Vulnerabilities

  

CVE-2025-63207 | RVR TEX TEXL-000400 /_Passwd.html access control

A vulnerability has been found in RVR TEX TEXL-000400 and classified as critical. This impacts an unknown function of the

  

CVE-2025-63209 | ELCA Star Transmitter Remote Control 1.25 /setup.xml information disclosure

A vulnerability was found in ELCA Star Transmitter Remote Control 1.25 and classified as problematic. Affected is an unknown function

  

CVE-2025-63210 | Newtec Celox UHD CELOXA504/Celox UHD CELOXA820 21.6.13 /celoxservice injection

A vulnerability was found in Newtec Celox UHD CELOXA504 and Celox UHD CELOXA820 21.6.13. It has been classified as problematic.

  

CVE-2025-64521 | goauthentik up to 2025.8.4/2025.10.1 client_id/client_secret authentication bypass by alternate name

A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been declared as problematic. Affected by this issue

  

CVE-2025-64708 | goauthentik up to 2025.8.4/2025.10.1 session expiration (GHSA-ch7q-53v8-73pc)

A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been rated as problematic. This affects an unknown

  

CVE-2025-63208 | Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8 /probe/core/setup/passwd information disclosure

A vulnerability categorized as problematic has been discovered in Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8. This vulnerability affects unknown

  

CVE-2025-65020 | lukevella rallly up to 4.5.3 polls.duplicate pollId improper authorization (GHSA-44w7-pf32-gv5m)

A vulnerability identified as critical has been detected in lukevella rallly up to 4.5.3. This issue affects some unknown processing

  

CVE-2025-65021 | lukevella rallly up to 4.5.3 pollId improper authorization (GHSA-x7w2-g548-4qg8)

A vulnerability labeled as critical has been found in lukevella rallly up to 4.5.3. Impacted is an unknown function. Executing

  

CVE-2025-65028 | lukevella rallly up to 4.5.3 participantId improper authorization (GHSA-pchc-v5hg-f5gp)

A vulnerability marked as critical has been reported in lukevella rallly up to 4.5.3. The affected element is an unknown

  

CVE-2025-65029 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-f8jc-6746-ww95)

A vulnerability described as critical has been identified in lukevella rallly up to 4.5.3. The impacted element is an unknown

  

CVE-2025-65030 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-4j32-25f9-qgfm)

A vulnerability classified as critical has been found in lukevella rallly up to 4.5.3. This affects an unknown function of

  

CVE-2025-65031 | lukevella rallly up to 4.5.3 Comment Creation Endpoint authorName improper authorization (GHSA-hhfc-6gq7-rrpm)

A vulnerability classified as critical was found in lukevella rallly up to 4.5.3. This impacts an unknown function of the

  

CVE-2025-65032 | lukevella rallly up to 4.5.3 participantId authorization (GHSA-q9m7-chfx-43xw)

A vulnerability, which was classified as problematic, has been found in lukevella rallly up to 4.5.3. Affected is an unknown

  

CVE-2025-13315 | Lynxtechnology Twonky Server 8.5.2 Web Service API unprotected alternate channel

A vulnerability, which was classified as critical, was found in Lynxtechnology Twonky Server 8.5.2. Affected by this vulnerability is an

  

CVE-2025-65089 | xwikisas xwiki-pro-macros up to 1.26.x authorization

A vulnerability has been found in xwikisas xwiki-pro-macros up to 1.26.x and classified as problematic. Affected by this issue is

  

CVE-2025-65033 | lukevella rallly up to 4.5.3 improper authorization (GHSA-4p93-v53r-vch3)

A vulnerability was found in lukevella rallly up to 4.5.3 and classified as critical. This affects an unknown part. The

  

CVE-2025-65034 | lukevella rallly up to 4.5.3 pollId authorization (GHSA-5fp2-pv2j-rqpc)

A vulnerability was found in lukevella rallly up to 4.5.3. It has been classified as problematic. This vulnerability affects unknown

  

CVE-2025-63205 | Bridgetech VB220/VB120/VB330/VB440 6.5.0-9 /probe/core/setup/passwd information disclosure

A vulnerability was found in Bridgetech VB220, VB120, VB330 and VB440 6.5.0-9. It has been declared as problematic. This issue

  

CVE-2025-13316 | Lynxtechnology Twonky Server 8.5.2 hard-coded key

A vulnerability was found in Lynxtechnology Twonky Server 8.5.2. It has been rated as problematic. Impacted is an unknown function.

  

CVE-2025-65025 | esm-dev esm.sh up to 135 CDN Service path traversal (GHSA-h3mw-4f23-gwpw)

A vulnerability categorized as critical has been discovered in esm-dev esm.sh up to 135. The affected element is an unknown

  

CVE-2025-65026 | esm-dev esm.sh up to 135 CDN Service module code injection (GHSA-hcpf-qv9m-vfgp)

A vulnerability identified as critical has been detected in esm-dev esm.sh up to 135. The impacted element is an unknown

  

CVE-2025-65095 | Lookyloo up to 1.35.0 cross site scripting (GHSA-m9g6-23c8-vrxf)

A vulnerability labeled as problematic has been found in Lookyloo up to 1.35.0. This affects an unknown function. The manipulation

  

CVE-2025-65099 | anthropics claude-code up to 1.0.38 Yarn code injection (GHSA-5hhx-v7f6-x7gv)

A vulnerability marked as critical has been reported in anthropics claude-code up to 1.0.38. This impacts an unknown function of

  

CVE-2025-63211 | Bridgetech VBC Server & Element Manager up to 6.5.0-10 userSetupDoc addName cross site scripting

A vulnerability described as problematic has been identified in Bridgetech VBC Server & Element Manager up to 6.5.0-10. Affected is

  

CVE-2025-63206 | Dasan DS2924 1.01.18/1.02.00 Web-based Interface privilege escalation

A vulnerability classified as critical has been found in Dasan DS2924 1.01.18/1.02.00. Affected by this vulnerability is an unknown functionality

  

CVE-2025-5092 | Gallery with Thumbnail Slider Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability classified as problematic was found in Gallery with Thumbnail Slider Plugin on WordPress. Affected by this issue is

  

CVE-2025-5092 | Ibtana Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability, which was classified as problematic, has been found in Ibtana Plugin on WordPress. This affects an unknown part

  

CVE-2025-5092 | Image Hover Effects Ultimate Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability, which was classified as problematic, was found in Image Hover Effects Ultimate Plugin on WordPress. This vulnerability affects

  

CVE-2025-5092 | LightGallery WP Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability has been found in LightGallery WP Plugin on WordPress and classified as problematic. This issue affects some unknown

  

CVE-2025-5092 | OnePress Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability was found in OnePress Plugin on WordPress and classified as problematic. Impacted is an unknown function of the

  

CVE-2025-5092 | Grid KIT Portfolio Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability was found in Grid KIT Portfolio Plugin on WordPress. It has been classified as problematic. The affected element

  

CVE-2025-5092 | Royal Addons for Elementor Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability was found in Royal Addons for Elementor Plugin on WordPress. It has been declared as problematic. The impacted

  

CVE-2025-5092 | TP WooCommerce Product Gallery Plugin on WordPress LightGallery JavaScript Library cross site scripting

A vulnerability was found in TP WooCommerce Product Gallery Plugin on WordPress. It has been rated as problematic. This affects

  

CVE-2025-65100 | ilbers isar 0.11/0.11-rc1 ISAR_APT_SNAPSHOT_DATE protection mechanism

A vulnerability categorized as problematic has been discovered in ilbers isar 0.11/0.11-rc1. This impacts an unknown function. The manipulation of

  

CVE-2025-64759 | homarr-labs homarr up to 1.43.2 SVG File cross site scripting

A vulnerability identified as problematic has been detected in homarr-labs homarr up to 1.43.2. Affected is an unknown function of

  

CVE-2025-13442 | UTT 进取 750W up to 3.2.2-191225 /goform/formPdbUpConfig system policyNames command injection

A vulnerability labeled as critical has been found in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is

  

CVE-2025-10703 | Progress DataDirect Connect for JDBC for Amazon Redshift code injection

A vulnerability classified as critical has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect Connect for

  

CVE-2025-65022 | Portabilis i-Educar up to 2.10.0 agenda.php cod_agenda sql injection (GHSA-4hrj-5gwx-r4w4)

A vulnerability classified as critical was found in Portabilis i-Educar up to 2.10.0. Affected by this vulnerability is an unknown

