CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9175 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be p… | |||
| CVE-2025-9174 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os… | |||
| CVE-2025-38584 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. A refe… | |||
| CVE-2025-38250 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38471 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-9091 | high | 7.8 | 7.8 | 10mo ago | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials.… | |||
| CVE-2025-38552 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch betw… | |||
| CVE-2025-8964 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper aut… | |||
| CVE-2025-8962 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The mani… | |||
| CVE-2025-53732 | high | 7.8 | 7.8 | 10mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-8846 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to b… | |||
| CVE-2025-8845 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possibl… | |||
| CVE-2025-8843 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is… | |||
| CVE-2025-8842 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to … | |||
| CVE-2025-8837 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to … | |||
| CVE-2025-38079 | high | 7.8 | 7.8 | 10mo ago | Moderate: kernel security update | |||
| CVE-2025-8794 | high | 7.8 | 7.8 | 10mo ago | A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. Th… | |||
| CVE-2025-21727 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-21726 | high | 7.8 | 7.8 | 10mo ago | Moderate: kernel security update | |||
| CVE-2025-7425 | high | 7.8 | 7.8 | 10mo ago | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragm… | |||
| CVE-2025-5039 | high | 7.8 | 7.8 | 11mo ago | A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrust… | |||
| CVE-2025-7884 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipul… | |||
| CVE-2025-7883 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Po… | |||
| CVE-2025-7564 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the … | |||
| CVE-2025-7546 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation le… | |||
| CVE-2025-7545 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-ba… | |||
| CVE-2025-38280 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 _… | |||
| CVE-2025-49702 | high | 7.8 | 7.8 | 11mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-38236 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The follo… | |||
| CVE-2025-38212 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://l… | |||
| CVE-2025-38198 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will … | |||
| CVE-2025-6857 | high | 7.8 | 7.8 | 11mo ago | A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-b… | |||
| CVE-2025-6856 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking … | |||
| CVE-2025-6818 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer ov… | |||
| CVE-2025-6516 | high | 7.8 | 7.8 | 1y ago | A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to h… | |||
| CVE-2025-49848 | high | 7.8 | 7.8 | 1y ago | An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruptio… | |||
| CVE-2025-21764 | high | 7.8 | 7.8 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-5245 | high | 7.8 | 7.8 | 1y ago | A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation l… | |||
| CVE-2025-5244 | high | 7.8 | 7.8 | 1y ago | A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulatio… | |||
| CVE-2025-21756 | high | 7.8 | 7.8 | 1y ago | Important: kernel security update | |||
| CVE-2025-30388 | high | 7.8 | 7.8 | 1y ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30386 | high | 7.8 | 7.8 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-22069 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Naresh Kamboju reported a "Bad f… | |||
| CVE-2025-21858 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. gen… | |||
| CVE-2025-26597 | high | 7.8 | 7.8 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-21772 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoff… | |||
| CVE-2025-21763 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protect… | |||
| CVE-2025-21762 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid poten… | |||
| CVE-2025-21761 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RC… | |||
| CVE-2025-21760 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock(… | |||
| CVE-2025-21753 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and i… | |||
| CVE-2025-21735 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more th… | |||
| CVE-2025-21724 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Resolve a UBSAN shift-out-of-bounds issue in iova_b… | |||
| CVE-2025-21704 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,… | |||
| CVE-2025-21692 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bou… | |||
| CVE-2025-21402 | high | 7.8 | 7.8 | 1y ago | Microsoft Office OneNote Remote Code Execution Vulnerability | |||
| CVE-2025-21361 | high | 7.8 | 7.8 | 1y ago | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2025-21338 | high | 7.8 | 7.8 | 1y ago | GDI+ Remote Code Execution Vulnerability | |||
| CVE-2025-13601 | high | 7.7 | 7.7 | 5mo ago | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of u… | |||
| CVE-2025-59566 | high | 7.7 | 7.7 | 8mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme'… | |||
| CVE-2025-58959 | high | 7.7 | 7.7 | 8mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4. | |||
| CVE-2025-24735 | high | 7.7 | 7.7 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live … | |||
| CVE-2025-15655 | high | 7.6 | 7.6 | 3d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a … | |||
| CVE-2025-36126 | high | 7.6 | 7.6 | 11d ago | IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows… | |||
| CVE-2025-68060 | high | 7.6 | 7.6 | 1mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through … | |||
| CVE-2025-14343 | high | 7.6 | 7.6 | 3mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-C… | |||
| CVE-2025-7760 | high | 7.6 | 7.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through H… | |||
| CVE-2025-8461 | high | 7.6 | 7.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS. This issue affects syWEB: through 03022026. … | |||
| CVE-2025-8456 | high | 7.6 | 7.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected… | |||
| CVE-2025-8589 | high | 7.6 | 7.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS. This is… | |||
| CVE-2025-2406 | high | 7.6 | 7.6 | 5mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows… | |||
| CVE-2025-2405 | high | 7.6 | 7.6 | 5mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allow… | |||
| CVE-2025-2307 | high | 7.6 | 7.6 | 5mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allow… | |||
| CVE-2025-13124 | high | 7.6 | 7.6 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers. This issue affects ApplyLogic: thro… | |||
| CVE-2025-13003 | high | 7.6 | 7.6 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers. This issue affects AxOnboard: from… | |||
| CVE-2025-10914 | high | 7.6 | 7.6 | 8mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS. T… | |||
| CVE-2025-49898 | high | 7.6 | 7.6 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14. | |||
| CVE-2025-47643 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Prod… | |||
| CVE-2025-32128 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locati… | |||
| CVE-2025-31420 | high | 7.6 | 7.6 | 1y ago | Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2. | |||
| CVE-2025-23784 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distri… | |||
| CVE-2025-22527 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mai… | |||
| CVE-2025-22350 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: fro… | |||
| CVE-2025-8873 | high | 7.5 | 7.5 | 2d ago | On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, a… | |||
| CVE-2025-46638 | high | 7.5 | 7.5 | 2d ago | Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial o… | |||
| CVE-2025-58024 | high | 7.5 | 7.5 | 4d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affec… | |||
| CVE-2025-70099 | high | 7.5 | 7.5 | 6d ago | A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesyste… | |||
| CVE-2025-41271 | high | 7.5 | 7.5 | 8d ago | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers … | |||
| CVE-2025-14713 | high | 7.5 | 7.5 | 10d ago | An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. | |||
| CVE-2025-36221 | high | 7.5 | 7.5 | 11d ago | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst… | |||
| CVE-2025-11482 | high | 7.5 | 7.5 | 11d ago | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack… | |||
| CVE-2025-45145 | high | 7.5 | 7.5 | 15d ago | Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter | |||
| CVE-2025-32749 | high | 7.5 | 7.5 | 15d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi… | |||
| CVE-2025-13479 | high | 7.5 | 7.5 | 16d ago | Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug… | |||
| CVE-2025-32750 | high | 7.5 | 7.5 | 17d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi… | |||
| CVE-2025-61081 | high | 7.5 | 7.5 | 18d ago | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||
| CVE-2025-15609 | high | 7.5 | 7.5 | 19d ago | The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like… | |||
| CVE-2025-11234 | high | 7.5 | 7.5 | 19d ago | A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use… | |||
| CVE-2025-56352 | high | 7.5 | 7.5 | 19d ago | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C… | |||
| CVE-2025-14870 | high | 7.5 | 7.5 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause … |