Apple’s decision to take part in (and co-sponsor) this year’s NeurIPS conference shows how the company is keeping close tabs on future
Vulnerabilities
CVE-2025-56401 | ZIRA WBRM 7.0 referenceLookupsByTableNameAndColumnName sql injection
A vulnerability has been found in ZIRA WBRM 7.0 and classified as critical. Affected by this vulnerability is the function
CVE-2025-65495 | obgm libcoap 4.3.5 TLS src/coap_openssl.c tls_verify_call_back size denial of service
A vulnerability was found in obgm libcoap 4.3.5. It has been declared as problematic. This affects the function tls_verify_call_back of
CVE-2025-65493 | obgm libcoap 4.3.5 TLS Connection src/coap_openssl.c BIO_get_data null pointer dereference
A vulnerability was found in obgm libcoap 4.3.5. It has been rated as problematic. This impacts the function BIO_get_data of
CVE-2025-65494 | obgm libcoap 4.3.5 X.509 Certificate src/coap_openssl.c get_san_or_cn_from_cert null pointer dereference
A vulnerability categorized as problematic has been discovered in obgm libcoap 4.3.5. Affected is the function get_san_or_cn_from_cert of the file
CVE-2025-65496 | obgm libcoap 4.3.5 DTLS src/coap_openssl.c coap_dtls_generate_cookie null pointer dereference
A vulnerability identified as problematic has been detected in obgm libcoap 4.3.5. Affected by this vulnerability is the function coap_dtls_generate_cookie
CVE-2025-65497 | obgm libcoap 4.3.5 DTLS src/coap_openssl.c coap_dtls_generate_cookie null pointer dereference
A vulnerability labeled as problematic has been found in obgm libcoap 4.3.5. Affected by this issue is the function coap_dtls_generate_cookie
CVE-2025-65498 | obgm libcoap 4.3.5 DTLS src/coap_openssl.c coap_dtls_generate_cookie null pointer dereference
A vulnerability marked as problematic has been reported in obgm libcoap 4.3.5. This affects the function coap_dtls_generate_cookie of the file
CVE-2025-65499 | obgm libcoap 4.3.5 DTLS src/coap_openssl.c tls_verify_call_back denial of service
A vulnerability described as problematic has been identified in obgm libcoap 4.3.5. This vulnerability affects the function tls_verify_call_back of the
CVE-2025-65500 | obgm libcoap 4.3.5 DTLS src/coap_openssl.c coap_dtls_generate_cookie null pointer dereference
A vulnerability classified as problematic has been found in obgm libcoap 4.3.5. This issue affects the function coap_dtls_generate_cookie of the
CVE-2025-11921 | Bjango iStats 7.10.4 XPC Service permission assignment
A vulnerability classified as critical was found in Bjango iStats 7.10.4. Impacted is an unknown function of the component XPC
CVE-2025-65501 | obgm libcoap 4.3.5 DTLS Handshake coap_dtls_info_callback null pointer dereference
A vulnerability, which was classified as problematic, has been found in obgm libcoap 4.3.5. The affected element is the function
CVE-2025-65502 | Cesanta Mongoose up to 7.1 TLS Initialization add_ca_certs null pointer dereference
A vulnerability, which was classified as problematic, was found in Cesanta Mongoose up to 7.1. The impacted element is the
CVE-2025-12969 | FluentBit 4.1.0 in_forward missing authentication
A vulnerability has been found in FluentBit 4.1.0 and classified as critical. This affects an unknown function of the component
CVE-2025-12978 | FluentBit 4.1.0 in_http/in_splunk/in_elasticsearch redirect
A vulnerability was found in FluentBit 4.1.0 and classified as critical. This impacts an unknown function of the component in_http/in_splunk/in_elasticsearch.