  

CVE-2025-10702 | Progress DataDirect Connect for JDBC for Amazon Redshift up to 6.0.0.001392 code injection

A vulnerability, which was classified as critical, has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect

  

CVE-2025-65023 | Portabilis i-Educar up to 2.10.0 funcionario_vinculo_cad.php cod_funcionario_vinculo sql injection (GHSA-8rv6-x8h9-fjfc)

A vulnerability, which was classified as critical, was found in Portabilis i-Educar up to 2.10.0. This affects an unknown part

  

CVE-2025-65024 | Portabilis i-Educar up to 2.10.0 agenda_admin_cad.php cod_agenda sql injection (GHSA-6c8p-xqcv-rghx)

A vulnerability has been found in Portabilis i-Educar up to 2.10.0 and classified as critical. This vulnerability affects unknown code

  

CVE-2025-63879 | E-commerce Project up to 1.0 /ecommerce/products.php ID cross site scripting

A vulnerability was found in E-commerce Project up to 1.0 and classified as problematic. This issue affects some unknown processing

  

CVE-2025-63220 | Sound4 FIRST Firmware manual.sh injection

A vulnerability was found in Sound4 FIRST. It has been classified as critical. Impacted is an unknown function of the

  

CVE-2025-63223 | Axel StreamerMAX MK II up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control

A vulnerability was found in Axel StreamerMAX MK II up to 1.0.3. It has been declared as critical. The affected

  

CVE-2025-63221 | Axel Puma up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control

A vulnerability was found in Axel Puma up to 1.0.3. It has been rated as critical. The impacted element is

  

CVE-2025-63219 | ITEL ISO FM SFN Adapter 2.0.0.0 /home.html user session

A vulnerability categorized as critical has been discovered in ITEL ISO FM SFN Adapter 2.0.0.0. This affects an unknown function

  

CVE-2025-63224 | Itel DAB Encoder 25aec8d improper authentication

A vulnerability identified as critical has been detected in Itel DAB Encoder 25aec8d. This impacts an unknown function. The manipulation

  

CVE-2025-12766 | BlackBerry AtHoc 7.21 Management Console authorization

A vulnerability labeled as problematic has been found in BlackBerry AtHoc 7.21. Affected is an unknown function of the component

  

CVE-2025-63878 | Restaurant Website Restoran 1.0 Contact Form Page sql injection

A vulnerability marked as critical has been reported in Restaurant Website Restoran 1.0. Affected by this vulnerability is an unknown

  

CVE-2025-34337 | eGovFramework egovframe-common-components up to 4.3.1 Image Upload Endpoint /utl/wed/insertImage.do data authenticity

A vulnerability described as problematic has been identified in eGovFramework egovframe-common-components up to 4.3.1. Affected by this issue is some

  

CVE-2025-34332 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Windows Service ajaxPost.php system default permission

A vulnerability classified as critical has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. This affects

  

CVE-2025-34331 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Endpoint download.php path/filename missing authentication

A vulnerability classified as critical was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. This vulnerability affects

  

CVE-2025-34329 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Web Interface ajaxBackupUploadFile.php unrestricted upload

A vulnerability, which was classified as critical, has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23.

  

CVE-2025-34328 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 on Windows ajaxScript.php unrestricted upload

A vulnerability, which was classified as critical, was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 on

  

CVE-2025-34330 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 ajaxPromptUploadFile.php unrestricted upload

A vulnerability has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 and classified as critical. The

  

CVE-2025-34335 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 License Upload Interface ActivateLicense.php os command injection

A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 and classified as critical. The impacted

  

CVE-2025-34334 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Fax Test Interface TestFax.php os command injection

A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. It has been classified as critical.

  

CVE-2025-34336 | eGovFramework egovframe-common-components up to 4.3.1 /utl/wed/insertImage.do unrestricted upload

A vulnerability was found in eGovFramework egovframe-common-components up to 4.3.1. It has been declared as critical. This impacts an unknown

  

CVE-2025-34333 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 HTTP Request default permission

A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. It has been rated as critical.

