Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat
Vulnerabilities
CVE-2025-65221 | Tenda AC21 16.03.08.16 /goform/setPptpUserList list buffer overflow
A vulnerability, which was classified as critical, has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of
CVE-2025-65222 | Tenda AC21 16.03.08.16 SetSysAutoRebbotCfg rebootTime buffer overflow
A vulnerability, which was classified as critical, was found in Tenda AC21 16.03.08.16. This issue affects some unknown processing of
CVE-2025-65223 | Tenda AC21 16.03.08.16 saveParentControlInfo urls buffer overflow
A vulnerability has been found in Tenda AC21 16.03.08.16 and classified as critical. Impacted is an unknown function of the
CVE-2025-65220 | Tenda AC21 16.03.08.16 SetVirtualServerCfg list buffer overflow
A vulnerability was found in Tenda AC21 16.03.08.16 and classified as critical. The affected element is an unknown function of
CVE-2025-36161 | IBM Concert up to 2.0.0 risky encryption
A vulnerability was found in IBM Concert up to 2.0.0. It has been classified as problematic. The impacted element is
CVE-2025-34320 | BASIS International BBj up to 24.x BBj Service path traversal
A vulnerability was found in BASIS International BBj up to 24.x. It has been declared as critical. This affects an
CVE-2025-60737 | Ilevia EVE X1 Server up to 6.00 2025_07_21 /index.php cross site scripting
A vulnerability was found in Ilevia EVE X1 Server up to 6.00 2025_07_21. It has been rated as problematic. This
CVE-2025-13425 | Google OSV-SCALIBR up to 0.3.3 diriterate.go Next null pointer dereference
A vulnerability categorized as problematic has been discovered in Google OSV-SCALIBR up to 0.3.3. Affected is the function Next of
CVE-2025-62293 | SOPlanning up to 1.53 /status endpoint authorization
A vulnerability identified as problematic has been detected in SOPlanning up to 1.53. Affected by this vulnerability is an unknown
CVE-2025-40604 | SonicWall Email Security Filesystem Image code download (SNWLID-2025-0018)
A vulnerability classified as critical has been found in SonicWall Email Security. This impacts an unknown function of the component
CVE-2025-41074 | LimeSurvey 6.13.0 Endpoint /optout infinite loop
A vulnerability classified as problematic was found in LimeSurvey 6.13.0. Affected is an unknown function of the file /optout of
CVE-2025-41075 | LimeSurvey 6.13.0 /optin infinite loop
A vulnerability, which was classified as problematic, has been found in LimeSurvey 6.13.0. Affected by this vulnerability is an unknown
CVE-2025-12414 | Google Looker up to 25.11.x authentication spoofing (GCP-2025-067)
A vulnerability, which was classified as critical, was found in Google Looker up to 25.11.x. Affected by this issue is
CVE-2025-40601 | SonicWall SonicOS SSLVPN Service stack-based overflow (SNWLID-2025-0016)
A vulnerability has been found in SonicWall SonicOS and classified as critical. This affects an unknown part of the component
CVE-2025-40605 | SonicWall Email Security path traversal (SNWLID-2025-0018)
A vulnerability was found in SonicWall Email Security and classified as critical. This vulnerability affects unknown code. Such manipulation leads
CVE-2025-41076 | LimeSurvey 6.13.0 Yii information exposure
A vulnerability was found in LimeSurvey 6.13.0. It has been classified as problematic. This issue affects some unknown processing of
CVE-2025-62346 | HCL Glovius Cloud up to S05.25 cross-site request forgery (KB0126459)
A vulnerability marked as problematic has been reported in HCL Glovius Cloud up to S05.25. The impacted element is an
CVE-2025-11676 | TP-Link TL-WR940N V6 up to Build 220801 UPnP denial of service
A vulnerability described as problematic has been identified in TP-Link TL-WR940N V6 up to Build 220801. This affects an unknown
CVE-2025-64984 | Kaspersky Endpoint Security cross site scripting
A vulnerability labeled as problematic has been found in Kaspersky Endpoint Security and Industrial CyberSecurity for Linux Nodes. The affected
CVE-2025-12502 | attention-bar Plugin up to 0.7.2.1 on WordPress sql injection
A vulnerability was found in attention-bar Plugin up to 0.7.2.1 on WordPress. It has been classified as critical. Affected by
CVE-2025-55126 | Revive Adserver 6.0.2 Navigation Box cross site scripting
A vulnerability was found in Revive Adserver 6.0.2. It has been declared as problematic. This affects an unknown part of
CVE-2025-48986 | Revive Adserver 5.5.2/6.0.1 Email Address access control
A vulnerability was found in Revive Adserver 5.5.2/6.0.1. It has been rated as critical. This vulnerability affects unknown code of
CVE-2025-13468 | SourceCodester Alumni Management System 1.0 Delete admin/admin_class.php ID authorization
A vulnerability categorized as critical has been discovered in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event
CVE-2025-13469 | Public Knowledge Project omp/ojs 3.3.0/3.4.0/3.5.0 Payment Instructions Setting paymentForm.tpl manualInstructions cross site scripting (Issue 12022)
A vulnerability identified as problematic has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown
Slackware 15.0: OpenVPN Important State Exhaustion Issue SSA:2025-323-01
New openvpn packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS: USN-7861-4 Linux Kernel Updates for AWS
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 16.04 LTS USN-7875-1 Linux Kernel Critical VMSCAPE Threat
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-47914 | x-crypto SSH Agent Server structural elements
A vulnerability classified as problematic has been found in x-crypto. The affected element is an unknown function of the component
CVE-2025-63719 | Campcodes Online Hospital Management System 1.0 /admin/index.php Username sql injection
A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown
CVE-2025-63371 | Milos Paripovic OneCommander 3.102.0.0 ZIP File Parser path traversal
A vulnerability, which was classified as critical, has been found in Milos Paripovic OneCommander 3.102.0.0. This affects an unknown function
CVE-2025-58181 | x-crypto GSSAPI Authentication Request Parser improper validation of specified quantity in input
A vulnerability, which was classified as problematic, was found in x-crypto. This impacts an unknown function of the component GSSAPI
CVE-2025-11884 | Microfocus OpenText uCMDB 24.4 cross site scripting
A vulnerability has been found in Microfocus OpenText uCMDB 24.4 and classified as problematic. Affected is an unknown function. The
CVE-2025-13147 | Progress MOVEit Transfer up to 2024.1.7/2025.0.3 server-side request forgery
A vulnerability was found in Progress MOVEit Transfer up to 2024.1.7/2025.0.3 and classified as critical. Affected by this vulnerability is
Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446
Topic: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Risk: Medium Text:# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 # Author: nu11secur1ty # Date:
CVE-2025-51663 | FileCodeBox up to 2.2 Header X-Real-IP/X-Forwarded-For excessive authentication (ID 350)
A vulnerability was found in FileCodeBox up to 2.2. It has been classified as problematic. This impacts an unknown function
CVE-2025-36371 | IBM i 7.2/7.3/7.4/7.5/7.6 get request method with sensitive query strings
A vulnerability was found in IBM i 7.2/7.3/7.4/7.5/7.6. It has been declared as problematic. Affected is an unknown function. The
CVE-2025-63213 | QVidium Opera11 2.9.0-Ax4x GET /cgi-bin/net_ping.cgi command injection
A vulnerability was found in QVidium Opera11 2.9.0-Ax4x. It has been rated as critical. Affected by this vulnerability is an
CVE-2025-63932 | D-Link DIR-868L FW106KRb01 HNAP Service SOAPAction os command injection
A vulnerability categorized as critical has been discovered in D-Link DIR-868L FW106KRb01. Affected by this issue is some unknown functionality
CVE-2025-63212 | GatesAir Flexiva-LX 1.0.13/2.0 /log/Flexiva%20LX.log log file
A vulnerability identified as problematic has been detected in GatesAir Flexiva-LX 1.0.13/2.0. This affects an unknown part of the file
CVE-2025-51661 | FileCodeBox up to 2.2 POST core/storage.py SystemFileStorage.save_file path traversal (ID 349)
A vulnerability labeled as critical has been found in FileCodeBox up to 2.2. This vulnerability affects the function SystemFileStorage.save_file of
CVE-2025-63214 | Bridgetech VBC Server & Element Manager 6.5.0-9/6.5.0-10 improper authorization
A vulnerability marked as critical has been reported in Bridgetech VBC Server & Element Manager 6.5.0-9/6.5.0-10. This issue affects some
CVE-2025-51662 | FileCodeBox up to 2.2 cross site scripting (ID 351)
A vulnerability described as problematic has been identified in FileCodeBox up to 2.2. Impacted is an unknown function. The manipulation
CVE-2025-13443 | macrozheng mall up to 1.0.3 delete ids access control
A vulnerability marked as critical has been reported in macrozheng mall up to 1.0.3. Affected by this issue is the
CVE-2025-13445 | Tenda AC21 16.03.08.16 /goform/SetIpMacBind list stack-based overflow
A vulnerability described as critical has been identified in Tenda AC21 16.03.08.16. This affects an unknown part of the file
CVE-2025-13446 | Tenda AC21 16.03.08.16 /goform/SetSysTimeCfg timeZone/time stack-based overflow
A vulnerability classified as critical has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file
CVE-2025-13449 | code-projects Online Shop Project 1.0 /login.php Password sql injection
A vulnerability classified as critical was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of
CVE-2025-13450 | SourceCodester Online Shop Project 1.0 /shop/register.php f_name cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Shop Project 1.0. Impacted is an unknown
CVE-2025-13451 | SourceCodester Online Shop Project 1.0 /action.php Search sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Shop Project 1.0. The affected element is an
CVE-2025-65094 | WBCE CMS up to 1.6.3 Group Membership /admin/users/save.php groups[] privileges assignment
A vulnerability has been found in WBCE CMS up to 1.6.3 and classified as critical. The impacted element is an
CVE-2025-65103 | devcode-it openstamanager up to 2.9.4 API display sql injection
A vulnerability was found in devcode-it openstamanager up to 2.9.4 and classified as critical. This affects an unknown function of
CVE-2025-63207 | RVR TEX TEXL-000400 /_Passwd.html access control
A vulnerability has been found in RVR TEX TEXL-000400 and classified as critical. This impacts an unknown function of the
CVE-2025-63209 | ELCA Star Transmitter Remote Control 1.25 /setup.xml information disclosure
A vulnerability was found in ELCA Star Transmitter Remote Control 1.25 and classified as problematic. Affected is an unknown function
CVE-2025-63210 | Newtec Celox UHD CELOXA504/Celox UHD CELOXA820 21.6.13 /celoxservice injection
A vulnerability was found in Newtec Celox UHD CELOXA504 and Celox UHD CELOXA820 21.6.13. It has been classified as problematic.
CVE-2025-64521 | goauthentik up to 2025.8.4/2025.10.1 client_id/client_secret authentication bypass by alternate name
A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been declared as problematic. Affected by this issue
CVE-2025-64708 | goauthentik up to 2025.8.4/2025.10.1 session expiration (GHSA-ch7q-53v8-73pc)
A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been rated as problematic. This affects an unknown
CVE-2025-63208 | Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8 /probe/core/setup/passwd information disclosure
A vulnerability categorized as problematic has been discovered in Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8. This vulnerability affects unknown
CVE-2025-65020 | lukevella rallly up to 4.5.3 polls.duplicate pollId improper authorization (GHSA-44w7-pf32-gv5m)
A vulnerability identified as critical has been detected in lukevella rallly up to 4.5.3. This issue affects some unknown processing
CVE-2025-65021 | lukevella rallly up to 4.5.3 pollId improper authorization (GHSA-x7w2-g548-4qg8)
A vulnerability labeled as critical has been found in lukevella rallly up to 4.5.3. Impacted is an unknown function. Executing
CVE-2025-65028 | lukevella rallly up to 4.5.3 participantId improper authorization (GHSA-pchc-v5hg-f5gp)
A vulnerability marked as critical has been reported in lukevella rallly up to 4.5.3. The affected element is an unknown
CVE-2025-65029 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-f8jc-6746-ww95)
A vulnerability described as critical has been identified in lukevella rallly up to 4.5.3. The impacted element is an unknown
CVE-2025-65030 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-4j32-25f9-qgfm)
A vulnerability classified as critical has been found in lukevella rallly up to 4.5.3. This affects an unknown function of