CVE-2025-12970 | FluentBit 4.1.0 in_docker extract_name stack-based overflow
A vulnerability was found in FluentBit 4.1.0. It has been classified as critical. Affected is the function extract_name of the
CVE-2025-12972 | FluentBit 4.1.0 out_file path traversal
A vulnerability was found in FluentBit 4.1.0. It has been declared as critical. Affected by this vulnerability is the function
CVE-2025-12977 | FluentBit 4.1.0 in_http/in_splunk/in_elasticsearch tag_key improper validation of specified type of input
A vulnerability was found in FluentBit 4.1.0. It has been rated as critical. Affected by this issue is some unknown
CVE-2025-65503 | Redboltz async_mqtt 10.2.5 Endpoint Destructors denial of service
A vulnerability categorized as problematic has been discovered in Redboltz async_mqtt 10.2.5. This affects an unknown part of the component
CVE-2025-6389 | Sneeit Framework Plugin up to 8.3 on WordPress sneeit_articles_pagination_callback Remote Code Execution
A vulnerability identified as critical has been detected in Sneeit Framework Plugin up to 8.3 on WordPress. This vulnerability affects
CVE-2025-10144 | quadlayers Perfect Brands for WooCommerce Plugin up to 3.6.2 on WordPress Shortcode products brands sql injection
A vulnerability classified as critical was found in quadlayers Perfect Brands for WooCommerce Plugin up to 3.6.2 on WordPress. This
CVE-2025-41016 | Davantis DFUSION up to 6.186.0 /alarms// MEDIA authorization
A vulnerability, which was classified as problematic, has been found in Davantis DFUSION up to 6.186.0. This vulnerability affects unknown
CVE-2025-41017 | Davantis DFUSION up to 6.186.0 Security Camera Setting /cameras//perspective authorization
A vulnerability, which was classified as problematic, was found in Davantis DFUSION up to 6.186.0. This issue affects some unknown
CVE-2025-40212 | Linux Kernel up to 6.12.58/6.17.8/6.18-rc5 nfsd_set_fh_dentry memory leak
A vulnerability has been found in Linux Kernel up to 6.12.58/6.17.8/6.18-rc5 and classified as critical. Impacted is the function nfsd_set_fh_dentry.
CVE-2025-65998 | Apache Syncope up to 2.1.14/3.0.14/4.0.2 hard-coded key
A vulnerability was found in Apache Syncope up to 2.1.14/3.0.14/4.0.2 and classified as problematic. The affected element is an unknown
CVE-2025-12628 | WP 2FA Plugin up to 2.x on WordPress Backup Code entropy
A vulnerability was found in WP 2FA Plugin up to 2.x on WordPress. It has been classified as problematic. The
CVE-2025-12739 | Google Looker up to 25.19.x URL cross site scripting (gcp-2025-068)
A vulnerability identified as problematic has been detected in Google Looker up to 25.19.x. This affects an unknown function of
CVE-2025-12740 | Google Looker up to 25.0.92/25.6.83/25.12.41/25.14.49/25.16.43 input validation (gcp-2025-052)
A vulnerability labeled as critical has been found in Google Looker up to 25.0.92/25.6.83/25.12.41/25.14.49/25.16.43. This impacts an unknown function. Executing
CVE-2025-12741 | Google Looker up to 25.13 input validation (gcp-2025-052)
A vulnerability marked as critical has been reported in Google Looker up to 25.13. Affected is an unknown function. The
CVE-2025-41087 | Taclia SVG Image cross site scripting
A vulnerability described as problematic has been identified in Taclia. Affected by this vulnerability is an unknown functionality of the
CVE-2025-41729 | Janitza UMG 96-PA/UMG 96-PA-MID+ up to 3.53 Modbus improper validation of specified type of input (VDE-2025-094)
A vulnerability classified as critical has been found in Janitza UMG 96-PA and UMG 96-PA-MID+ up to 3.53. Affected by
CVE-2025-12394 | Backup Migration Plugin 1.x on WordPress Backup Filename information disclosure
A vulnerability was found in Backup Migration Plugin 1.x on WordPress and classified as problematic. This vulnerability affects unknown code
CVE-2025-12569 | Guest Posting, Frontend Posting, Front Editor Plugin redirect
A vulnerability was found in Guest Posting, Frontend Posting, Front Editor Plugin up to 4.x on WordPress. It has been
CVE-2025-13596 | ATISoluciones CIGES up to 2.15.5 information exposure
A vulnerability was found in ATISoluciones CIGES up to 2.15.5. It has been declared as problematic. Impacted is an unknown
CVE-2024-14015 | eCommerce Plugin up to 2.9.0 on WordPress cross site scripting
A vulnerability was found in eCommerce Plugin up to 2.9.0 on WordPress. It has been rated as problematic. The affected
CVE-2025-12629 | Broken Link Manager Plugin up to 0.6.5 on WordPress cross site scripting