  

CVE-2025-12743 | Google Looker up to 25.13 schemas sql injection (gcp-2025-052)

A vulnerability categorized as critical has been discovered in Google Looker up to 25.13. Affected by this vulnerability is an

  

CVE-2025-64765 | withastro up to 5.15.7 decodeURI path traversal

A vulnerability identified as critical has been detected in withastro astro up to 5.15.7. Affected by this issue is the

  

CVE-2025-64757 | withastro up to 5.14.2 Image Optimization Endpoint path traversal

A vulnerability labeled as critical has been found in withastro astro up to 5.14.2. This affects an unknown part of

  

CVE-2025-64764 | withastro up to 5.15.7 cross site scripting

A vulnerability marked as problematic has been reported in withastro astro up to 5.15.7. This vulnerability affects unknown code. Performing

  

CVE-2025-65019 | withastro up to 5.15.8 Image Optimization Endpoint isRemoteAllowed cross site scripting

A vulnerability described as problematic has been identified in withastro astro up to 5.15.8. This issue affects the function isRemoteAllowed

  

CVE-2025-12778 | Ultimate Member Widgets for Elementor Plugin up to 2.3 on WordPress handle_filter_users authorization

A vulnerability classified as problematic has been found in Ultimate Member Widgets for Elementor Plugin up to 2.3 on WordPress.

  

CVE-2025-13433 | Muse Group MuseHub 2.1.0.1567 Windows Service Muse.Updater.exe unquoted search path

A vulnerability classified as problematic was found in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of

  

CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER[‘HOST’] http headers for scripting syntax

A vulnerability, which was classified as problematic, has been found in jameschz Hush Framework 2.0. The impacted element is an

  

CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal

A vulnerability, which was classified as critical, was found in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request

  

CVE-2025-13410 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/receipt.php tid sql injection

A vulnerability, which was classified as critical, was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an

  

CVE-2025-13411 | Campcodes Retro Basketball Shoes Online Store 1.0 admin_football.php product_image unrestricted upload

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. Affected by this

  

CVE-2025-13412 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/admin_running.php product_name cross site scripting

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as problematic. Affected by this issue

  

CVE-2025-13415 | icret EasyImages up to 2.8.6 SVG Image /app/upload.php File cross site scripting (Issue 260)

A vulnerability was found in icret EasyImages up to 2.8.6. It has been classified as problematic. This affects an unknown

  

CVE-2025-63243 | Pixeon WebLaudos 25.1 URL loginAlterarSenha.asp sle_sSenha cross site scripting

A vulnerability was found in Pixeon WebLaudos 25.1. It has been declared as problematic. This vulnerability affects unknown code of

  

CVE-2025-13420 | itsourcecode Human Resource Management System 1.0 EventStore.php eventSubject sql injection

A vulnerability was found in itsourcecode Human Resource Management System 1.0. It has been rated as critical. This issue affects

  

CVE-2025-13421 | itsourcecode Human Resource Management System 1.0 NoticeStore.php noticeDesc sql injection

A vulnerability categorized as critical has been discovered in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function

  

CVE-2025-13422 | freeprojectscodes Sports Club Management System 1.0 change_s_pwd.php login_id sql injection

A vulnerability identified as critical has been detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an

  

CVE-2025-13423 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/admin_product.php product_image unrestricted upload

A vulnerability labeled as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is

  

CVE-2025-13424 | Campcodes Supplier Management System 1.0 /admin/add_product.php txtProductName sql injection

A vulnerability marked as critical has been reported in Campcodes Supplier Management System 1.0. This affects an unknown function of

  

CVE-2025-63218 | Axel WOLF1MS/WOLF2MS up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control

A vulnerability described as critical has been identified in Axel WOLF1MS and WOLF2MS up to 1.0.3. This impacts an unknown

  

CVE-2025-12472 | Google Looker up to 25.10.21 race condition (gcp-2025-052)

A vulnerability identified as critical has been detected in Google Looker up to 25.10.21. This vulnerability affects unknown code. This

  

CVE-2025-10437 | Eksagate Webpack Management System up to 20251119 sql injection

A vulnerability labeled as critical has been found in Eksagate Webpack Management System up to 20251119. This issue affects some

  

CVE-2025-12592 | Vivotek FD7131-VVTK up to 0500b default credentials

A vulnerability marked as very critical has been reported in Vivotek FD7131-VVTK, FD7131-VVTK, FD7141-VVTK, IP7131-VVTK, IP7133-VVTK, IP7134-VVTK, IP7135-VVTK, IP7137-VVTK, IP7138-VVTK,

  

CVE-2024-8527 | Automated Logic WebCTRL up to 9.0 URL Parameter redirect

A vulnerability described as problematic has been identified in Automated Logic WebCTRL up to 9.0. The affected element is an

  

CVE-2025-0421 | Shopside up to 05022025 ui layer

A vulnerability classified as problematic has been found in Shopside up to 05022025. The impacted element is an unknown function.

