Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple
Vulnerabilities
CVE-2025-43521 | Apple macOS up to 15.7.2 App information disclosure
A vulnerability described as problematic has been identified in Apple macOS up to 15.7.2. This impacts an unknown function of
CVE-2025-43522 | Apple macOS up to 15.7.2 information disclosure
A vulnerability classified as problematic has been found in Apple macOS up to 15.7.2. Affected is an unknown function. The
CVE-2025-43532 | Apple macOS up to 14.8.2/15.7.2 App memory corruption
A vulnerability classified as critical was found in Apple macOS up to 14.8.2/15.7.2. Affected by this vulnerability is an unknown
CVE-2025-43539 | Apple macOS up to 14.8.2/15.7.2 memory corruption
A vulnerability, which was classified as critical, has been found in Apple macOS up to 14.8.2/15.7.2. Affected by this issue
CVE-2025-43437 | Apple iOS/iPadOS up to 26.0 App information disclosure
A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS up to 26.0. This affects an
CVE-2025-43467 | Apple macOS up to 26.0 App Local Privilege Escalation
A vulnerability has been found in Apple macOS up to 26.0 and classified as critical. This vulnerability affects unknown code
CVE-2025-43527 | Apple macOS up to 15.7.2 App permission
A vulnerability was found in Apple macOS up to 15.7.2 and classified as critical. This issue affects some unknown processing
CVE-2025-43464 | Apple macOS up to 26.0 App denial of service
A vulnerability was found in Apple macOS up to 26.0. It has been classified as problematic. Impacted is an unknown
CVE-2025-43416 | Apple macOS up to 14.7.2/15.7.2 App access control
A vulnerability was found in Apple macOS up to 14.7.2/15.7.2. It has been declared as critical. The affected element is
CVE-2025-43471 | Apple macOS up to 26.0 App information disclosure
A vulnerability was found in Apple macOS up to 26.0. It has been rated as problematic. The impacted element is
CVE-2025-43473 | Apple macOS up to 26.0 App information disclosure
A vulnerability categorized as problematic has been discovered in Apple macOS up to 26.0. This affects an unknown function of
CVE-2025-43461 | Apple macOS up to 26.0 App symlink
A vulnerability identified as critical has been detected in Apple macOS up to 26.0. This impacts an unknown function of
CVE-2025-46285 | Apple macOS up to 14.8.2/15.7.2 App integer overflow
A vulnerability labeled as critical has been found in Apple macOS up to 14.8.2/15.7.2. Affected is an unknown function of
CVE-2025-43466 | Apple macOS up to 26.0 App information disclosure
A vulnerability marked as problematic has been reported in Apple macOS up to 26.0. Affected by this vulnerability is an
CVE-2025-43482 | Apple macOS up to 14.8.2/15.7.2 App denial of service
A vulnerability described as problematic has been identified in Apple macOS up to 14.8.2/15.7.2. Affected by this issue is some
CVE-2025-43497 | Apple macOS up to 26.0 App sandbox
A vulnerability classified as critical has been found in Apple macOS up to 26.0. This affects an unknown part of
CVE-2025-43509 | Apple macOS up to 14.8.2/15.7.2 App information disclosure
A vulnerability classified as problematic was found in Apple macOS up to 14.8.2/15.7.2. This vulnerability affects unknown code of the
CVE-2025-43512 | Apple macOS up to 14.7.2/15.7.2 App Local Privilege Escalation
A vulnerability, which was classified as problematic, has been found in Apple macOS up to 14.7.2/15.7.2. This issue affects some
CVE-2025-43519 | Apple macOS up to 14.7.2/15.7.2 App permission
A vulnerability, which was classified as critical, was found in Apple macOS up to 14.7.2/15.7.2. Impacted is an unknown function
CVE-2025-43523 | Apple macOS up to 15.7.2 App permission
A vulnerability has been found in Apple macOS up to 15.7.2 and classified as critical. The affected element is an
CVE-2025-43530 | Apple macOS up to 14.8.2/15.7.2 App information disclosure