A vulnerability categorized as problematic has been discovered in Broken Link Manager Plugin up to 0.6.5 on WordPress. The impacted
Fedora 43: Critical Update for Kubernetes 1.34.2 Cross-Origin Bypass
Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves:
Fedora 43: kubernetes1.33 Important Security Update 2025-298add9246
Update to release v1.33.6 Resolves: rhbz#2398588, rhbz#2398849, rhbz#2399250, rhbz#2399523 Resolves: rhbz#2407789, rhbz#2408059, rhbz#2408316, rhbz#2408610 Resolves: rhbz#2408673, rhbz#2408731, rhbz#2409238, rhbz#2409528 Resolves:
Fedora 43: Advisory for Chromium High Type Confusion CVE-2025-13223
Update to 142.0.7444.175 * High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8LinuxSecurity – Security AdvisoriesRead
Fedora 43: calibre 8.14.0 Critical Update to Prevent Code Execution Risks
Update to 8.14.0. Fixes rhbz#2413304LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13589 | Otsuka Information FMS up to 20251014.10r45111 cross site scripting
A vulnerability has been found in Otsuka Information FMS up to 20251014.10r45111 and classified as problematic. This affects an unknown
Slackware: libpng High Buffer Overflow Vulnerabilities SSA:2025-327-01
New libpng packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-54515 | AMD Versal Adaptive SoC Devices up to 2025.1 State Coordination Interface improper validation of specified quantity in input
A vulnerability, which was classified as critical, has been found in AMD Versal Adaptive SoC Devices, Versal RF, Versal AI
CVE-2025-48507 | AMD Kria SOM improper validation of specified quantity in input
A vulnerability, which was classified as critical, was found in AMD Kria SOM, Zynq UltraScale+ MPSoCs and Zynq UltraScale+ RFSoCs.
CVE-2025-7402 | Ads Pro Plugin up to 4.95 on WordPress site_id sql injection
A vulnerability classified as critical was found in Ads Pro Plugin up to 4.95 on WordPress. Affected is an unknown
CVE-2024-21922 | AMD StoreMI untrusted search path
A vulnerability described as problematic has been identified in AMD StoreMI. This affects an unknown function. Executing manipulation can lead
CVE-2024-21923 | AMD StoreMI untrusted search path
A vulnerability classified as problematic has been found in AMD StoreMI. This impacts an unknown function. The manipulation leads to
CVE-2025-12800 | WP Shortcodes Plugin Plugin up to 7.4.5 on WordPress su_shortcode_csv_table Nusẽtɔwo aɖe le be wotsɔe ɖe agbe. server-side request forgery
A vulnerability labeled as critical has been found in WP Shortcodes Plugin Plugin up to 7.4.5 on WordPress. The affected
CVE-2025-13588 | lKinderBueno Streamity Xtream IPTV Player up to 2.8 public/proxy.php Nusẽtɔwo aɖe le be wotsɔe ɖe agbe. server-side request forgery
A vulnerability marked as critical has been reported in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element
CVE-2025-13578 | code-projects Library System 1.0 Login /index.php Username sql injection
A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This affects an unknown function
CVE-2025-13579 | code-projects Library System 1.0 /return.php ID sql injection
A vulnerability, which was classified as critical, was found in code-projects Library System 1.0. This impacts an unknown function of
CVE-2025-13580 | code-projects Library System 1.0 /mail.php ID sql injection
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. Affected is an unknown function of
CVE-2025-13581 | itsourcecode Student Information System 1.0 /schedule_edit1.php schedule_id sql injection
A vulnerability was found in itsourcecode Student Information System 1.0 and classified as critical. Affected by this vulnerability is an
CVE-2025-13582 | code-projects Jonnys Liquor 1.0 GET Parameter /detail.php Product sql injection
A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been classified as critical. Affected by this issue is
CVE-2025-13583 | code-projects Question Paper Generator 1.0 POST Parameter /signupscript.php Fname sql injection
A vulnerability was found in code-projects Question Paper Generator 1.0. It has been declared as critical. This affects an unknown
CVE-2025-13584 | Eigenfocus up to 1.4.0 Decription entry.description/time_entry.description cross site scripting (ID 358)
A vulnerability was found in Eigenfocus up to 1.4.0. It has been rated as problematic. This vulnerability affects unknown code
CVE-2025-13585 | code-projects COVID Tracking System 1.0 /login.php code sql injection