CVE-2025-65031 | lukevella rallly up to 4.5.3 Comment Creation Endpoint authorName improper authorization (GHSA-hhfc-6gq7-rrpm)
A vulnerability classified as critical was found in lukevella rallly up to 4.5.3. This impacts an unknown function of the
CVE-2025-65032 | lukevella rallly up to 4.5.3 participantId authorization (GHSA-q9m7-chfx-43xw)
A vulnerability, which was classified as problematic, has been found in lukevella rallly up to 4.5.3. Affected is an unknown
CVE-2025-13315 | Lynxtechnology Twonky Server 8.5.2 Web Service API unprotected alternate channel
A vulnerability, which was classified as critical, was found in Lynxtechnology Twonky Server 8.5.2. Affected by this vulnerability is an
CVE-2025-65089 | xwikisas xwiki-pro-macros up to 1.26.x authorization
A vulnerability has been found in xwikisas xwiki-pro-macros up to 1.26.x and classified as problematic. Affected by this issue is
CVE-2025-65033 | lukevella rallly up to 4.5.3 improper authorization (GHSA-4p93-v53r-vch3)
A vulnerability was found in lukevella rallly up to 4.5.3 and classified as critical. This affects an unknown part. The
CVE-2025-65034 | lukevella rallly up to 4.5.3 pollId authorization (GHSA-5fp2-pv2j-rqpc)
A vulnerability was found in lukevella rallly up to 4.5.3. It has been classified as problematic. This vulnerability affects unknown
CVE-2025-63205 | Bridgetech VB220/VB120/VB330/VB440 6.5.0-9 /probe/core/setup/passwd information disclosure
A vulnerability was found in Bridgetech VB220, VB120, VB330 and VB440 6.5.0-9. It has been declared as problematic. This issue
CVE-2025-13316 | Lynxtechnology Twonky Server 8.5.2 hard-coded key
A vulnerability was found in Lynxtechnology Twonky Server 8.5.2. It has been rated as problematic. Impacted is an unknown function.
CVE-2025-65025 | esm-dev esm.sh up to 135 CDN Service path traversal (GHSA-h3mw-4f23-gwpw)
A vulnerability categorized as critical has been discovered in esm-dev esm.sh up to 135. The affected element is an unknown
CVE-2025-65026 | esm-dev esm.sh up to 135 CDN Service module code injection (GHSA-hcpf-qv9m-vfgp)
A vulnerability identified as critical has been detected in esm-dev esm.sh up to 135. The impacted element is an unknown
CVE-2025-65095 | Lookyloo up to 1.35.0 cross site scripting (GHSA-m9g6-23c8-vrxf)
A vulnerability labeled as problematic has been found in Lookyloo up to 1.35.0. This affects an unknown function. The manipulation
CVE-2025-65099 | anthropics claude-code up to 1.0.38 Yarn code injection (GHSA-5hhx-v7f6-x7gv)
A vulnerability marked as critical has been reported in anthropics claude-code up to 1.0.38. This impacts an unknown function of
CVE-2025-63211 | Bridgetech VBC Server & Element Manager up to 6.5.0-10 userSetupDoc addName cross site scripting
A vulnerability described as problematic has been identified in Bridgetech VBC Server & Element Manager up to 6.5.0-10. Affected is
CVE-2025-63206 | Dasan DS2924 1.01.18/1.02.00 Web-based Interface privilege escalation
A vulnerability classified as critical has been found in Dasan DS2924 1.01.18/1.02.00. Affected by this vulnerability is an unknown functionality
CVE-2025-5092 | Gallery with Thumbnail Slider Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability classified as problematic was found in Gallery with Thumbnail Slider Plugin on WordPress. Affected by this issue is
CVE-2025-5092 | Ibtana Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability, which was classified as problematic, has been found in Ibtana Plugin on WordPress. This affects an unknown part
CVE-2025-5092 | Image Hover Effects Ultimate Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability, which was classified as problematic, was found in Image Hover Effects Ultimate Plugin on WordPress. This vulnerability affects
CVE-2025-5092 | LightGallery WP Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability has been found in LightGallery WP Plugin on WordPress and classified as problematic. This issue affects some unknown
CVE-2025-5092 | OnePress Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in OnePress Plugin on WordPress and classified as problematic. Impacted is an unknown function of the
CVE-2025-5092 | Grid KIT Portfolio Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in Grid KIT Portfolio Plugin on WordPress. It has been classified as problematic. The affected element