A vulnerability was found in Apple macOS up to 14.8.2/15.7.2 and classified as problematic. The impacted element is an unknown
CVE-2025-43538 | Apple macOS up to 14.8.2 App information disclosure
A vulnerability was found in Apple macOS up to 14.8.2. It has been classified as problematic. This affects an unknown
CVE-2025-46289 | Apple macOS up to 14.8.2/15.7.2 App access control
A vulnerability was found in Apple macOS up to 14.8.2/15.7.2. It has been declared as critical. This impacts an unknown
CVE-2024-58316 | PuneethReddyHC Online Shopping System Advanced 1.0 payment_success.php cm sql injection (Exploit 51811)
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been classified as critical. This issue affects
CVE-2024-14010 | Typora 1.7.4 PDF Export run command os command injection (Exploit 51752 / EDB-51752)
A vulnerability was found in Typora 1.7.4. It has been declared as critical. Impacted is an unknown function of the
CVE-2024-58314 | ATCOM 100M IP Phones 2.7 Web Configuration web_cgi_main.cgi cmd os command injection (Exploit 51742 / EDB-51742)
A vulnerability was found in ATCOM 100M IP Phones 2.7. It has been rated as critical. The affected element is
CVE-2024-58299 | PCMan FTP Server 2.0 CMD Command stack-based overflow (Exploit 51767 / EDB-51767)
A vulnerability categorized as critical has been discovered in PCMan FTP Server 2.0. The impacted element is an unknown function
CVE-2024-58311 | Dormakaba Saflok System 6000 improper finite state machines in hardware logic (Exploit 51832 / EDB-51832)
A vulnerability identified as critical has been detected in Dormakaba Saflok System 6000. This affects an unknown function. This manipulation
CVE-2025-67750 | Flow-Scanner lightning-flow-scanner up to 6.10.5 Function code injection
A vulnerability labeled as critical has been found in Flow-Scanner lightning-flow-scanner up to 6.10.5. This impacts the function Function. Such
CVE-2025-67734 | Frappe LMS up to 2.41.x Job Form Website cross site scripting (GHSA-c495-qg4v-5vr7)
A vulnerability marked as problematic has been reported in Frappe LMS up to 2.41.x. Affected is an unknown function of
CVE-2024-58305 | WonderCMS 4.3.2 Module Installation Endpoint cross site scripting (Exploit 51805 / EDB-51805)
A vulnerability described as problematic has been identified in WonderCMS 4.3.2. Affected by this vulnerability is an unknown functionality of
CVE-2025-9207 | templateinvaders TI WooCommerce Wishlist Plugin up to 2.10.0 on WordPress cross site scripting
A vulnerability classified as problematic has been found in templateinvaders TI WooCommerce Wishlist Plugin up to 2.10.0 on WordPress. Affected
CVE-2025-8195 | JetWidgets for Elementor Plugin up to 1.0.20 on WordPress Subscribe Widget cross site scripting
A vulnerability classified as problematic was found in JetWidgets for Elementor Plugin up to 1.0.20 on WordPress. This affects an
CVE-2025-8780 | Livemesh SiteOrigin Widgets Plugin up to 3.9.1 on WordPress Pricing Table Widget cross site scripting
A vulnerability, which was classified as problematic, has been found in Livemesh SiteOrigin Widgets Plugin up to 3.9.1 on WordPress.
CVE-2025-9856 | Popup Builder Plugin up to 4.4.1 on WordPress Shortcode sg_popup cross site scripting
A vulnerability, which was classified as problematic, was found in Popup Builder Plugin up to 4.4.1 on WordPress. This issue
CVE-2025-8687 | Enter Addons Plugin up to 2.2.7 on WordPress Image Comparison Widget cross site scripting
A vulnerability has been found in Enter Addons Plugin up to 2.2.7 on WordPress and classified as problematic. Impacted is
CVE-2025-7960 | KingAddons King Addons for Elementor Plugin up to 51.1.39 on WordPress Widget cross site scripting
A vulnerability was found in KingAddons King Addons for Elementor Plugin up to 51.1.39 on WordPress and classified as problematic.
