit 0, the next bit for the next eb is 4, to correspond to eb->start 16k. However if our range is clean, we will do bit_start++, which will now put us offset from our radix tree entries. In our case, assume that the first time we check the bitmap the block is not dirty, we increment bit_start so now it == 1, and then we loop around and check again. This time it is dirty, and we go to find that start using the following equation start = folio_start + bit_start * fs_info->sectorsize; so in the case above, eb->start 0 is now dirty, and we calculate start as 0 + 1 * fs_info->sectorsize = 4096 4096 >> 12 = 1 Now we’re looking up the radix tree for 1, and we won’t find an eb. What’s worse is now we’re using bit_start == 1, so we do bit_start += sectors_per_node, which is now 5. If that eb is dirty we will run into the same thing, we will look at an offset that is not populated in the radix tree, and now we’re skipping the writeout of dirty extent buffers. The best fix for this is to not use sectorsize_bits to address nodes, but that’s a larger change. Since this is a fs corruption problem fix it simply by always using sectors_per_node to increment the start bit. | 2025-05-20 | not yet calculated | CVE-2025-37931 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let’s make it idempotent to ease qdisc_tree_reduce_backlog() callers’ life. | 2025-05-20 | not yet calculated | CVE-2025-37932 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the device-specific ndo_stop function, which frees the resources. If the driver is unloaded in this scenario, it calls ndo_stop again, attempting to free resources that have already been freed, leading to a host hang issue. To resolve this, dev_close should be called instead of the device-specific stop function.dev_close internally calls ndo_stop to stop the network interface and performs additional cleanup tasks. During the driver unload process, if the device is already down, ndo_stop is not called. | 2025-05-20 | not yet calculated | CVE-2025-37933 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid, before writing to them. This also fixes a USBAN warning: UBSAN: invalid-load in ../sound/soc/fsl/imx-card.c:687:25 load of value 255 is not a valid value for type ‘_Bool’ This is because playback_only is uninitialized and is not written to, as the playback-only property is absent. | 2025-05-20 | not yet calculated | CVE-2025-37934 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it will jump to release_desc and refill the high word of the SDP on the 4GB RFB. Subsequently, mtk_rx_clean will process an incorrect SDP, leading to a panic. Add patch from MediaTek’s SDK to resolve this. | 2025-05-20 | not yet calculated | CVE-2025-37935 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU’s value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU’s desired PEBS_ENABLE value. Consulting only the host kernel’s host vs. guest masks results in running the guest with PEBS enabled even when the guest doesn’t want to use PEBS. Because KVM uses perf events to proxy the guest virtual PMU, simply looking at exclude_host can’t differentiate between events created by host userspace, and events created by KVM on behalf of the guest. Running the guest with PEBS unexpectedly enabled typically manifests as crashes due to a near-infinite stream of #PFs. E.g. if the guest hasn’t written MSR_IA32_DS_AREA, the CPU will hit page faults on address ‘0’ when trying to record PEBS events. The issue is most easily reproduced by running `perf kvm top` from before commit 7b100989b4f6 (“perf evlist: Remove __evlist__add_default”) (after which, `perf kvm top` effectively stopped using PEBS). The userspace side of perf creates a guest-only PEBS event, which intel_guest_get_msrs() misconstrues a guest-*owned* PEBS event. Arguably, this is a userspace bug, as enabling PEBS on guest-only events simply cannot work, and userspace can kill VMs in many other ways (there is no danger to the host). However, even if this is considered to be bad userspace behavior, there’s zero downside to perf/KVM restricting PEBS to guest-owned events. Note, commit 854250329c02 (“KVM: x86/pmu: Disable guest PEBS temporarily in two rare situations”) fixed the case where host userspace is profiling KVM *and* userspace, but missed the case where userspace is profiling only KVM. | 2025-05-20 | not yet calculated | CVE-2025-37936 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()’s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx() | 2025-05-20 | not yet calculated | CVE-2025-37937 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have “%*p..” The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when the event triggered and that same data is freed before the event is read, then the kernel can crash by reading freed memory. The verifier runs at boot up (or module load) and scans the print formats of the events and checks their arguments to make sure that dereferenced pointers are safe. If the format uses “%*p..” the verifier will ignore it, and that could be dangerous. Cover this case as well. Also add to the sample code a use case of “%*pbl”. | 2025-05-20 | not yet calculated | CVE-2025-37938 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure the core_relo header is present before reading its fields. This avoids a potential buffer read overflow reported by the OSS Fuzz project. | 2025-05-20 | not yet calculated | CVE-2025-37939 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to allow the kernel to remain responsive even when processing a large number of functions. This matches the cond_resched() that is used in other locations of the code that iterates over all functions that can be traced. | 2025-05-20 | not yet calculated | CVE-2025-37940 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails, wcd937x_soc_codec_probe() returns without releasing ‘wcd937x->clsh_info’, which is allocated by wcd_clsh_ctrl_alloc. Add wcd_clsh_ctrl_free() to prevent potential memory leak. | 2025-05-20 | not yet calculated | CVE-2025-37941 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we’re making sure pool report is refetched before trying to access any of it’s fields. While loop was replaced with a for loop + exit conditions were moved aroud to decrease the possibility of creating an infinite loop scenario. | 2025-05-20 | not yet calculated | CVE-2025-37942 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 | 2025-05-20 | not yet calculated | CVE-2025-37943 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 | 2025-05-20 | not yet calculated | CVE-2025-37944 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz 2. Those who don’t: all others. The above methods should be optional. For type 1, dsa_switch_suspend() calls