A vulnerability categorized as critical has been discovered in code-projects COVID Tracking System 1.0. This issue affects some unknown processing
CVE-2025-13586 | SourceCodester Online Student Clearance System 1.0 changepassword.php txtconfirm_password sql injection
A vulnerability identified as critical has been detected in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function
CVE-2025-13572 | projectworlds Advanced Library Management System 1.0 /delete_admin.php admin_id sql injection
A vulnerability identified as critical has been detected in projectworlds Advanced Library Management System 1.0. This affects an unknown part
CVE-2025-13573 | projectworlds can pass malicious payloads up to 1.0 /add_book.php image unrestricted upload
A vulnerability labeled as critical has been found in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects
CVE-2025-13574 | code-projects Online Bidding System 1.0 addcategory.php categoryadd catimage unrestricted upload
A vulnerability marked as critical has been reported in code-projects Online Bidding System 1.0. This issue affects the function categoryadd
CVE-2025-13575 | code-projects Blog Site 1.0 Category blog.php category_exists name/field sql injection
A vulnerability described as critical has been identified in code-projects Blog Site 1.0. Impacted is the function category_exists of the
CVE-2025-13576 | code-projects Blog Site 1.0 /admin.php improper authorization
A vulnerability classified as critical has been found in code-projects Blog Site 1.0. The affected element is an unknown function
CVE-2025-13577 | PHPGurukul Hostel Management System 2.1 /register-complaint.php cdetails cross site scripting
A vulnerability classified as problematic was found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function
Ubuntu 24: Docker 2.13.5 Important Security Notice 2026-6f2b2d1a9f8
Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672,
Fedora 43: Critical Patch for GnuTLS 3.8.11 Addressing CVE-2025-9820
Update to the 3.8.11 release with a fix for CVE-2025-9820 and several enhancements.LinuxSecurity – Security AdvisoriesRead More
openSUSE: Blender 5.0 Security Update 2025:15756-1 for CVE-2022-0544
An update that solves 3 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: act Moderate CVE-2025-47913 Advisory 2025:15752-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: ansible-core Moderate Security Update 2025:15754-1 CVE-2023-5115
An update that solves 6 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: Blender Moderate Threat Advisory 2025:15755-1
An update that solves 3 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Mageia 9: Kernel Critical Security Fixes MGASA-2025-0309 CVE-2025-39869 DoS
MGASA-2025-0309 – Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Kernel-linus Critical Security Issue MGASA-2025-0310
MGASA-2025-0310 – Updated kernel-linus packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13567 | itsourcecode COVID Tracking System 1.0 ?page=establishment sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0 and classified as critical. This affects an unknown function of
CVE-2025-13568 | itsourcecode COVID Tracking System 1.0 /admin/?page=people sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been classified as critical. This impacts an unknown
CVE-2025-13569 | itsourcecode COVID Tracking System 1.0 /admin/?page=city sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been declared as critical. Affected is an unknown
CVE-2025-13570 | itsourcecode COVID Tracking System 1.0 /admin/?page=state sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been rated as critical. Affected by this vulnerability
CVE-2025-13571 | code-projects Simple Food Ordering System 1.0 /listorder.php ID sql injection
A vulnerability categorized as critical has been discovered in code-projects Simple Food Ordering System 1.0. Affected by this issue is
CVE-2025-13564 | SourceCodester Pre-School Management System 1.0 FilehelperController.php removefile filepath denial of service
A vulnerability, which was classified as problematic, has been found in SourceCodester Pre-School Management System 1.0. Impacted is the function
CVE-2025-13565 | SourceCodester Inventory Management System 1.0 resetPassword.php password recovery
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. The affected element is an
CVE-2025-13566 | jarun nnn up to 5.1 nnn/src/nnn.c show_content_in_floating_window/run_cmd_as_plugin double free (Issue 2091)
