A vulnerability described as problematic has been identified in WebKitGTK. The affected element is an unknown function. The manipulation results
Vulnerabilities
CVE-2025-13109 | Husky Plugin up to 1.3.7.2 on WordPress woof_add_query/woof_remove_query resource injection
A vulnerability described as critical has been identified in Husky Plugin up to 1.3.7.2 on WordPress. This vulnerability affects the
CVE-2025-13756 | Fluent Booking Plugin up to 1.9.11 on WordPress importCalendar authorization
A vulnerability classified as critical has been found in Fluent Booking Plugin up to 1.9.11 on WordPress. This issue affects
CVE-2025-12358 | ShopEngine Plugin up to 4.8.5 on WordPress Wishlist post_add_to_list cross-site request forgery
A vulnerability classified as problematic was found in ShopEngine Plugin up to 4.8.5 on WordPress. Impacted is the function post_add_to_list
CVE-2025-13354 | Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on WordPress taxopress_merge_terms_batch authorization
A vulnerability, which was classified as problematic, has been found in Tag, Category, and Taxonomy Manager Plugin up to 3.40.1
CVE-2025-13359 | Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on WordPress sql injection
A vulnerability, which was classified as critical, was found in Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on
CVE-2025-12887 | Post SMTP Plugin up to 3.6.1 on WordPress handle_gmail_oauth_redirect authorization
A vulnerability has been found in Post SMTP Plugin up to 3.6.1 on WordPress and classified as problematic. This affects
CVE-2025-13401 | Autoptimize Plugin up to 3.1.13 on WordPress create_img_preload_tag cross site scripting
A vulnerability was found in Autoptimize Plugin up to 3.1.13 on WordPress and classified as problematic. This impacts the function
Fedora 42: rclone Security Advisory RHSA-2025:5f73919942 – Update 1.72.0
Update to 1.72.0LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Crucial Restic Security Advisory CVE-2025-47910 Update
Update to 0.18.1LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Critical NextCloud 32.0.2 Authorization Bypass Advisory
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753LinuxSecurity – Security AdvisoriesRead More
Fedora 42: TigerVNC Important CVE Fixes for Remote Access 2025-f59b250c31
Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231LinuxSecurity – Security AdvisoriesRead More
Fedora 43: openbao Critical Root Escalation Fix 2025-c7f4367479
update to upstream 2.4.4, fixing CVE-2025-64761. Adds hsm tag. The fedora-43 build was done with golang-1.25.4 which fixed CVE-2025-58189, CVE-2025-58188,
Fedora 42: openbao Critical CVE-2025-64761 Privileged Escalation Advisory
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.LinuxSecurity
Debian: Critical Denial of Service & Privilege Escalation DSA-6067-1
Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege
Debian 11: Xen Critical Privilege Escalation DSA-6068-1 CVE-2024-28956
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege
CVE-2025-13633 | Google Chrome up to 142.0.7444.175 Digital Credentials use after free (ID 458082)
A vulnerability identified as critical has been detected in Google Chrome. Impacted is an unknown function of the component Digital
CVE-2025-13630 | Google Chrome up to 142.0.7444.175 V8 type confusion (ID 456547)
A vulnerability labeled as critical has been found in Google Chrome. The affected element is an unknown function of the
CVE-2025-13631 | Google Chrome up to 142.0.7444.175 on macOS Google Updater Remote Code Execution (ID 448113)
A vulnerability marked as critical has been reported in Google Chrome on macOS. The impacted element is an unknown function
CVE-2025-13636 | Google Chrome up to 142.0.7444.175 Split View ui layer (ID 446181)
A vulnerability described as problematic has been identified in Google Chrome. This affects an unknown function of the component Split
CVE-2025-13637 | Google Chrome up to 142.0.7444.175 Downloads access control (ID 392375)
A vulnerability classified as critical has been found in Google Chrome. This impacts an unknown function of the component Downloads.