dsa_user_suspend() -> phylink_stop(), and dsa_switch_resume() calls dsa_user_resume() -> phylink_start(). These seem good candidates for setting mac_managed_pm = true because that is essentially its definition [1], but that does not seem to be the biggest problem for now, and is not what this change focuses on. Talking strictly about the 2nd category of DSA drivers here (which do not have MAC managed PM, meaning that for their attached PHYs, mdio_bus_phy_suspend() and mdio_bus_phy_resume() should run in full), I have noticed that the following warning from mdio_bus_phy_resume() is triggered: WARN_ON(phydev->state != PHY_HALTED && phydev->state != PHY_READY && phydev->state != PHY_UP); because the PHY state machine is running. It’s running as a result of a previous dsa_user_open() -> … -> phylink_start() -> phy_start() having been initiated by the user. The previous mdio_bus_phy_suspend() was supposed to have called phy_stop_machine(), but it didn’t. So this is why the PHY is in state PHY_NOLINK by the time mdio_bus_phy_resume() runs. mdio_bus_phy_suspend() did not call phy_stop_machine() because for phylink, the phydev->adjust_link function pointer is NULL. This seems a technicality introduced by commit fddd91016d16 (“phylib: fix PAL state machine restart on resume”). That commit was written before phylink existed, and was intended to avoid crashing with consumer drivers which don’t use the PHY state machine – phylink always does, when using a PHY. But phylink itself has historically not been developed with suspend/resume in mind, and apparently not tested too much in that scenario, allowing this bug to exist unnoticed for so long. Plus, prior to the WARN_ON(), it would have likely been invisible. This issue is not in fact restricted to type 2 DSA drivers (according to the above ad-hoc classification), but can be extrapolated to any MAC driver with phylink and MDIO-bus-managed PHY PM ops. DSA is just where the issue was reported. Assuming mac_managed_pm is set correctly, a quick search indicates the following other drivers might be affected: $ grep -Zlr PHYLINK_NETDEV drivers/ | xargs -0 grep -L mac_managed_pm drivers/net/ethernet/atheros/ag71xx.c drivers/net/ethernet/microchip/sparx5/sparx5_main.c drivers/net/ethernet/microchip/lan966x/lan966x_main.c drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c drivers/net/ethernet/freescale/dpaa/dpaa_eth.c drivers/net/ethernet/freescale/ucc_geth.c drivers/net/ethernet/freescale/enetc/enetc_pf_common.c drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c drivers/net/ethernet/marvell/mvneta.c drivers/net/ethernet/marvell/prestera/prestera_main.c drivers/net/ethernet/mediatek/mtk_eth_soc.c drivers/net/ethernet/altera/altera_tse_main.c drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c drivers/net/ethernet/meta/fbnic/fbnic_phylink.c drivers/net/ethernet/tehuti/tn40_phy.c drivers/net/ethernet/mscc/ocelot_net.c Make the existing conditions dependent on the PHY device having a phydev->phy_link_change() implementation equal to the default phy_link_change() provided by phylib. Otherwise, we implicitly know that the phydev has the phylink-provided phylink_phy_change() callback, and when phylink is used, the PHY state machine always needs to be stopped/ started on the suspend/resume path. The code is structured as such that if phydev->phy_link_change() is absent, it is a matter of time until the kernel will crash – no need to further complicate the test. Thus, for the situation where the PM is not managed b —truncated— | 2025-05-20 | not yet calculated | CVE-2025-37945 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 (“s390/pci: introduce lock to synchronize state of zpci_dev’s”) the code to ignore power off of a PF that has child VFs was changed from a direct return to a goto to the unlock and pci_dev_put() section. The change however left the existing pci_dev_put() untouched resulting in a doubple put. This can subsequently cause a use after free if the struct pci_dev is released in an unexpected state. Fix this by removing the extra pci_dev_put(). | 2025-05-20 | not yet calculated | CVE-2025-37946 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. | 2025-05-20 | not yet calculated | CVE-2025-37947 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for ‘classic’ cBPF programs that are loaded by seccomp. | 2025-05-20 | not yet calculated | CVE-2025-37948 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: “Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns.” … which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst | 2025-05-20 | not yet calculated | CVE-2025-37949 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a (“ocfs2: convert w_pages to w_folios”) and commit 9a5e08652dc4b (“ocfs2: use an array of folios instead of an array of pages”) save -ENOMEM in the folio array upon allocation failure and call the folio array free code. The folio array free code expects either valid folio pointers or NULL. Finding the -ENOMEM will result in a panic. Fix by NULLing the error folio entry. | 2025-05-20 | not yet calculated | CVE-2025-37950 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won’t be automatically freed through `free_job()`. Consequently, when we skip the reset and keep the job running, the job won’t be freed when it finally completes. This situation leads to a memory leak, as exposed in [1] and [2]. Similarly to commit 704d3d60fec4 (“drm/etnaviv: don’t block scheduler when GPU is still active”), this patch ensures the job is put back on the pending list when extending the timeout. | 2025-05-20 | not yet calculated | CVE-2025-37951 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions which retrieve a file from the IDR and which already use this same lock. | 2025-05-20 | not yet calculated | CVE-2025-37952 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_backlog() |-> htb_qlen_notify() |-> htb_deactivate() |-> htb_next_rb_node() |-> htb_deactivate() For htb_next_rb_node(), after calling the 1st htb_deactivate(), the clprio[prio]->ptr could be already set to NULL, which means htb_next_rb_node() is vulnerable here. For htb_deactivate(), although we checked qlen before calling it, in case of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again which triggers the warning inside. To fix the issues here, we need to: 1) Make htb_deactivate() idempotent, that is, simply return if we already call it before. 