CVE-2025-0969 | Brizy Plugin up to 2.7.16 on WordPress get_users information disclosure
A vulnerability was found in Brizy Plugin up to 2.7.16 on WordPress. It has been classified as problematic. The impacted
CVE-2025-8199 | MarqueeAddons Plugin up to 2.4.3 on WordPress Testimonial Marquee Widget cross site scripting
A vulnerability was found in MarqueeAddons Plugin up to 2.4.3 on WordPress. It has been declared as problematic. This affects
CVE-2025-67634 | CISA Software Acquisition Guide Tool prior 2025-12-11 JSON File Parser cross site scripting
A vulnerability was found in CISA Software Acquisition Guide Tool. It has been rated as problematic. This impacts an unknown
CVE-2025-14617 | Jehovahs Witnesses JW Library App up to 15.5.1 on Android org.jw.jwlibrary.mobile.activity.SiloContainer path traversal
A vulnerability categorized as problematic has been discovered in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected
CVE-2025-14619 | code-projects Student File Management System 1.0 login_query.php stud_no sql injection
A vulnerability identified as critical has been detected in code-projects Student File Management System 1.0. Affected by this vulnerability is
CVE-2025-14620 | code-projects Student File Management System 1.0 /admin/login_query.php Username sql injection
A vulnerability labeled as critical has been found in code-projects Student File Management System 1.0. Affected by this issue is
CVE-2025-14621 | code-projects Student File Management System 1.0 /admin/update_user.php user_id sql injection
A vulnerability marked as critical has been reported in code-projects Student File Management System 1.0. This affects an unknown part
CVE-2025-14622 | code-projects Student File Management System 1.0 /admin/save_user.php firstname sql injection
A vulnerability described as critical has been identified in code-projects Student File Management System 1.0. This vulnerability affects unknown code
CVE-2025-14623 | code-projects Student File Management System 1.0 update_student.php stud_id sql injection
A vulnerability classified as critical has been found in code-projects Student File Management System 1.0. This issue affects some unknown
CVE-2025-11693 | Export WP Page to Static HTML & PDF Plugin up to 4.3.4 on WordPress Log File log file
A vulnerability has been found in Export WP Page to Static HTML & PDF Plugin up to 4.3.4 on WordPress
CVE-2025-14288 | Gallery Blocks with Lightbox Plugin up to 3.3.0 on WordPress AJAX edit_posts authorization
A vulnerability was found in Gallery Blocks with Lightbox Plugin up to 3.3.0 on WordPress and classified as problematic. This
CVE-2025-14447 | AnnunciFunebri Impresa Plugin up to 4.7.0 on WordPress Setting annfu_reset_options authorization
A vulnerability was found in AnnunciFunebri Impresa Plugin up to 4.7.0 on WordPress. It has been classified as problematic. This
CVE-2025-13092 | Devs CRM Plugin up to 1.1.8 on WordPress REST API Endpoint attendances weak password hash
A vulnerability was found in Devs CRM Plugin up to 1.1.8 on WordPress. It has been declared as problematic. Affected
CVE-2025-14397 | Postem Ipsum Plugin up to 3.0.1 on WordPress postem_ipsum_generate_users authorization
A vulnerability was found in Postem Ipsum Plugin up to 3.0.1 on WordPress. It has been rated as critical. Affected
CVE-2025-14446 | Popup Builder Easy Notify Lite Plugin up to 1.1.37 on WordPress Setting easynotify_cp_reset authorization
A vulnerability categorized as problematic has been discovered in Popup Builder Easy Notify Lite Plugin up to 1.1.37 on WordPress.
CVE-2025-14367 | Easy Theme Options Plugin up to 1.0 on WordPress Setting Import eto_import_settings authorization
A vulnerability identified as critical has been detected in Easy Theme Options Plugin up to 1.0 on WordPress. This affects
CVE-2025-14440 | JAY Login & Register Plugin up to 2.4.01 on WordPress jay_login_register_process_switch_back improper authentication
A vulnerability labeled as critical has been found in JAY Login & Register Plugin up to 2.4.01 on WordPress. This
CVE-2025-14451 | Solutions Ad Manager Plugin up to 1.0.0 on WordPress sam-redirect-to
A vulnerability marked as problematic has been reported in Solutions Ad Manager Plugin up to 1.0.0 on WordPress. This issue
CVE-2025-14540 | Userback Plugin up to 1.0.15 on WordPress userback_get_json authorization
A vulnerability described as problematic has been identified in Userback Plugin up to 1.0.15 on WordPress. Impacted is the function
CVE-2025-13093 | Devs CRM Plugin up to 1.1.8 on WordPress API Endpoint bulk-update authorization
A vulnerability classified as problematic has been found in Devs CRM Plugin up to 1.1.8 on WordPress. The affected element
CVE-2025-12362 | myCred Plugin up to 2.9.7 on WordPress cashcred_pay_now authorization
A vulnerability classified as problematic was found in myCred Plugin up to 2.9.7 on WordPress. The impacted element is the
CVE-2025-10738 | URL Shortener Plugin Plugin up to 3.0.7 on WordPress analytic_id sql injection
A vulnerability, which was classified as critical, has been found in URL Shortener Plugin Plugin up to 3.0.7 on WordPress.
CVE-2025-8617 | YITH WooCommerce Quick View Plugin up to 2.7.0 on WordPress Shortcode yith_quick_view cross site scripting
A vulnerability, which was classified as problematic, was found in YITH WooCommerce Quick View Plugin up to 2.7.0 on WordPress.
