CVEs from 2025
Total
8,837
critical
critical 1,330
high
high 1,999
medium
medium 1,984
low
low 202
% Critical
15.1%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3191 | medium | 6.1 | 6.1 | 1y ago | React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button | |||
| CVE-2025-26917 | medium | 6.1 | 6.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a th… | |||
| CVE-2025-1467 | medium | 6.1 | 6.1 | 1y ago | tarteaucitron Cross-site Scripting (XSS) | |||
| CVE-2025-1223 | medium | 6.1 | 6.1 | 1y ago | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||
| CVE-2025-1222 | medium | 6.1 | 6.1 | 1y ago | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||
| CVE-2025-22763 | medium | 6.1 | 6.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1. | |||
| CVE-2025-46310 | medium | 6.0 | 6.0 | 4mo ago | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete pr… | |||
| CVE-2025-10466 | medium | 5.9 | 5.9 | 9d ago | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi… | |||
| CVE-2025-62127 | medium | 5.9 | 5.9 | 29d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a th… | |||
| CVE-2025-70071 | medium | 5.9 | 5.9 | 1mo ago | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() | |||
| CVE-2025-15598 | medium | 5.9 | 5.9 | 3mo ago | A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing … | |||
| CVE-2025-49336 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <=… | |||
| CVE-2025-69362 | medium | 5.9 | 5.9 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2. | |||
| CVE-2025-15153 | medium | 5.9 | 5.9 | 5mo ago | A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or … | |||
| CVE-2025-15105 | medium | 5.9 | 5.9 | 5mo ago | A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the … | |||
| CVE-2025-67632 | medium | 5.9 | 5.9 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design – GARD google-adsense-for-responsive-desi… | |||
| CVE-2025-14954 | medium | 5.9 | 5.9 | 6mo ago | A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/… | |||
| CVE-2025-49918 | medium | 5.9 | 5.9 | 6mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hote… | |||
| CVE-2025-67555 | medium | 5.9 | 5.9 | 6mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects Us… | |||
| CVE-2025-63033 | medium | 5.9 | 5.9 | 6mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elemento… | |||
| CVE-2025-12616 | medium | 5.9 | 5.9 | 7mo ago | A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive info… | |||
| CVE-2025-53057 | medium | 5.9 | 5.9 | 8mo ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-59593 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Coli… | |||
| CVE-2025-49923 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This is… | |||
| CVE-2025-54265 | medium | 5.9 | 5.9 | 8mo ago | Magento allows incorrect authorization | |||
| CVE-2025-11443 | medium | 5.9 | 5.9 | 8mo ago | A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes i… | |||
| CVE-2025-9232 | medium | 5.9 | 5.9 | 8mo ago | Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority compone… | |||
| CVE-2025-60179 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through … | |||
| CVE-2025-60177 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a th… | |||
| CVE-2025-58674 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a … | |||
| CVE-2025-58658 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notification… | |||
| CVE-2025-57998 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Reza Yazdani E-namad & Shamed Logo Manager e-namad-shamed-logo-manager allows Stored XSS.Th… | |||
| CVE-2025-57935 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analyti… | |||
| CVE-2025-53455 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue… | |||
| CVE-2025-58982 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector pixelines-email-protector allows Stored XSS.This issue affect… | |||
| CVE-2025-48102 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-p… | |||
| CVE-2025-58825 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form comment-form-wp allows Stored XSS… | |||
| CVE-2025-9901 | medium | 5.9 | 5.9 | 9mo ago | A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on requ… | |||
| CVE-2025-9828 | medium | 5.9 | 5.9 | 9mo ago | A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The… | |||
| CVE-2025-48358 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce risk-free-cash-on-delivery-cod-woocom… | |||
| CVE-2025-9019 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow… | |||
| CVE-2025-49048 | medium | 5.9 | 5.9 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-… | |||
| CVE-2025-8759 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownl… | |||
| CVE-2025-8741 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation le… | |||
| CVE-2025-8537 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component m… | |||
| CVE-2025-8528 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext st… | |||
| CVE-2025-7099 | medium | 5.9 | 5.9 | 11mo ago | A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component … | |||
| CVE-2025-53285 | medium | 5.9 | 5.9 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon add-replace-affiliate-links-for-amazon … | |||
| CVE-2025-6533 | medium | 5.9 | 5.9 | 1y ago | A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/c… | |||
| CVE-2025-3576 | medium | 5.9 | 5.9 | 1y ago | RHSA-2025:8411: krb5 security update (Moderate) | |||
| CVE-2025-50026 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through <= 2.17.0. | |||
| CVE-2025-50011 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH:… | |||
| CVE-2025-49322 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/… | |||
| CVE-2025-4527 | medium | 5.9 | 5.9 | 1y ago | A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulatio… | |||
| CVE-2025-39562 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue a… | |||
| CVE-2025-24651 | medium | 5.9 | 5.9 | 1y ago | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress B… | |||
| CVE-2025-31837 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | |||
| CVE-2025-31101 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact F… | |||
| CVE-2025-55018 | medium | 5.8 | 5.8 | 4mo ago | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, Fo… | |||
| CVE-2025-59003 | medium | 5.8 | 5.8 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through <= 4.2.3. | |||
| CVE-2025-54743 | medium | 5.8 | 5.8 | 6mo ago | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Em… | |||
| CVE-2025-49919 | medium | 5.8 | 5.8 | 6mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.… | |||
| CVE-2025-31421 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Sr… | |||
| CVE-2025-31558 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress tailpress allows Retrieve Embedded Sensitive Data.This issue affects TailPress: from n/… | |||
| CVE-2025-31550 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS wp-less allows Retrieve Embedded Sensitive Data.This issue affects WP-LESS: from n/a thr… | |||
| CVE-2025-22633 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in StellarWP Give – Divi Donation Modules give-donation-modules-for-divi allows Retrieve Embedded Sensiti… | |||
| CVE-2025-31957 | medium | 5.7 | 5.7 | 1mo ago | HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data. | |||
| CVE-2025-14139 | medium | 5.7 | 5.7 | 6mo ago | A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName … | |||
| CVE-2025-66593 | medium | 5.6 | 5.6 | 9d ago | An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. | |||
| CVE-2025-66592 | medium | 5.6 | 5.6 | 9d ago | An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-servi… | |||
| CVE-2025-13593 | medium | 5.6 | 5.6 | 9d ago | Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during instal… | |||
| CVE-2025-29338 | medium | 5.6 | 5.6 | 23d ago | NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function. | |||
| CVE-2025-43992 | medium | 5.6 | 5.6 | 25d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica… | |||
| CVE-2025-14660 | medium | 5.6 | 5.6 | 6mo ago | A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain H… | |||
| CVE-2025-14087 | medium | 5.6 | 5.6 | 6mo ago | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GV… | |||
| CVE-2025-14276 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command… | |||
| CVE-2025-13948 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Exec… | |||
| CVE-2025-13877 | medium | 5.6 | 5.6 | 6mo ago | Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments | |||
| CVE-2025-47203 | medium | — | 5.5 | — | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. | |||
| CVE-2025-2703 | medium | — | 5.5 | — | multiple issues in grafana | |||
| CVE-2025-5025 | medium | — | 5.5 | — | libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolf… | |||
| CVE-2025-4947 | medium | — | 5.5 | — | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-mid… | |||
| CVE-2025-46807 | medium | — | 5.5 | — | A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh … | |||
| CVE-2025-70100 | medium | 5.5 | 5.5 | 2d ago | A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi… | |||
| CVE-2025-5085 | medium | 5.5 | 5.5 | 3d ago | The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an… | |||
| CVE-2025-59609 | medium | 5.5 | 5.5 | 3d ago | Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. | |||
| CVE-2025-48648 | medium | 5.5 | 5.5 | 3d ago | In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need… | |||
| CVE-2025-60495 | medium | 5.5 | 5.5 | 4d ago | A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a … | |||
| CVE-2025-60486 | medium | 5.5 | 5.5 | 4d ago | A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file. | |||
| CVE-2025-60485 | medium | 5.5 | 5.5 | 4d ago | A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr… | |||
| CVE-2025-60483 | medium | 5.5 | 5.5 | 4d ago | A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) … | |||
| CVE-2025-60481 | medium | 5.5 | 5.5 | 4d ago | A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted… | |||
| CVE-2025-55664 | medium | 5.5 | 5.5 | 4d ago | A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||
| CVE-2025-53020 | medium | — | 5.5 | 4d ago | Moderate: mod_http2 security update | |||
| CVE-2025-15649 | medium | 5.5 | 5.5 | 9d ago | IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification da… | |||
| CVE-2025-68712 | medium | 5.5 | 5.5 | 9d ago | SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mec… | |||
| CVE-2025-43451 | medium | 5.5 | 5.5 | 10d ago | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-46307 | medium | 5.5 | 5.5 | 10d ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-46280 | medium | 5.5 | 5.5 | 10d ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. | |||
| CVE-2025-43289 | medium | 5.5 | 5.5 | 10d ago | A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data. |