2) Make htb_next_rb_node() safe against ptr==NULL. Many thanks to Alan for testing and for the reproducer. | 2025-05-20 | not yet calculated | CVE-2025-37953 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn’t consider it valid, and thinks it’s newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the result is checked. | 2025-05-20 | not yet calculated | CVE-2025-37954 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnet_xsk_pool_enable(): unreferenced object 0xffff88800a68a000 (size 2048): comm “xdp_helper”, pid 318, jiffies 4294692778 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace (crc 0): __kvmalloc_node_noprof+0x402/0x570 virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882) xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226) xsk_bind+0x6a5/0x1ae0 __sys_bind+0x15e/0x230 __x64_sys_bind+0x72/0xb0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-05-20 | not yet calculated | CVE-2025-37955 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc. This patch return the error when attempting to rename a file or directory with an empty new name string. | 2025-05-20 | not yet calculated | CVE-2025-37956 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f (“KVM: x86: forcibly leave nested mode on vCPU reset”) addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in SMM. This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, INIT is blocked when the CPU is in SMM, hence KVM’s WARN() in kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper emulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to do _something_ sane with the VMCB, since it’s technically undefined, and INIT is the least awful choice given KVM’s ABI. So, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of SMM to avoid any weirdness (and the WARN). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. [sean: massage changelog, make it clear this isn’t architectural behavior] | 2025-05-20 | not yet calculated | CVE-2025-37957 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: “An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the “folio != pmd_folio((*pmd)” check (and the “risk of replacing the wrong folio” comment a few lines above it) is for.” BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. | 2025-05-20 | not yet calculated | CVE-2025-37958 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace, the skb isn’t scrubbed. That can lead skb information from one namespace to be “misused” in another namespace. As one example, this is causing Cilium to drop traffic when using bpf_redirect_peer to redirect packets that just went through IPsec decryption to a container namespace. The following pwru trace shows (1) the packet path from the host’s XFRM layer to the container’s XFRM layer where it’s dropped and (2) the number of active skb extensions at each function. NETNS MARK IFACE TUPLE FUNC 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 xfrm_rcv_cb .active_extensions = (__u8)2, 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 xfrm4_rcv_cb .active_extensions = (__u8)2, 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 gro_cells_receive .active_extensions = (__u8)2, […] 4026533547 0 eth0 10.244.3.124:35473->10.244.2.158:53 skb_do_redirect .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 ip_rcv .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 ip_rcv_core .active_extensions = (__u8)2, […] 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 udp_queue_rcv_one_skb .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 __xfrm_policy_check .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 __xfrm_decode_session .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 security_xfrm_decode_session .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 kfree_skb_reason(SKB_DROP_REASON_XFRM_POLICY) .active_extensions = (__u8)2, In this case, there are no XFRM policies in the container’s network namespace so the drop is unexpected. When we decrypt the IPsec packet, the XFRM state used for decryption is set in the skb extensions. This information is preserved across the netns switch. When we reach the XFRM policy check in the container’s netns, __xfrm_policy_check drops the packet with LINUX_MIB_XFRMINNOPOLS because a (container-side) XFRM policy can’t be found that matches the (host-side) XFRM state used for decryption. This patch fixes this by scrubbing the packet when using bpf_redirect_peer, as is done on typical netns switches via veth devices except skb->mark and skb->tstamp are not zeroed. | 2025-05-20 | not yet calculated | CVE-2025-37959 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slab is not yet available, a call to memblock_find_in_range() is used to reserve/allocate memory. However, the range returned may not have been accepted, which can result in a crash when booting an SNP guest: RIP: 0010:memcpy_orig+0x68/0x130 Code: … RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006 RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000 RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00 RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000 R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78 R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00 memblock_double_array+0xff/0x310 memblock_add_range+0x1fb/0x2f0 memblock_reserve+0x4f/0xa0 memblock_alloc_range_nid+0xac/0x130 memblock_alloc_internal+0x53/0xc0 memblock_alloc_try_nid+0x3d/0xa0 swiotlb_init_remap+0x149/0x2f0 mem_init+0xb/0xb0 mm_core_init+0x8f/0x350 start_kernel+0x17e/0x5d0 x86_64_start_reservations+0x14/0x30 x86_64_start_kernel+0x92/0xa0 secondary_startup_64_no_verify+0x194/0x19b Mitigate this by calling accept_memory() on the memory range returned before the slab is available. Prior to v6.12, the accept_memory() interface used a ‘start’ and ‘end’ parameter instead of ‘start’ and ‘size’, therefore the accept_memory() call must be adjusted to specify ‘start + size’ for ‘end’ when applying to kernels prior to v6.12. | 2025-05-20 | not yet calculated | CVE-2025-37960 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 (“ipvs: do not use random local source address for tunnels”) already implies that the input value of saddr should be ignored but the code is still reading it which can prevent to connect the route. Fix it by changing the argument to ret_saddr. [1] BUG: KMSAN: uninit-value in do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147 do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147 __ip_vs_get_out_rt+0x403/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:330 ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136 ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118 ip_local_out net/ipv4/ip_output.c:127 [inline] ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501 udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195 udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483 inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x267/0x380 net/socket.c:727 ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620 __sys_sendmmsg+0x41d/0x880 net/socket.c:2702 __compat_sys_sendmmsg net/compat.c:360 [inline] __do_compat_sys_sendmmsg net/compat.c:367 [inline] __se_compat_sys_sendmmsg net/compat.c:364 [inline] __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364 ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_post_alloc_hook mm/slub.c:4167 [inline] slab_alloc_node mm/slub.c:4210 [inline] __kmalloc_cache_noprof+0x8fa/0xe00 mm/slub.c:4367 kmalloc_noprof include/linux/slab.h:905 [inline] ip_vs_dest_dst_alloc net/netfilter/ipvs/ip_vs_xmit.c:61 [inline] __ip_vs_get_out_rt+0x35d/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:323 ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136 ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118 ip_local_out net/ipv4/ip_output.c:127 [inline] ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501 udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195 udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483 inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x267/0x380 net/socket.c:727 ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620 __sys_sendmmsg+0x41d/0x880 net/socket.c:2702 __compat_sys_sendmmsg net/compat.c:360 [inline] __do_compat_sys_sendmmsg net/compat.c:367 [inline] __se_compat_sys_sendmmsg net/compat.c:364 [inline] __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364 ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e CPU: 0 UID: 0 PID: 22408 Comm: syz.4.5165 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(undef) Hardware name: Google Google Compute Engi —truncated— | 2025-05-20 | not yet calculated | CVE-2025-37961 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure. This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases. | 2025-05-20 | not yet calculated | CVE-2025-37962 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. | 2025-05-20 | not yet calculated | CVE-2025-37963 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() has a bug and suppresses the flush. Fix it by widening the window where should_flush_tlb() sends an IPI. Long Version: === History === There were a few things leading up to this. First, updating mm_cpumask() was observed to be too expensive, so it was made lazier. But being lazy caused too many unnecessary IPIs to CPUs due to the now-lazy mm_cpumask(). So code was added to cull mm_cpumask() periodically[2]. But that culling was a bit too aggressive and skipped sending TLB flushes to CPUs that need them. So here we are again. === Problem === The too-aggressive code in should_flush_tlb() strikes in this window: // Turn on IPIs for this CPU/mm combination, but only // if should_flush_tlb() agrees: cpumask_set_cpu(cpu, mm_cpumask(next)); next_tlb_gen = atomic64_read(&next->context.tlb_gen); choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); load_new_mm_cr3(need_flush); // ^ After ‘need_flush’ is set to false, IPIs *MUST* // be sent to this CPU and not be ignored. this_cpu_write(cpu_tlbstate.loaded_mm, next); // ^ Not until this point does should_flush_tlb() // become true! should_flush_tlb() will suppress TLB flushes between load_new_mm_cr3() and writing to ‘loaded_mm’, which is a window where they should not be suppressed. Whoops. === Solution === Thankfully, the fuzzy “just about to write CR3” window is already marked with loaded_mm==LOADED_MM_SWITCHING. Simply checking for that state in should_flush_tlb() is sufficient to ensure that the CPU is targeted with an IPI. This will cause more TLB flush IPIs. But the window is relatively small and I do not expect this to cause any kind of measurable performance impact. Update the comment where LOADED_MM_SWITCHING is written since it grew yet another user. Peter Z also raised a concern that should_flush_tlb() might not observe ‘loaded_mm’ and ‘is_lazy’ in the same order that switch_mm_irqs_off() writes them. Add a barrier to ensure that they are observed in the order they are written. | 2025-05-20 | not yet calculated | CVE-2025-37964 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] “BUG: sleeping function called from invalid context” error. after: “drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()” The populate_dml_plane_cfg_from_plane_state() uses the GFP_KERNEL flag for memory allocation, which shouldn’t be used in atomic contexts. The allocation is needed only for using another helper function get_scaler_data_for_plane(). [How] Modify helpers to pass a pointer to scaler_data within existing context, eliminating the need for dynamic memory allocation/deallocation and copying. (cherry picked from commit bd3e84bc98f81b44f2c43936bdadc3241d654259) | 2025-05-20 | not yet calculated | CVE-2025-37965 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not available, the kernel crashes: Oops – illegal instruction [#1] [snip] epc : set_tagged_addr_ctrl+0x112/0x15a ra : set_tagged_addr_ctrl+0x74/0x15a epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10 [snip] status: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002 set_tagged_addr_ctrl+0x112/0x15a __riscv_sys_prctl+0x352/0x73c do_trap_ecall_u+0x17c/0x20c andle_exception+0x150/0x15c Fix it by checking if Supm is available. | 2025-05-20 | not yet calculated | CVE-2025-37966 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. | 2025-05-20 | not yet calculated | CVE-2025-37967 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making the opt3001_irq() code generally more robust, reading the flag into a variable and using the variable value at both stages. | 2025-05-20 | not yet calculated | CVE-2025-37968 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. | 2025-05-20 | not yet calculated | CVE-2025-37969 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. | 2025-05-20 | not yet calculated | CVE-2025-37970 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 (“staging: vc04_services: Move global g_state to vchiq_state”) changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference. Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes. | 2025-05-20 | not yet calculated | CVE-2025-37971 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys – fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let’s use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won’t be enabled anyway. | 2025-05-20 | not yet calculated | CVE-2025-37972 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length when calculating the length of remaining IEs after the multi-link element in cfg80211_defrag_mle(). This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IEs buffer. To address this issue, correctly calculate the remaining IEs length by deducting the multi-link element end offset from total IEs end offset. | 2025-05-20 | not yet calculated | CVE-2025-37973 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that needs to be checked before dereferencing it as a struct zpci_dev pointer. Add the missing check in __clp_add() where it was missed when adding the scan_list in the fixed commit. Simply not adding the device to the scan list results in the previous behavior. | 2025-05-20 | not yet calculated | CVE-2025-37974 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the relocation section. Simplify to num_relocations which is equivalent to the existing size expression. | 2025-05-20 | not yet calculated | CVE-2025-37975 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 | 2025-05-20 | not yet calculated | CVE-2025-37976 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn’t set If dma-coherent property isn’t set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an incompatible configuration and suffer from random cache related stability issues. | 2025-05-20 | not yet calculated | CVE-2025-37977 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can’t be called from interrupt context. Since a protection information buffer is not backed by a file there is no point in setting its page dirty, there is nothing to synchronize. Drop the call to set_page_dirty_lock() and remove the last argument to bio_integrity_unpin_bvec(). | 2025-05-20 | not yet calculated | CVE-2025-37978 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e (“ASoC: qcom: Add driver support for audioreach solution”) cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-05-20 | not yet calculated | CVE-2025-37979 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak. | 2025-05-20 | not yet calculated | CVE-2025-37980 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether special adjustments need to be made for kdump. This has the effect that after a regular kexec reboot, some driver parameters such as max_transfer_size are much lower than usual. More importantly, kexec reboot tests have revealed memory corruption caused by the driver log being written to system memory after a kexec. Fix this by testing is_kdump_kernel() rather than reset_devices where appropriate. | 2025-05-20 | not yet calculated | CVE-2025-37981 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. | 2025-05-20 | not yet calculated | CVE-2025-37982 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry… this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low… | 2025-05-20 | not yet calculated | CVE-2025-37983 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa – Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation’s ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro in ecc_digits_from_bytes(), whose “nbytes” parameter is a ->key_size() return value in some instances, or a user-specified ASN.1 length in the case of ecdsa_get_signature_rs(). | 2025-05-20 | not yet calculated | CVE-2025-37984 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned | 2025-05-20 | not yet calculated | CVE-2025-37985 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a clean state for future connections. | 2025-05-20 | not yet calculated | CVE-2025-37986 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core’s adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the client drivers cannot simultaneously post adminq commands. However, the completions happen in a different context, which means multiple adminq commands can be posted sequentially and all waiting on completion. On the FW side, the backing adminq request queue is only 16 entries long and the retry mechanism and/or overflow/stuck prevention is lacking. This can cause the adminq to get stuck, so commands are no longer processed and completions are no longer sent by the FW. As an initial fix, prevent more than 16 outstanding adminq commands so there’s no way to cause the adminq from getting stuck. This works because the backing adminq request queue will never have more than 16 pending adminq commands, so it will never overflow. This is done by reducing the adminq depth to 16. | 2025-05-20 | not yet calculated | CVE-2025-37987 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned by *path and at the time when matching unlock_mount() unlocks that location it is still pinned by the same thing. Unfortunately, for ‘beneath’ case it’s no longer that simple – the object being locked is not the one *path points to. It’s the mountpoint of path->mnt. The thing is, without sufficient locking ->mnt_parent may change under us and none of the locks are held at that point. The rules are * mount_lock stabilizes m->mnt_parent for any mount m. * namespace_sem stabilizes m->mnt_parent, provided that m is mounted. * if either of the above holds and refcount of m is positive, we are guaranteed the same for refcount of m->mnt_parent. namespace_sem nests inside inode_lock(), so do_lock_mount() has to take inode_lock() before grabbing namespace_sem. It does recheck that path->mnt is still mounted in the same place after getting namespace_sem, and it does take care to pin the dentry. It is needed, since otherwise we might end up with racing mount –move (or umount) happening while we were getting locks; in that case dentry would no longer be a mountpoint and could’ve been evicted on memory pressure along with its inode – not something you want when grabbing lock on that inode. However, pinning a dentry is not enough – the matching mount is also pinned only by the fact that path->mnt is mounted on top it and at that point we are not holding any locks whatsoever, so the same kind of races could end up with all references to that mount gone just as we are about to enter inode_lock(). If that happens, we are left with filesystem being shut down while we are holding a dentry reference on it; results are not pretty. What we need to do is grab both dentry and mount at the same time; that makes inode_lock() safe *and* avoids the problem with fs getting shut down under us. After taking namespace_sem we verify that path->mnt is still mounted (which stabilizes its ->mnt_parent) and check that it’s still mounted at the same place. From that point on to the matching namespace_unlock() we are guaranteed that mount/dentry pair we’d grabbed are also pinned by being the mountpoint of path->mnt, so we can quietly drop both the dentry reference (as the current code does) and mnt one – it’s OK to do under namespace_sem, since we are not dropping the final refs. That solves the problem on do_lock_mount() side; unlock_mount() also has one, since dentry is guaranteed to stay pinned only until the namespace_unlock(). That’s easy to fix – just have inode_unlock() done earlier, while it’s still pinned by mp->m_dentry. | 2025-05-20 | not yet calculated | CVE-2025-37988 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unregister functions can be called multiple times for the same PHY device, but devm-allocated memory is not freed until the driver is unbound. This also prevents kmemleak from detecting the leak, as the devm API internally stores the allocated pointer. Fix this by replacing devm_kzalloc/devm_kcalloc with standard kzalloc/kcalloc, and add the corresponding kfree calls in the unregister path. | 2025-05-20 | not yet calculated | CVE-2025-37989 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The ‘state.state’ and the ‘state.bytes’ are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the ‘state.state’ and the ‘state.bytes’ are uninitialized. Improve the error message to report more detailed error information. | 2025-05-20 | not yet calculated | CVE-2025-37990 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-processor encounters *any* floating-point instruction except for a double store of register %fr0. The latter cancels all pending traps. Let’s fix this by clearing the Trap (T) bit in the FP status register before returning to the signal handler in userspace. The issue can be reproduced with this test program: root@parisc:~# cat fpe.c static void fpe_func(int sig, siginfo_t *i, void *v) { sigset_t set; sigemptyset(&set); sigaddset(&set, SIGFPE); sigprocmask(SIG_UNBLOCK, &set, NULL); printf(“GOT signal %d with si_code %ldn”, sig, i->si_code); } int main() { struct sigaction action = { .sa_sigaction = fpe_func, .sa_flags = SA_RESTART|SA_SIGINFO }; sigaction(SIGFPE, &action, 0); feenableexcept(FE_OVERFLOW); return printf(“%lfn”,1.7976931348623158E308*1.7976931348623158E308); } root@parisc:~# gcc fpe.c -lm root@parisc:~# ./a.out Floating point exception root@parisc:~# strace -f ./a.out execve(“./a.out”, [“./a.out”], 0xf9ac7034 /* 20 vars */) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 … rt_sigaction(SIGFPE, {sa_handler=0x1110a, sa_mask=[], sa_flags=SA_RESTART|SA_SIGINFO}, NULL, 8) = 0 — SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0x1078f} — — SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0xf8f21237} — +++ killed by SIGFPE +++ Floating point exception | 2025-05-20 | not yet calculated | CVE-2025-37991 |
| eCharge Hardy Barth–cPH2 | eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113. | 2025-05-22 | not yet calculated | CVE-2025-3881 |
| eCharge Hardy Barth–cPH2 | eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114. | 2025-05-22 | not yet calculated | CVE-2025-3882 |
| eCharge Hardy Barth–cPH2 | eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115. | 2025-05-22 | not yet calculated | CVE-2025-3883 |
| Cloudera–Hue | Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332. | 2025-05-22 | not yet calculated | CVE-2025-3884 |
| Harman Becker–MGU21 | Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | 2025-05-22 | not yet calculated | CVE-2025-3885 |
| GStreamer–GStreamer | GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596. | 2025-05-22 | not yet calculated | CVE-2025-3887 |
| Jan Syski–MegaBIP | While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue. | 2025-05-23 | not yet calculated | CVE-2025-3893 |
| Jan Syski–MegaBIP | Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue. | 2025-05-23 | not yet calculated | CVE-2025-3894 |
| Jan Syski–MegaBIP | Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators). Version 5.20 of MegaBIP fixes this issue. | 2025-05-23 | not yet calculated | CVE-2025-3895 |
| OpenVPN–OpenVPN 3 Linux | The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory. | 2025-05-19 | not yet calculated | CVE-2025-3908 |
| Smartbedded–MeteoBridge | The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. | 2025-05-21 | not yet calculated | CVE-2025-4008 |
| Koibox–Koibox | A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the ‘/es/dashboard/clientes/ficha/’ endpoint | 2025-05-20 | not yet calculated | CVE-2025-40633 |
| TP-Link–Link Archer AX50 | Stack-based buffer overflow vulnerability in the ‘conn-indicator’ binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks. | 2025-05-20 | not yet calculated | CVE-2025-40634 |
| Comerzzia–Comerzzia Backoffice: Sales Orchestrator | SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint. | 2025-05-20 | not yet calculated | CVE-2025-40635 |
| Unknown–DIGITS: WordPress Mobile Number Signup and Login | The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them. | 2025-05-21 | not yet calculated | CVE-2025-4094 |
| Unknown–Blog2Social: Social Media Auto Post & Scheduler | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks. | 2025-05-22 | not yet calculated | CVE-2025-4133 |
| Intellian Technologies–Iridium Certus 700 | Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware. | 2025-05-23 | not yet calculated | CVE-2025-41377 |
| Intellian Technologies–Iridium Certus 700 | The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel. | 2025-05-23 | not yet calculated | CVE-2025-41378 |
| Intellian Technologies–Iridium Certus 700 | The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults. | 2025-05-23 | not yet calculated | CVE-2025-41379 |
| Intellian Technologies–Iridium Certus 700 | Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string. | 2025-05-23 | not yet calculated | CVE-2025-41380 |
| Poedit–Poedit | MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application’s previously granted TCC permissions to access user’s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker’s malicious intent. This issue has been fixed in 3.6.3 version of Poedit. | 2025-05-22 | not yet calculated | CVE-2025-4280 |
| Assured Telematics Inc.–Fleet Management System | The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. | 2025-05-20 | not yet calculated | CVE-2025-4364 |
| N/A–N/A | A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection. | 2025-05-22 | not yet calculated | CVE-2025-4366 |
| n/a–n/a | The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers. | 2025-05-19 | not yet calculated | CVE-2025-43714 |
| Studio Fabryka–DobryCMS | DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim’s browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version. | 2025-05-23 | not yet calculated | CVE-2025-4379 |
| n/a–n/a | An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function | 2025-05-21 | not yet calculated | CVE-2025-44040 |
| n/a–n/a | An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication | 2025-05-21 | not yet calculated | CVE-2025-44083 |
| n/a–n/a | D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. | 2025-05-20 | not yet calculated | CVE-2025-44084 |
| n/a–n/a | A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently. | 2025-05-19 | not yet calculated | CVE-2025-44108 |
| Drupal–Piwik PRO | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2. | 2025-05-21 | not yet calculated | CVE-2025-4415 |
| Drupal–Events Log Track | Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. | 2025-05-21 | not yet calculated | CVE-2025-4416 |