CVE-2025-5092 | Royal Addons for Elementor Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in Royal Addons for Elementor Plugin on WordPress. It has been declared as problematic. The impacted
CVE-2025-5092 | TP WooCommerce Product Gallery Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in TP WooCommerce Product Gallery Plugin on WordPress. It has been rated as problematic. This affects
CVE-2025-65100 | ilbers isar 0.11/0.11-rc1 ISAR_APT_SNAPSHOT_DATE protection mechanism
A vulnerability categorized as problematic has been discovered in ilbers isar 0.11/0.11-rc1. This impacts an unknown function. The manipulation of
CVE-2025-64759 | homarr-labs homarr up to 1.43.2 SVG File cross site scripting
A vulnerability identified as problematic has been detected in homarr-labs homarr up to 1.43.2. Affected is an unknown function of
CVE-2025-13442 | UTT 进取 750W up to 3.2.2-191225 /goform/formPdbUpConfig system policyNames command injection
A vulnerability labeled as critical has been found in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is
CVE-2025-10703 | Progress DataDirect Connect for JDBC for Amazon Redshift code injection
A vulnerability classified as critical has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect Connect for
CVE-2025-65022 | Portabilis i-Educar up to 2.10.0 agenda.php cod_agenda sql injection (GHSA-4hrj-5gwx-r4w4)
A vulnerability classified as critical was found in Portabilis i-Educar up to 2.10.0. Affected by this vulnerability is an unknown
CVE-2025-10702 | Progress DataDirect Connect for JDBC for Amazon Redshift up to 6.0.0.001392 code injection
A vulnerability, which was classified as critical, has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect
CVE-2025-65023 | Portabilis i-Educar up to 2.10.0 funcionario_vinculo_cad.php cod_funcionario_vinculo sql injection (GHSA-8rv6-x8h9-fjfc)
A vulnerability, which was classified as critical, was found in Portabilis i-Educar up to 2.10.0. This affects an unknown part
CVE-2025-65024 | Portabilis i-Educar up to 2.10.0 agenda_admin_cad.php cod_agenda sql injection (GHSA-6c8p-xqcv-rghx)
A vulnerability has been found in Portabilis i-Educar up to 2.10.0 and classified as critical. This vulnerability affects unknown code
CVE-2025-63879 | E-commerce Project up to 1.0 /ecommerce/products.php ID cross site scripting
A vulnerability was found in E-commerce Project up to 1.0 and classified as problematic. This issue affects some unknown processing
CVE-2025-63220 | Sound4 FIRST Firmware manual.sh injection
A vulnerability was found in Sound4 FIRST. It has been classified as critical. Impacted is an unknown function of the
CVE-2025-63223 | Axel StreamerMAX MK II up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control
A vulnerability was found in Axel StreamerMAX MK II up to 1.0.3. It has been declared as critical. The affected
CVE-2025-63221 | Axel Puma up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control
A vulnerability was found in Axel Puma up to 1.0.3. It has been rated as critical. The impacted element is
CVE-2025-63219 | ITEL ISO FM SFN Adapter 2.0.0.0 /home.html user session
A vulnerability categorized as critical has been discovered in ITEL ISO FM SFN Adapter 2.0.0.0. This affects an unknown function
CVE-2025-63224 | Itel DAB Encoder 25aec8d improper authentication
A vulnerability identified as critical has been detected in Itel DAB Encoder 25aec8d. This impacts an unknown function. The manipulation
CVE-2025-12766 | BlackBerry AtHoc 7.21 Management Console authorization
A vulnerability labeled as problematic has been found in BlackBerry AtHoc 7.21. Affected is an unknown function of the component
CVE-2025-63878 | Restaurant Website Restoran 1.0 Contact Form Page sql injection
A vulnerability marked as critical has been reported in Restaurant Website Restoran 1.0. Affected by this vulnerability is an unknown
CVE-2025-34337 | eGovFramework egovframe-common-components up to 4.3.1 Image Upload Endpoint /utl/wed/insertImage.do data authenticity
A vulnerability described as problematic has been identified in eGovFramework egovframe-common-components up to 4.3.1. Affected by this issue is some