A vulnerability identified as critical has been detected in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of
Vulnerabilities
CVE-2025-66032 | anthropics claude-code up to 1.0.92 command injection (GHSA-xq4m-mc3c-vvg3)
A vulnerability categorized as critical has been discovered in anthropics claude-code up to 1.0.92. Affected by this vulnerability is an
CVE-2025-61727 | crypto-x509 up to 1.24.10/1.25.4 on Go Certificate Chain certificate validation
A vulnerability identified as critical has been detected in crypto-x509 up to 1.24.10/1.25.4 on Go. Affected by this issue is
CVE-2025-50361 | SmallBASIC main.cpp main buffer overflow
A vulnerability labeled as critical has been found in SmallBASIC. This affects the function main of the file main.cpp. Executing
CVE-2025-66489 | calcom cal.com up to 5.9.7 Login Credentials Provider incorrect implementation of authentication algorithm (GHSA-9r3w-4j8q-pw98)
A vulnerability marked as critical has been reported in calcom cal.com up to 5.9.7. This vulnerability affects unknown code of
CVE-2025-66453 | Mozilla Rhino up to 1.8.0 toFixed resource consumption (GHSA-3w8q-xq97-5j7x)
A vulnerability described as problematic has been identified in Mozilla Rhino up to 1.8.0. This issue affects the function toFixed.
CVE-2025-13086 | OpenVPN up to 2.7_rc1 Source IP Address verification of source
A vulnerability classified as problematic has been found in OpenVPN up to 2.7_rc1. Impacted is an unknown function of the
CVE-2025-66404 | Flux159 mcp-server-kubernetes up to 2.9.7 exec_in_pod command injection (GHSA-wvxp-jp4w-w8wg)
A vulnerability classified as critical was found in Flux159 mcp-server-kubernetes up to 2.9.7. The affected element is an unknown function
CVE-2025-20382 | Splunk Enterprise/Cloud Platform Custom Background redirect (SVD-2025-1201)
A vulnerability, which was classified as problematic, has been found in Splunk Enterprise and Cloud Platform. The impacted element is
CVE-2025-20384 | Splunk Enterprise/Cloud Platform HTTP Request /en-US/static/ neutralization for logs (SVD-2025-1203)
A vulnerability, which was classified as problematic, was found in Splunk Enterprise and Cloud Platform. This affects an unknown function
CVE-2025-20385 | Splunk Enterprise/Cloud Platform cross site scripting (SVD-2025-1204)
A vulnerability has been found in Splunk Enterprise and Cloud Platform and classified as problematic. This impacts an unknown function.
CVE-2025-20386 | Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows Installation Directory permission assignment (SVD-2025-1205)
A vulnerability was found in Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows and classified as critical. Affected is an unknown
CVE-2025-20387 | Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows Universal Forwarder permission assignment (SVD-2025-1206)
A vulnerability was found in Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows. It has been classified as very critical. Affected
CVE-2025-20388 | Splunk Enterprise/Cloud Platform Network Port server-side request forgery (SVD-2025-1207)
A vulnerability was found in Splunk Enterprise and Cloud Platform. It has been declared as critical. Affected by this issue
CVE-2025-64443 | Docker mcp-gateway up to 0.27.x routine (GHSA-46gc-mwh4-cc5r)
A vulnerability was found in Docker mcp-gateway up to 0.27.x. It has been rated as critical. This affects an unknown
CVE-2025-64763 | Envoy up to 1.33.12/1.34.10/1.35.6/1.36.2 TCP Connection protection mechanism (GHSA-rj35-4m94-77jh)
A vulnerability categorized as problematic has been discovered in Envoy up to 1.33.12/1.34.10/1.35.6/1.36.2. This vulnerability affects unknown code of the
CVE-2025-33201 | Nvidia Triton Inference Server unusual condition
A vulnerability identified as problematic has been detected in Nvidia Triton Inference Server. This issue affects some unknown processing. The
CVE-2025-12084 | Python CPython up to 3.14.x xml.dom.minidom appendChild algorithmic complexity (ID 142145)
A vulnerability labeled as problematic has been found in Python CPython up to 3.14.x. Impacted is the function appendChild of
CVE-2025-66220 | envoy up to 1.33.12/1.34.10/1.35.6/1.36.2 match_typed_subject_alt_names OTHERNAME null termination (GHSA-rwjg-c3h2-f57p)
A vulnerability marked as problematic has been reported in envoy up to 1.33.12/1.34.10/1.35.6/1.36.2. The affected element is the function match_typed_subject_alt_names.