A vulnerability has been found in jarun nnn up to 5.1 and classified as problematic. The impacted element is the
CVE-2025-13560 | SourceCodester Company Website CMS 1.0 reset-password.php email sql injection
A vulnerability described as critical has been identified in SourceCodester Company Website CMS 1.0. This affects an unknown part of
CVE-2025-13561 | SourceCodester Company Website CMS 1.0 /admin/index.php Username sql injection
A vulnerability classified as critical has been found in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of
CVE-2025-13562 | D-Link DIR-852 1.00 /gena.cgi service command injection
A vulnerability classified as critical was found in D-Link DIR-852 1.00. This issue affects some unknown processing of the file
CVE-2025-13547 | D-Link DIR-822K/DWR-M920 1.00_20250513164613/1.1.50 /boafrm/formDdns submit-url memory corruption
A vulnerability, which was classified as critical, has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown
CVE-2025-13548 | D-Link DIR-822K/DWR-M920 1.00_20250513164613/1.1.50 /boafrm/formFirewallAdv submit-url buffer overflow
A vulnerability, which was classified as critical, was found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code
CVE-2025-13549 | D-Link DIR-822K 1.00 /boafrm/formNtp sub_455524 submit-url buffer overflow
A vulnerability has been found in D-Link DIR-822K 1.00 and classified as critical. This issue affects the function sub_455524 of
CVE-2025-13550 | D-Link DIR-822K/DWR-M920 1.00_20250513164613/1.1.50 formVpnConfigSetup submit-url buffer overflow
A vulnerability was found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50 and classified as critical. Impacted is an unknown function of
CVE-2025-13551 | D-Link DIR-822K/DWR-M920 1.00_20250513164613/1.1.50 formWanConfigSetup submit-url buffer overflow
A vulnerability was found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. It has been classified as critical. The affected element is
CVE-2025-13552 | D-Link DIR-822K/DWR-M920 1.00_20250513164613/1.1.50 /boafrm/formWlEncrypt submit-url buffer overflow
A vulnerability was found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. It has been declared as critical. The impacted element is
CVE-2025-13553 | D-Link DWR-M920 1.1.50 formPinManageSetup sub_41C7FC submit-url buffer overflow
A vulnerability was found in D-Link DWR-M920 1.1.50. It has been rated as critical. This affects the function sub_41C7FC of
CVE-2025-13554 | Campcodes Supplier Management System 1.0 Login /index.php txtUsername sql injection
A vulnerability categorized as critical has been discovered in Campcodes Supplier Management System 1.0. This impacts an unknown function of
CVE-2025-13555 | Campcodes School File Management System 1.0 Login /index.php stud_no sql injection
A vulnerability identified as critical has been detected in Campcodes School File Management System 1.0. Affected is an unknown function
CVE-2025-13556 | Campcodes Online Polling System 1.0 /admin/checklogin.php myusername sql injection
A vulnerability labeled as critical has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an
CVE-2025-13557 | Campcodes Online Polling System 1.0 /registeracc.php email sql injection
A vulnerability marked as critical has been reported in Campcodes Online Polling System 1.0. Affected by this issue is some
CVE-2025-13544 | ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 /customer_register.php unrestricted upload
A vulnerability described as critical has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of
CVE-2025-13545 | ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 /admin_area/index.php edit_pack sql injection
A vulnerability classified as critical has been found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an
CVE-2025-13546 | ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Search /results.php user_query sql injection
A vulnerability classified as critical was found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown
Fedora 43: Gopass-Jsonapi Important Fixes For Memory Issues 2025-d4a04dda81
Update to 1.6.0LinuxSecurity – Security AdvisoriesRead More
Fedora 43: Critical Update for Kubernetes 1.31 Scheduling Issues
Update to release v1.31.14 Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 Resolves:
Fedora 43: dotnet10.0 GA Update Advisory 2025-41518fc0fd
This is the .NET 10 GA update Update .NET 10 to RC 2LinuxSecurity – Security AdvisoriesRead More
Fedora 43: gopass 1.16.0 Critical Security Patch 2025-abc123ef456
Update to 1.16.0LinuxSecurity – Security AdvisoriesRead More