CVE-2025-13638 | Google Chrome up to 142.0.7444.175 Media Stream use after free (ID 448046)
A vulnerability classified as critical was found in Google Chrome. Affected is an unknown function of the component Media Stream.
CVE-2025-13639 | Google Chrome up to 142.0.7444.175 WebRTC access control (ID 448408)
A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this vulnerability is an unknown
CVE-2025-13720 | Google Chrome up to 142.0.7444.175 Loader type conversion (ID 457818)
A vulnerability, which was classified as critical, was found in Google Chrome. Affected by this issue is some unknown functionality
CVE-2025-13632 | Google Chrome up to 142.0.7444.175 DevTools sandbox (ID 439058)
A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown part of the component
CVE-2025-65379 | PHPGurukul Billing System 1.0 password-recovery.php username/mobileno sql injection
A vulnerability was found in PHPGurukul Billing System 1.0 and classified as critical. This vulnerability affects unknown code of the
CVE-2025-13634 | Google Chrome up to 142.0.7444.175 on Windows Downloads Remote Code Execution (ID 429140)
A vulnerability was found in Google Chrome on Windows. It has been classified as critical. This issue affects some unknown
CVE-2025-13635 | Google Chrome up to 142.0.7444.175 Downloads ui layer (ID 405727)
A vulnerability was found in Google Chrome. It has been declared as problematic. Impacted is an unknown function of the
CVE-2025-13640 | Google Chrome up to 142.0.7444.175 Passwords improper authentication (ID 452071)
A vulnerability was found in Google Chrome. It has been rated as critical. The affected element is an unknown function
CVE-2025-13721 | Google Chrome up to 142.0.7444.175 v8 race condition (ID 355120)
A vulnerability categorized as problematic has been discovered in Google Chrome. The impacted element is an unknown function of the
CVE-2025-61729 | crypto-x509 up to 1.24.10/1.25.4 on Go HostnameError.Error resource consumption
A vulnerability identified as problematic has been detected in crypto-x509 up to 1.24.10/1.25.4 on Go. This affects the function HostnameError.Error.
CVE-2025-65877 | Lvzhou CMS Title sql injection
A vulnerability labeled as critical has been found in Lvzhou CMS. This impacts an unknown function of the component com.wanli.lvzhoucms.service.ContentService#findPage.
CVE-2025-66468 | aimeos ai-cms-grapesjs cross site scripting (GHSA-424m-fj2q-g7vg)
A vulnerability marked as problematic has been reported in aimeos ai-cms-grapesjs. Affected is an unknown function. This manipulation causes cross
CVE-2025-13486 | Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress prepare_form Remote Code Execution
A vulnerability described as critical has been identified in Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress. Affected by
CVE-2025-65105 | Apptainer up to 1.4.4 symlink (GHSA-j3rw-fx6g-q46j)
A vulnerability was found in Apptainer up to 1.4.4. It has been classified as critical. The affected element is an
CVE-2025-66416 | modelcontextprotocol python-sdk up to 1.22.x insecure default initialization of resource
A vulnerability was found in modelcontextprotocol python-sdk up to 1.22.x. It has been declared as problematic. The impacted element is
CVE-2025-12630 | Upload.am Plugin up to 1.0.0 on WordPress AJAX Request authorization
A vulnerability was found in Upload.am Plugin up to 1.0.0 on WordPress. It has been rated as problematic. This affects
CVE-2025-65358 | edoc-doctor-appointment-system 1.0.1 /admin/appointment.php docid sql injection
A vulnerability categorized as critical has been discovered in edoc-doctor-appointment-system 1.0.1. This impacts an unknown function of the file /admin/appointment.php.
CVE-2025-65656 | Dcat-Admin up to 2.2.3-beta VersionManager.php file inclusion
A vulnerability identified as problematic has been detected in Dcat-Admin up to 2.2.3-beta. Affected is an unknown function of the
CVE-2025-13827 | Mautic up to 4.4.17/5.2.8/6.0.6 GrapesJS Builder unrestricted upload (GHSA-5xw2-57jx-pgjp)
A vulnerability labeled as critical has been found in Mautic up to 4.4.17/5.2.8/6.0.6. Affected by this vulnerability is an unknown
CVE-2025-64750 | sylabs singularity up to 4.1.10/4.3.4 /proc symlink (GHSA-fh74-hm69-rqjw)
A vulnerability marked as critical has been reported in sylabs singularity up to 4.1.10/4.3.4. Affected by this issue is some
CVE-2025-66399 | Cacti up to 1.2.28 SNMP command injection (GHSA-c7rr-2h93-7gjf)
A vulnerability described as critical has been identified in Cacti up to 1.2.28. This affects an unknown part of the
CVE-2025-60736 | code-projects Online Medicine Guide 1.0 /login.php upass sql injection
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of
CVE-2025-58113 | PDF-XChange Editor 10.7.3.401 EMF File Parser out-of-bounds (TALOS-2025-2280)
A vulnerability classified as problematic was found in PDF-XChange Editor 10.7.3.401. This issue affects some unknown processing of the component
CVE-2025-58386 | Terminalfour up to 8.4.1.1 User Management userLevel improper authorization
A vulnerability, which was classified as critical, has been found in Terminalfour up to 8.4.1.1. Impacted is an unknown function
CVE-2025-13828 | Mautic up to 4.4.17/5.2.8/6.0.6 authorization (GHSA-3fq7-c5m8-g86x)
A vulnerability, which was classified as critical, was found in Mautic up to 4.4.17/5.2.8/6.0.6. The affected element is an unknown
CVE-2025-60854 | D-Link R15 up to 1.20.01 Password Change model name command injection
A vulnerability has been found in D-Link R15 up to 1.20.01 and classified as critical. The impacted element is an
CVE-2025-66409 | Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 out-of-bounds
A vulnerability was found in Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 and classified as problematic. This affects an unknown function. Such
CVE-2025-66414 | modelcontextprotocol typescript-sdk up to 1.23.x insecure default initialization of resource
A vulnerability was found in modelcontextprotocol typescript-sdk up to 1.23.x. It has been classified as problematic. This impacts an unknown
CVE-2025-65215 | SourceCodester Web-based Pharmacy Product Management System 1.0 add-supplier.php Name cross site scripting
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. Affected is
CVE-2025-65881 | SourceCodester Zoo Management System 1.0 /classes/Login.php cross site scripting
A vulnerability was found in SourceCodester Zoo Management System 1.0. It has been rated as problematic. Affected by this vulnerability
CVE-2025-65187 | CiviCRM up to 6.6 Accounting Batches cross site scripting
A vulnerability categorized as problematic has been discovered in CiviCRM up to 6.6. Affected by this issue is some unknown
CVE-2025-52622 | HCL BigFix SaaS Remediate insecure default initialization of resource (KB0127171)
A vulnerability identified as critical has been detected in HCL BigFix SaaS Remediate. This affects an unknown part. This manipulation
CVE-2025-65844 | EverShop 2.0.1 /api/images unrestricted upload (Issue 819)
A vulnerability labeled as critical has been found in EverShop 2.0.1. This vulnerability affects unknown code of the file /api/images.
CVE-2025-65186 | Grav CMS 1.7.49 Page Editor cross site scripting
A vulnerability marked as problematic has been reported in Grav CMS 1.7.49. This issue affects some unknown processing of the
CVE-2025-64070 | SourceCodester Student Grades Management System 1.0 Add New Subject Description cross site scripting
A vulnerability described as problematic has been identified in SourceCodester Student Grades Management System 1.0. Impacted is an unknown function.
CVE-2025-66454 | ArcadeAI arcade-mcp up to 1.5.3 hard-coded key
A vulnerability classified as critical has been found in ArcadeAI arcade-mcp up to 1.5.3. The affected element is an unknown
CVE-2025-34352 | JumpCloud Remote Assist up to 0.316.x on Windows DeleteFileW temp file
A vulnerability classified as critical was found in JumpCloud Remote Assist up to 0.316.x on Windows. The impacted element is
CVE-2025-66460 | lookyloo up to 1.35.2 cross site scripting
A vulnerability, which was classified as problematic, has been found in lookyloo up to 1.35.2. This affects an unknown function.