CVE-2025-65097 | rommapp romm up to 4.4.0/4.4.1-beta.1 Collection Endpoint access control (GHSA-v7c8-f6xc-rv9g)
A vulnerability described as critical has been identified in rommapp romm up to 4.4.0/4.4.1-beta.1. The impacted element is an unknown
CVE-2025-65096 | rommapp romm up to 4.4.0/4.4.1-beta.1 access control (GHSA-5ghc-8wr3-788c)
A vulnerability classified as critical has been found in rommapp romm up to 4.4.0/4.4.1-beta.1. This affects an unknown function. Performing
CVE-2025-65345 | alexusmai laravel-file-manager up to 3.3.1 ZIP path traversal
A vulnerability classified as critical was found in alexusmai laravel-file-manager up to 3.3.1. This impacts an unknown function of the
CVE-2025-66293 | pnggroup libpng up to 1.6.51 Simplified API png_sRGB_base out-of-bounds (ID 764)
A vulnerability, which was classified as problematic, has been found in pnggroup libpng up to 1.6.51. Affected is an unknown
CVE-2025-12819 | PgBouncer up to 1.25.0 StartupMessage search_path untrusted search path
A vulnerability, which was classified as problematic, was found in PgBouncer up to 1.25.0. Affected by this vulnerability is an
CVE-2025-66411 | Coder up to 2.26.4/2.27.6/2.28.3 Agent Manifest log file (GHSA-jf75-p25m-pw74)
A vulnerability has been found in Coder up to 2.26.4/2.27.6/2.28.3 and classified as problematic. Affected by this issue is some
CVE-2024-32643 | MasaCMS up to 7.2.7/7.3.12/7.4.5 URL /tag/ authorization (GHSA-f469-jh82-97fv)
A vulnerability was found in MasaCMS up to 7.2.7/7.3.12/7.4.5 and classified as problematic. This affects an unknown part of the
CVE-2025-20383 | Splunk Enterprise/Cloud Platform/Secure Gateway Push Notification information disclosure (SVD-2025-1202)
A vulnerability was found in Splunk Enterprise, Cloud Platform and Secure Gateway. It has been classified as problematic. This vulnerability
CVE-2025-65842 | Aquarius HelperTool 1.0.003 on macOS XPC Service backdoor
A vulnerability was found in Aquarius HelperTool 1.0.003 on macOS. It has been declared as critical. This issue affects some
CVE-2025-64055 | Fanvil x210 2.12.20 unrestricted upload
A vulnerability was found in Fanvil x210 2.12.20. It has been rated as critical. Impacted is an unknown function. The
CVE-2025-66222 | ThinkInAIXYZ deepchat up to 0.4.x Model Context Protocol Server code injection (GHSA-v8v5-c872-mf8r)
A vulnerability categorized as critical has been discovered in ThinkInAIXYZ deepchat up to 0.4.x. The affected element is an unknown
CVE-2025-20381 | Splunk MCP Server up to 0.2.3 Model Context Protocol Tool run_splunk_query authorization (SVD-2025-1210)
A vulnerability identified as problematic has been detected in Splunk MCP Server up to 0.2.3. The impacted element is the
CVE-2025-20389 | Splunk Enterprise/Cloud Platform/Secure Gateway label denial of service (SVD-2025-1208)
A vulnerability labeled as problematic has been found in Splunk Enterprise, Cloud Platform and Secure Gateway. This affects an unknown
CVE-2025-65841 | Aquarius Desktop up to 3.0.069 on macOS ~/Library/Application weak encoding for password
A vulnerability marked as critical has been reported in Aquarius Desktop up to 3.0.069 on macOS. This impacts an unknown
CVE-2025-63402 | HCL Limited HCLTech GRAGON up to 7.5.x API allocation of resources
A vulnerability described as critical has been identified in HCL Limited HCLTech GRAGON up to 7.5.x. Affected is an unknown
CVE-2025-63401 | HCL Limited HCLTech DRAGON up to 7.5.x cross site scripting
A vulnerability classified as problematic has been found in HCL Limited HCLTech DRAGON up to 7.5.x. Affected by this vulnerability
CVE-2025-65027 | rommapp romm up to 4.4.0/4.4.1-beta.1 File Upload cross site scripting (GHSA-v3c6-w996-f7hx)