CVE-2025-11970 | Emplibot Plugin up to 1.0.9 on WordPress emplibot_call_webhook_with_error server-side request forgery
A vulnerability has been found in Emplibot Plugin up to 1.0.9 on WordPress and classified as critical. Affected is the
CVE-2025-11376 | Colibri Page Builder Plugin up to 1.0.335 on WordPress colibri_loop cross site scripting
A vulnerability was found in Colibri Page Builder Plugin up to 1.0.335 on WordPress and classified as problematic. Affected by
CVE-2025-9873 | a3 Lazy Load Plugin up to 2.7.5 on WordPress cross site scripting
A vulnerability was found in a3 Lazy Load Plugin up to 2.7.5 on WordPress. It has been classified as problematic.
CVE-2025-10289 | Filter & Grids Plugin up to 3.2.0 on WordPress phrase sql injection
A vulnerability was found in Filter & Grids Plugin up to 3.2.0 on WordPress. It has been declared as critical.
CVE-2025-12077 | WP to LinkedIn Auto Publish Plugin up to 1.9.8 on WordPress cross site scripting
A vulnerability was found in WP to LinkedIn Auto Publish Plugin up to 1.9.8 on WordPress. It has been rated
CVE-2025-14394 | Popover Windows Plugin up to 1.2 on WordPress Setting cross-site request forgery
A vulnerability categorized as problematic has been discovered in Popover Windows Plugin up to 1.2 on WordPress. This issue affects
CVE-2025-9488 | Redux Framework Plugin up to 4.5.8 on WordPress data cross site scripting
A vulnerability identified as problematic has been detected in Redux Framework Plugin up to 4.5.8 on WordPress. Impacted is an
CVE-2025-14378 | Quick Testimonials Plugin up to 2.1 on WordPress Setting cross site scripting
A vulnerability labeled as problematic has been found in Quick Testimonials Plugin up to 2.1 on WordPress. The affected element
CVE-2025-13705 | Custom Frames Plugin up to 1.0.1 on WordPress Shortcode customframe Class cross site scripting
A vulnerability marked as problematic has been reported in Custom Frames Plugin up to 1.0.1 on WordPress. The impacted element
CVE-2025-8779 | All-in-One Addons for Elementor Plugin up to 2.5.6 on WordPress Countdown Widget cross site scripting
A vulnerability described as problematic has been identified in All-in-One Addons for Elementor Plugin up to 2.5.6 on WordPress. This
CVE-2025-12076 | Social Media Auto Publish Plugin up to 3.6.5 on WordPress PostMessage cross site scripting
A vulnerability classified as problematic has been found in Social Media Auto Publish Plugin up to 3.6.5 on WordPress. This
CVE-2025-12109 | Header Footer Script Adder Plugin up to 2.0.5 on WordPress cross site scripting
A vulnerability classified as problematic was found in Header Footer Script Adder Plugin up to 2.0.5 on WordPress. Affected is
CVE-2025-14606 | tiny-rdm Tiny RDM up to 1.2.5 Pickle Decoding pickle_convert.go pickle.loads deserialization
A vulnerability, which was classified as critical, has been found in tiny-rdm Tiny RDM up to 1.2.5. Affected by this
CVE-2025-14607 | OFFIS DCMTK up to 3.6.9 dcmdata dcbytstr.cc makeDicomByteString memory corruption (Issue 1184)
A vulnerability, which was classified as critical, was found in OFFIS DCMTK up to 3.6.9. Affected by this issue is
CVE-2025-14174 | Google Chrome up to 143.0.7499.109 on macOS ANGLE out-of-bounds
A vulnerability has been found in Google Chrome on macOS and classified as problematic. This affects an unknown part of
CVE-2025-8083 | Vuetify prototype pollution
A vulnerability was found in Vuetify and classified as critical. This vulnerability affects unknown code. Such manipulation leads to improperly
CVE-2025-40345 | Linux Kernel up to 6.17.10 usb new_pba out-of-bounds
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17.10. Affected by this vulnerability is
CVE-2025-67818 | Weaviate up to 1.33.3 path traversal
A vulnerability has been found in Weaviate up to 1.33.3 and classified as critical. Affected by this issue is some
CVE-2025-64011 | Nextcloud Server 30.0.0 /core/preview fileId resource injection
A vulnerability was found in Nextcloud Server 30.0.0 and classified as problematic. This affects an unknown part of the file
CVE-2025-67342 | RuoYi up to 4.8.1 /system/menu/edit cross site scripting (Issue 308)
A vulnerability was found in RuoYi up to 4.8.1. It has been classified as problematic. This vulnerability affects unknown code