| n/a–n/a | A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | 2025-05-20 | not yet calculated | CVE-2025-44880 |
| n/a–n/a | A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | 2025-05-20 | not yet calculated | CVE-2025-44881 |
| n/a–n/a | A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | 2025-05-20 | not yet calculated | CVE-2025-44882 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function. | 2025-05-20 | not yet calculated | CVE-2025-44883 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function. | 2025-05-20 | not yet calculated | CVE-2025-44884 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. | 2025-05-20 | not yet calculated | CVE-2025-44885 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function. | 2025-05-20 | not yet calculated | CVE-2025-44886 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function. | 2025-05-20 | not yet calculated | CVE-2025-44887 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. | 2025-05-20 | not yet calculated | CVE-2025-44888 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. | 2025-05-20 | not yet calculated | CVE-2025-44890 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function. | 2025-05-20 | not yet calculated | CVE-2025-44891 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. | 2025-05-21 | not yet calculated | CVE-2025-44892 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. | 2025-05-20 | not yet calculated | CVE-2025-44893 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function. | 2025-05-20 | not yet calculated | CVE-2025-44894 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. | 2025-05-21 | not yet calculated | CVE-2025-44895 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName parameter in the web_acl_bindEdit_post function. | 2025-05-20 | not yet calculated | CVE-2025-44896 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function. | 2025-05-20 | not yet calculated | CVE-2025-44897 |
| n/a–n/a | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function. | 2025-05-20 | not yet calculated | CVE-2025-44898 |
| n/a–n/a | A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter. | 2025-05-23 | not yet calculated | CVE-2025-44998 |
| n/a–n/a | Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. | 2025-05-22 | not yet calculated | CVE-2025-45468 |
| n/a–n/a | Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. | 2025-05-22 | not yet calculated | CVE-2025-45471 |
| n/a–n/a | Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. | 2025-05-22 | not yet calculated | CVE-2025-45472 |
| OpenSSL–OpenSSL | Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste error during minor refactoring of the code introduced this issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate should be trusted only for the purpose of authenticating TLS servers but not for CMS signature verification and the CMS signature verification is intended to be marked as rejected with the -addreject option, the resulting CA certificate will be trusted for CMS signature verification purpose instead. Only users which use the trusted certificate format who use the openssl x509 command line application to add rejected uses are affected by this issue. The issues affecting only the command line application are considered to be Low severity. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this issue. | 2025-05-22 | not yet calculated | CVE-2025-4575 |
| n/a–n/a | A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. | 2025-05-21 | not yet calculated | CVE-2025-45752 |
| n/a–n/a | A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. | 2025-05-21 | not yet calculated | CVE-2025-45753 |
| n/a–n/a | A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. | 2025-05-21 | not yet calculated | CVE-2025-45754 |
| n/a–n/a | A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution. | 2025-05-21 | not yet calculated | CVE-2025-45755 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. | 2025-05-20 | not yet calculated | CVE-2025-45862 |
| n/a–n/a | Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. | 2025-05-23 | not yet calculated | CVE-2025-46176 |
| langroid–langroid | Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. | 2025-05-20 | not yet calculated | CVE-2025-46725 |
| PgPool Global Development Group–Pgpool-II | Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database. | 2025-05-19 | not yet calculated | CVE-2025-46801 |
| OsamaTaher–Java-springboot-codebase | OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue. | 2025-05-21 | not yet calculated | CVE-2025-46822 |
| Digital Arts Inc.–i-FILTER | The optional feature ‘Anti-Virus & Sandbox’ of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition. | 2025-05-23 | not yet calculated | CVE-2025-47149 |
| gardener–external-dns-management | Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener’s External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue. | 2025-05-19 | not yet calculated | CVE-2025-47282 |
| gardener–gardener | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue. | 2025-05-19 | not yet calculated | CVE-2025-47283 |
| gardener–gardener | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue. | 2025-05-19 | not yet calculated | CVE-2025-47284 |
| containerd–containerd | containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. | 2025-05-20 | not yet calculated | CVE-2025-47290 |
| containerd–containerd | containerd is an open-source container runtime. A bug was found in the containerd’s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn’t put usernamespaced containers under the Kubernetes’ cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily. | 2025-05-21 | not yet calculated | CVE-2025-47291 |
| asterisk–asterisk | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. | 2025-05-22 | not yet calculated | CVE-2025-47780 |
| openpgpjs–openpgpjs | OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker’s choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker’s choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`. | 2025-05-19 | not yet calculated | CVE-2025-47934 |
| tngan–samlify | samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue. | 2025-05-19 | not yet calculated | CVE-2025-47949 |
| Drupal–Single Content Sync | Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | 2025-05-21 | not yet calculated | CVE-2025-48009 |
| Drupal–One Time Password | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | 2025-05-21 | not yet calculated | CVE-2025-48010 |
| Drupal–One Time Password | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | 2025-05-21 | not yet calculated | CVE-2025-48011 |
| Drupal–One Time Password | Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0. | 2025-05-21 | not yet calculated | CVE-2025-48012 |