A vulnerability classified as problematic was found in rommapp romm up to 4.4.0/4.4.1-beta.1. Affected by this issue is some unknown
CVE-2025-65868 | EyouCMS 1.7.1 Body xml external entity reference (Issue 66)
A vulnerability, which was classified as problematic, has been found in EyouCMS 1.7.1. This affects an unknown part of the
CVE-2025-13513 | Clik Stats Plugin up to 0.8 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability, which was classified as problematic, was found in Clik Stats Plugin up to 0.8 on WordPress. This vulnerability
CVE-2025-66478 | vercel Next.js React Flight Protocol deserialization
A vulnerability has been found in vercel Next.js and classified as critical. This issue affects some unknown processing of the
CVE-2025-12826 | Custom Post Type UI Plugin up to 1.18.0 on WordPress cptui_process_post_type authorization
A vulnerability was found in Custom Post Type UI Plugin up to 1.18.0 on WordPress and classified as problematic. Impacted
CVE-2025-12826 | Custom Post Type UI Plugin up to 1.18.0 on WordPress cptui_process_post_type authorization
A vulnerability was found in Custom Post Type UI Plugin up to 1.18.0 on WordPress. It has been classified as
CVE-2025-12782 | Beaver Builder Plugin up to 2.9.4 on WordPress disable authorization
A vulnerability was found in Beaver Builder Plugin up to 2.9.4 on WordPress. It has been declared as problematic. The
Oracle Linux 8 ELSA-2025-22388 Kernel Moderate DoS Threat
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Ubuntu 18.04 & 16.04: Linux Kernel Important Security Update USN-7907-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.10: Major Authentication Vulnerability in KDE Connect USN-7905-1
KDE Connect could allow authentication of impersonated devices.LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 7: ELSA-2025-21407 libtiff Important Buffer Overflow Issues
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 7: Kernel Important Update ELSA-2025-28026 CVE-2025-40019
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Ubuntu 18.04: USN-7907-2 Linux Kernel Important Security Issues
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.10: Linux Kernel Important Security Threat USN-7906-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-65320 | Abacre Restaurant Point of Sale up to 15.0.0.1656 cleartext storage
A vulnerability categorized as critical has been discovered in Abacre Restaurant Point of Sale up to 15.0.0.1656. Impacted is an
CVE-2025-57202 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 PwdGrp.cgi Username cross site scripting
A vulnerability identified as problematic has been detected in AVTECH DGM1104 FullImg-1015-1004-1006-1003. The affected element is an unknown function of
CVE-2025-66431 | WebPros Plesk prior 18.0.73.5/18.0.74.2 on Linux Domain Creation symlink
A vulnerability labeled as critical has been found in WebPros Plesk on Linux. The impacted element is an unknown function
CVE-2025-62686 | Plugin Alliance Installation Manager 1.4.0 on macOS InstallationHelper Service DYLD_INSERT_LIBRARIES injection
A vulnerability marked as problematic has been reported in Plugin Alliance Installation Manager 1.4.0 on macOS. This affects an unknown
CVE-2024-32641 | MasaCMS up to 7.2.7/7.3.12/7.4.5 addParam criteria code injection
A vulnerability described as critical has been identified in MasaCMS up to 7.2.7/7.3.12/7.4.5. This impacts the function addParam. Such manipulation
CVE-2025-13492 | HP Image Assistant up to 5.3.2 race condition
A vulnerability classified as critical has been found in HP Image Assistant up to 5.3.2. Affected is an unknown function.