CVE-2025-65530 | CloudLinux ai-bolit up to 32.7.3 injection
A vulnerability was found in CloudLinux ai-bolit up to 32.7.3. It has been declared as problematic. This issue affects some
CVE-2023-29144 | Malwarebytes 1.0.14 on Linux Signature integer overflow
A vulnerability was found in Malwarebytes 1.0.14 on Linux. It has been rated as problematic. Impacted is an unknown function
CVE-2025-12843 | waveterm 0.12.2 on macOS Electron Fuse code injection
A vulnerability categorized as critical has been discovered in waveterm 0.12.2 on macOS. The affected element is an unknown function
CVE-2025-66430 | Plesk 18.0 access control
A vulnerability identified as critical has been detected in Plesk 18.0. The impacted element is an unknown function. The manipulation
CVE-2025-65854 | MineAdmin 3.x Scheduled Task permission
A vulnerability labeled as critical has been found in MineAdmin 3.x. This affects an unknown function of the component Scheduled
CVE-2025-67819 | Weaviate up to 1.33.3 GetFile fileName state issue
A vulnerability marked as problematic has been reported in Weaviate up to 1.33.3. This impacts the function GetFile. This manipulation
CVE-2025-67341 | jishenghua jshERP up to 3.5 PDF File unrestricted upload (Issue 139)
A vulnerability described as critical has been identified in jishenghua jshERP up to 3.5. Affected is an unknown function of
CVE-2025-8082 | Vuetify 2.x cross site scripting
A vulnerability classified as problematic has been found in Vuetify 2.x. Affected by this vulnerability is an unknown functionality. Performing
CVE-2025-13733 | Dr.Buho BuhoNTFS 1.3.2 XPC Service permission assignment
A vulnerability classified as critical was found in Dr.Buho BuhoNTFS 1.3.2. Affected by this issue is some unknown functionality of
CVE-2025-67344 | jshERP up to 3.5 /msg/add cross site scripting (Issue 140)
A vulnerability, which was classified as problematic, has been found in jshERP up to 3.5. This affects an unknown part
CVE-2025-14476 | Doubly Plugin up to 1.0.46 on WordPress ZIP File Import deserialization
A vulnerability, which was classified as problematic, was found in Doubly Plugin up to 1.0.46 on WordPress. This vulnerability affects
CVE-2025-13094 | WP3D Model Import Viewer Plugin up to 1.0.7 on WordPress handle_import_file unrestricted upload
A vulnerability has been found in WP3D Model Import Viewer Plugin up to 1.0.7 on WordPress and classified as critical.
CVE-2025-14539 | Shortcode Ajax Plugin up to 1.0 on WordPress do_shortcode Remote Code Execution
A vulnerability was found in Shortcode Ajax Plugin up to 1.0 on WordPress and classified as critical. Impacted is the
CVE-2025-13077 | payamito sms woocommerce Plugin up to 1.3.5 on WordPress columns sql injection
A vulnerability was found in افزونه پیامک ووکامرس فوق حرفه ای payamito sms woocommerce Plugin up to 1.3.5 on WordPress.
CVE-2025-14395 | Popover Windows Plugin up to 1.2 on WordPress Setting pop_submit authorization
A vulnerability was found in Popover Windows Plugin up to 1.2 on WordPress. It has been declared as problematic. The
CVE-2025-14462 | Lucky Draw Contests Plugin up to 4.2 on WordPress Setting misc-settings.php cross-site request forgery
A vulnerability was found in Lucky Draw Contests Plugin up to 4.2 on WordPress. It has been rated as problematic.
CVE-2025-9218 | WordPress, BuddyPress and bbPress Plugin up to 4.7.3 on WordPress Private Post handle_rest_pre_dispatch authorization
A vulnerability categorized as problematic has been discovered in WordPress, BuddyPress and bbPress Plugin up to 4.7.3 on WordPress. This
CVE-2025-14508 | MediaCommander Plugin up to 2.3.1 on WordPress REST API Endpoint upload_files authorization
A vulnerability identified as problematic has been detected in MediaCommander Plugin up to 2.3.1 on WordPress. Affected is the function
CVE-2025-7058 | Kingcabs Plugin up to 1.1.9 on WordPress progressbarLayout cross site scripting
A vulnerability labeled as problematic has been found in Kingcabs Plugin up to 1.1.9 on WordPress. Affected by this vulnerability
CVE-2025-11707 | Login Lockdown & Protection Plugin up to 2.14 on WordPress unblock_key access control
A vulnerability marked as critical has been reported in Login Lockdown & Protection Plugin up to 2.14 on WordPress. Affected