| jqlang–jq | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available. | 2025-05-21 | not yet calculated | CVE-2025-48060 |
| xwiki–xwiki-platform | XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn’t have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they’re not giving a right to a script or object that it didn’t have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned about the dangerous content unless the attacker managed to bypass this check. Note also that none of the affected versions include a UI for enabling the enforcing of required rights so it seems unlikely that anybody relied on them for security in the affected versions. As this vulnerability provides no additional attack surface unless all documents in the wiki enforce required rights, we consider the impact of this attack to be low even though gaining programming right could have a high impact. This vulnerability has been patched in XWiki 16.10.4 and 17.1.0RC1. No known workarounds are available except for upgrading. | 2025-05-21 | not yet calculated | CVE-2025-48063 |
| gofiber–fiber | Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue. | 2025-05-22 | not yet calculated | CVE-2025-48075 |
| TYPO3–ns backup extension | The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | 2025-05-21 | not yet calculated | CVE-2025-48206 |
| Intermesh–groupoffice | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persistent JavaScript payloads, which are triggered in the context of another user when they view the Address Book. Successful exploitation enables actions such as forced redirects, unauthorized fetch requests, or other arbitrary JavaScript execution without user interaction. Versions 6.8.119 and 25.0.20 contain a fix for the issue. | 2025-05-22 | not yet calculated | CVE-2025-48366 |
| Intermesh–groupoffice | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim’s browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM. Versions 6.8.119 and 25.0.20 contain a fix for the issue. | 2025-05-22 | not yet calculated | CVE-2025-48368 |
| Intermesh–groupoffice | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice’s tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an file with a crafted filename. When administrators or other users view the task containing this malicious file, the payload executes in their browser context. The application fails to sanitize image filenames before rendering them in the comment. By uploading an image with a crafted filename containing XSS payloads, attackers can steal sensitive information. Versions 6.8.119 and 25.0.20 contain a fix for the issue. | 2025-05-22 | not yet calculated | CVE-2025-48369 |
| openfga–openfga | OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible. | 2025-05-22 | not yet calculated | CVE-2025-48371 |
| schule111–Schule | Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000-9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue. | 2025-05-22 | not yet calculated | CVE-2025-48372 |
| schule111–Schule | Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser (e.g., via browser dev tools or intercepting API responses) and set data.role to any arbitrary value (e.g., “admin”), gaining unauthorized access to restricted areas of the application. | 2025-05-22 | not yet calculated | CVE-2025-48373 |
| project-zot–zot | zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue. | 2025-05-22 | not yet calculated | CVE-2025-48374 |
| schule111–Schule | Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue. | 2025-05-23 | not yet calculated | CVE-2025-48375 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue. | 2025-05-23 | not yet calculated | CVE-2025-48377 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue. | 2025-05-23 | not yet calculated | CVE-2025-48378 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system “root” user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell). | 2025-05-21 | not yet calculated | CVE-2025-48413 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface. | 2025-05-21 | not yet calculated | CVE-2025-48414 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted “salia.ini” files. The .ini file can contain several “commands” that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands. | 2025-05-21 | not yet calculated | CVE-2025-48415 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the “/etc/shadow” file in the firmware image for the “root” user. However, in the default SSH configuration the “PermitRootLogin” is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though. | 2025-05-21 | not yet calculated | CVE-2025-48416 |
| eCharge Hardy Barth–cPH2 / cPP2 charging stations | The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates. | 2025-05-21 | not yet calculated | CVE-2025-48417 |
| StrangeBee–TheHive | An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exhaustion for targeted users, reputation damage to the SMTP server, potentially causing it to be blacklisted, and overload of the SMTP server’s outbound mail queue. | 2025-05-23 | not yet calculated | CVE-2025-48738 |
| StrangeBee–TheHive | A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network. | 2025-05-23 | not yet calculated | CVE-2025-48739 |
| StrangeBee–TheHive | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim’s behalf, if the attacker lures a privileged user, authenticated with basic authentication. | 2025-05-23 | not yet calculated | CVE-2025-48740 |
| StrangeBee–TheHive | A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user’s permissions, through a specific API endpoint. | 2025-05-23 | not yet calculated | CVE-2025-48741 |
| Eclipse JGit–Eclipse JGit | In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues. | 2025-05-21 | not yet calculated | CVE-2025-4949 |
| Broadcom–Automic Automation | Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. | 2025-05-19 | not yet calculated | CVE-2025-4971 |
| TP-Link Systems Inc.–TP-Link Tapo app | When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. | 2025-05-22 | not yet calculated | CVE-2025-4975 |
| Mozilla–Firefox for iOS | Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139. | 2025-05-21 | not yet calculated | CVE-2025-5020 |
| Mobile Dynamix–PrinterShare Mobile Print | PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user’s Gmail account without proper authorization. | 2025-05-23 | not yet calculated | CVE-2025-5098 |
| Mobile Dynamix–PrinterShare Mobile Print | An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | 2025-05-23 | not yet calculated | CVE-2025-5099 |
| Mobile Dynamix–PrinterShare Mobile Print | A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | 2025-05-23 | not yet calculated | CVE-2025-5100 |