CVE-2025-65843 | Aquarius Desktop 3.0.069 on macOS ~/Library/Logs/Aquarius information disclosure
A vulnerability classified as problematic was found in Aquarius Desktop 3.0.069 on macOS. Affected by this vulnerability is an unknown
CVE-2024-32642 | MasaCMS up to 7.2.7/7.3.12/7.4.5 Password Reset origin validation
A vulnerability, which was classified as critical, has been found in MasaCMS up to 7.2.7/7.3.12/7.4.5. Affected by this issue is
CVE-2025-13751 | OpenVPN up to 2.7_rc2 on Windows Interactive Service Agent allocation of resources
A vulnerability, which was classified as problematic, was found in OpenVPN up to 2.7_rc2 on Windows. This affects an unknown
CVE-2025-55076 | Plugin Alliance Installation Manager 1.4.0 InstallationHelper Service system Local Privilege Escalation
A vulnerability has been found in Plugin Alliance Installation Manager 1.4.0 and classified as critical. This vulnerability affects the function
CVE-2025-11727 | Omnichannel for WooCommerce Plugin up to 1.3.65 on WordPress sync cross site scripting
A vulnerability was found in Omnichannel for WooCommerce Plugin up to 1.3.65 on WordPress and classified as problematic. This issue
CVE-2025-12686 | Synology BeeStation Plus auth_info stack-based overflow (ZDI-25-1039)
A vulnerability was found in Synology BeeStation Plus. It has been classified as critical. Impacted is an unknown function. Performing
CVE-2025-13392 | Synology DiskStation DS925+ SYNOPAMSSO::samlAuth improper authentication (ZDI-25-1040)
A vulnerability was found in Synology DiskStation DS925+. It has been declared as critical. The affected element is the function
CVE-2025-66288 | Parallels Toolbox CleanDrive link following (ZDI-25-1015)
A vulnerability was found in Parallels Toolbox. It has been rated as critical. The impacted element is an unknown function
CVE-2025-11379 | WebP Express Plugin up to 0.25.9 on WordPress information disclosure
A vulnerability categorized as problematic has been discovered in WebP Express Plugin up to 0.25.9 on WordPress. This affects an
CVE-2025-57200 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 test_mail command injection
A vulnerability classified as critical was found in AVTECH DGM1104 FullImg-1015-1004-1006-1003. This affects the function test_mail. Such manipulation leads to
CVE-2025-57198 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 Machine.cgi command injection
A vulnerability, which was classified as critical, has been found in AVTECH DGM1104 FullImg-1015-1004-1006-1003. This impacts an unknown function of
CVE-2025-57201 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 SMB Server command injection
A vulnerability, which was classified as critical, was found in AVTECH DGM1104 FullImg-1015-1004-1006-1003. Affected is an unknown function of the
CVE-2025-53841 | Akamai Guardicore Platform Agent up to 50.14.x/51.11.x/52.1.0 inclusion of functionality from untrusted control sphere
A vulnerability has been found in Akamai Guardicore Platform Agent up to 50.14.x/51.11.x/52.1.0 and classified as critical. Affected by this
CVE-2025-65267 | ERPNext/Frappe SVG Avatar Image cross site scripting
A vulnerability was found in ERPNext and Frappe and classified as problematic. Affected by this issue is some unknown functionality
CVE-2025-55182 | Meta react-server-dom-webpack 19.0.0/19.1.0/19.1.1/19.2.0 React Server deserialization
A vulnerability was found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel 19.0.0/19.1.0/19.1.1/19.2.0. It has been classified as critical. This affects an
CVE-2025-57199 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 NetFailDetectD command injection
A vulnerability was found in AVTECH DGM1104 FullImg-1015-1004-1006-1003. It has been declared as critical. This vulnerability affects unknown code of
CVE-2025-7044 | Ubuntu MAAS up to 3.3.10/3.4.8/3.5.8/3.6.1 WebSocket Request is_superuser privileges management
A vulnerability was found in Ubuntu MAAS up to 3.3.10/3.4.8/3.5.8/3.6.1. It has been rated as critical. This issue affects some
openSUSE Leap 16.0 Python-Cbor2 Important Issues Addressed 2025-20133-1
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13947 | WebKitGTK information disclosure
A vulnerability described as problematic has been identified in WebKitGTK. The affected element is an unknown function. The manipulation results
CVE-2025-39665 | Nagvis Checkmk MultisiteAuth up to 1.9.47 information exposure
A vulnerability classified as problematic has been found in Nagvis Checkmk MultisiteAuth up to 1.9.47. The impacted element is an
Debian 11: Mako Important Denial of Service Fix DLA-4393-1 CVE-2022-40023
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular
CVE-2025-13945 | Wireshark 4.6.0 HTTP3 Dissector improperly controlled sequential memory allocation (ID 20860)
A vulnerability was found in Wireshark 4.6.0. It has been classified as problematic. Affected is an unknown function of the
CVE-2025-13946 | Wireshark up to 4.4.10/4.6.0 MEGACO Dissector infinite loop (ID 20884)