  

CVE-2024-8528 | Automated Logic WebCTRL up to 9.0 GET Parameter cross site scripting

A vulnerability classified as problematic was found in Automated Logic WebCTRL up to 9.0. This affects an unknown function of

  

CVE-2025-11963 | Saysis StarCities up to 1.1.60 cross site scripting

A vulnerability, which was classified as problematic, has been found in Saysis StarCities up to 1.1.60. This impacts an unknown

  

CVE-2025-13400 | Tenda CH22 1.0.0.1 /goform/WrlExtraGet formWrlExtraGet chkHz buffer overflow

A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. Affected is the function formWrlExtraGet of

  

CVE-2025-11446 | upKeeper Solutions upKeeper Manager up to 5.2.11 log file

A vulnerability was found in upKeeper Solutions upKeeper Manager up to 5.2.11. It has been declared as problematic. Affected by

  

CVE-2025-58412 | Fortinet FortiADC up to 7.2.8/7.4.9/7.6.3/8.0.0 cross site scripting (FG-IR-25-736)

A vulnerability was found in Fortinet FortiADC up to 7.2.8/7.4.9/7.6.3/8.0.0. It has been rated as problematic. Affected by this issue

  

CVE-2025-64408 | Apache Causeway up to 3.4.0/4.0.0-M1 URL Parameter deserialization

A vulnerability categorized as critical has been discovered in Apache Causeway up to 3.4.0/4.0.0-M1. This affects an unknown part of

  

CVE-2025-13397 | mrubyc up to 3.4 src/alloc.c mrbc_raw_realloc ptr null pointer dereference (Issue 244)

A vulnerability was found in mrubyc up to 3.4 and classified as problematic. This impacts the function mrbc_raw_realloc of the

  

CVE-2025-13396 | code-projects Courier Management System 1.0 /add-office.php OfficeName sql injection

A vulnerability has been found in code-projects Courier Management System 1.0 and classified as critical. This affects an unknown function

Mageia 9: Flatpak Critical Access Issue Advisory MGASA-2025-0303
  

Mageia 9: Flatpak Critical Access Issue Advisory MGASA-2025-0303

MGASA-2025-0303 – Updated flatpak & bubblewrap packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More

Mageia 9: CUPS-Filters Critical Heap Overflow Fix MGASA-2025-0304
  

Mageia 9: CUPS-Filters Critical Heap Overflow Fix MGASA-2025-0304

MGASA-2025-0304 – Updated cups-filters packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More

Mageia 9: Thunderbird Important Race Condition Spoofing MGASA-2025-0305
  

Mageia 9: Thunderbird Important Race Condition Spoofing MGASA-2025-0305

MGASA-2025-0305 – Updated thunderbird packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-13051 | ASUSTOR ABP/AES uncontrolled search path

A vulnerability categorized as problematic has been discovered in ASUSTOR ABP and AES. Affected is an unknown function. Executing manipulation

  

CVE-2025-12119 | MongoDB C Driver/PHP Driver mongoc_bulk_operation_t expired pointer dereference

A vulnerability identified as problematic has been detected in MongoDB C Driver and PHP Driver. Affected by this vulnerability is

  

CVE-2025-12852 | NEC RakurakuMusen Start EX uncontrolled search path

A vulnerability labeled as problematic has been found in NEC RakurakuMusen Start EX. Affected by this issue is some unknown

  

CVE-2025-13225 | Tanium TanOS prior 1.8.4.0229/1.8.5.0262 denial of service (TAN-2025-036)

A vulnerability marked as problematic has been reported in Tanium TanOS. This affects an unknown part. This manipulation causes denial

  

CVE-2025-13206 | GiveWP Plugin up to 4.13.0 on WordPress Name cross site scripting

A vulnerability described as problematic has been identified in GiveWP Plugin up to 4.13.0 on WordPress. This vulnerability affects unknown