A vulnerability was found in Wireshark up to 4.4.10/4.6.0. It has been declared as problematic. Affected by this vulnerability is
CVE-2025-12744 | ABRT up to 2.17.6 os command injection
A vulnerability was found in ABRT up to 2.17.6. It has been rated as critical. Affected by this issue is
CVE-2025-13472 | Perforce BlazeMeter Plugin up to 4.26 on Jenkins authorization
A vulnerability categorized as problematic has been discovered in Perforce BlazeMeter Plugin up to 4.26 on Jenkins. This affects an
CVE-2025-29864 | ESTsoft ALZip up to 12.28 on Windows protection mechanism
A vulnerability identified as critical has been detected in ESTsoft ALZip up to 12.28 on Windows. This vulnerability affects unknown
CVE-2025-13948 | opsre go-ldap-admin up to 20251011 JWT docker-compose.yaml secret key hard-coded key
A vulnerability labeled as problematic has been found in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing
CVE-2025-13949 | ProudMuBai GoFilm 1.0.0/1.0.1 FileController.go SingleUpload File unrestricted upload
A vulnerability marked as critical has been reported in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file
Fedora 41 Applies Critical Security Patch for NextCloud 32.0.3 Update
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753LinuxSecurity – Security AdvisoriesRead More
Fedora 41: restic 0.18.1 Advisory – Urgent Security Concerns Identified
Update to 0.18.1LinuxSecurity – Security AdvisoriesRead More
Fedora 41: openbao 2.4.4 Important Security Issues DoS 2025-45a7dd8f10
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189,
CVE-2025-64298 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Microsoft SQLServer Express permission assignment (icsma-25-336-01)
A vulnerability classified as critical has been found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. Affected by
CVE-2025-62575 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Microsoft SQL Server Database permission assignment (icsma-25-336-01)
A vulnerability classified as critical was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. This affects an
CVE-2025-65657 | FeehiCMS 2.1.1 unrestricted upload (Issue 78)
A vulnerability, which was classified as critical, has been found in FeehiCMS 2.1.1. This vulnerability affects unknown code. The manipulation
CVE-2025-65380 | PHPGurukul Billing System 1.0 /admin/index.php Username sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Billing System 1.0. This issue affects some unknown processing
CVE-2025-12954 | MotoPress Timetable and Event Schedule Plugin up to 2.4.15 on WordPress authorization (EUVD-2025-200729)
A vulnerability has been found in MotoPress Timetable and Event Schedule Plugin up to 2.4.15 on WordPress and classified as
CVE-2025-66476 | Vim up to 9.1.1946 on Windows cmd.exe uncontrolled search path (GHSA-g77q-xrww-p834 / 083ec6d9a3b7b09006e0ce69ac802597d25)
A vulnerability was found in Vim up to 9.1.1946 on Windows and classified as problematic. The affected element is an
CVE-2025-65955 | ImageMagick up to 6.9.13-33/7.1.2-8 Magick++ Layer Options::fontFamily double free (GHSA-q3hc-j9x5-mp9m)
A vulnerability was found in ImageMagick up to 6.9.13-33/7.1.2-8. It has been classified as critical. The impacted element is the
CVE-2025-61940 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 SQL Server client-side authentication (icsma-25-336-01)
A vulnerability was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. It has been declared as critical.
CVE-2025-64642 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Installation Directory permission assignment (icsma-25-336-01)
A vulnerability was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. It has been rated as problematic.
CVE-2025-64778 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 hard-coded credentials (icsma-25-336-01)
A vulnerability categorized as critical has been discovered in Mirion Medical EC2 Software NMIS BioDose up to 22.02. Affected is
CVE-2025-55181 | Facebook proxygen up to 2025.12.01.00 Body proxygen::coro iteration
A vulnerability identified as problematic has been detected in Facebook proxygen up to 2025.12.01.00. Affected by this vulnerability is the
CVE-2025-13342 | DynamiApps Frontend Admin Plugin up to 3.28.20 on WordPress ActionOptions::run
A vulnerability labeled as critical has been found in DynamiApps Frontend Admin Plugin up to 3.28.20 on WordPress. Affected by
CVE-2025-13390 | WP Directory Kit Plugin up to 1.4.4 on WordPress wdk_generate_auto_login_link improper authentication
A vulnerability marked as critical has been reported in WP Directory Kit Plugin up to 1.4.4 on WordPress. This affects
CVE-2025-13109 | Husky Plugin up to 1.3.7.2 on WordPress woof_add_query/woof_remove_query resource injection
A vulnerability described as critical has been identified in Husky Plugin up to 1.3.7.2 on WordPress. This vulnerability affects the
CVE-2025-13756 | Fluent Booking Plugin up to 1.9.11 on WordPress importCalendar authorization
A vulnerability classified as critical has been found in Fluent Booking Plugin up to 1.9.11 on WordPress. This issue affects