CVE-2025-66459 | lookyloo up to 1.35.2 Error cross site scripting
A vulnerability, which was classified as problematic, was found in lookyloo up to 1.35.2. This impacts an unknown function. Such
CVE-2025-66458 | lookyloo up to 1.35.2 cross site scripting
A vulnerability has been found in lookyloo up to 1.35.2 and classified as problematic. Affected is an unknown function. Performing
CVE-2025-65896 | long2ice assyncmy up to 0.2.10 Dict Key sql injection
A vulnerability was found in long2ice assyncmy up to 0.2.10 and classified as critical. Affected by this vulnerability is an
CVE-2025-10304 | Everest Backup Plugin up to 2.3.8 on WordPress process_status_unlink authorization
A vulnerability was found in Everest Backup Plugin up to 2.3.8 on WordPress. It has been classified as critical. Affected
CVE-2025-57850 | codeready-ws /etc/passwd permission
A vulnerability was found in codeready-ws. It has been declared as critical. This affects an unknown part of the file
CVE-2025-13510 | Iskra iHUB/iHUB Lite missing authentication (icsa-25-336-02)
A vulnerability was found in Iskra iHUB and iHUB Lite. It has been rated as critical. This vulnerability affects unknown
CVE-2025-13658 | Industrial Video & Control Longwatch up to 6.334 HTTP GET Request code injection (icsa-25-336-01)
A vulnerability categorized as critical has been discovered in Industrial Video & Control Longwatch up to 6.334. This issue affects
CVE-2025-13372 | Django up to 4.2.26/5.1.14/5.2.8 FilteredRelation QuerySet.annotate/QuerySet.alias sql injection (EUVD-2025-200249)
A vulnerability classified as critical has been found in Django up to 4.2.26/5.1.14/5.2.8. Affected by this vulnerability is the function
CVE-2025-64460 | Django up to 4.2.26/5.1.14/5.2.8 algorithmic complexity (EUVD-2025-200248)
A vulnerability classified as problematic was found in Django up to 4.2.26/5.1.14/5.2.8. Affected by this issue is some unknown functionality
CVE-2025-59703 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7
A vulnerability, which was classified as problematic, has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi
CVE-2025-59704 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 BIOS Menu Local Privilege Escalation
A vulnerability, which was classified as critical, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up
CVE-2025-63872 | DeepSeek up to 3.2 SVG cross site scripting
A vulnerability has been found in DeepSeek up to 3.2 and classified as problematic. This issue affects some unknown processing
CVE-2025-13495 | FluentCart Plugin up to 1.3.1 on WordPress groupKey sql injection
A vulnerability was found in FluentCart Plugin up to 1.3.1 on WordPress and classified as critical. Impacted is an unknown
CVE-2025-41066 | Horde Groupware 5.2.22 /imp/attachment.php id/u information disclosure
A vulnerability categorized as problematic has been discovered in Horde Groupware 5.2.22. This vulnerability affects unknown code of the file
CVE-2025-65858 | Calibre-Web 0.6.25 /ajax/listusers Username cross site scripting
A vulnerability identified as problematic has been detected in Calibre-Web 0.6.25. This issue affects some unknown processing of the file
CVE-2025-13295 | Argus BILGER up to 2.4.8 Message Identifier insertion of sensitive information into sent data
A vulnerability labeled as problematic has been found in Argus BILGER up to 2.4.8. Impacted is an unknown function of
CVE-2025-59695 | Entrust nShield Connect XC/nShield 5c/nShield HSMi Chassis Management Board improper authentication
A vulnerability marked as critical has been reported in Entrust nShield Connect XC, nShield 5c and nShield HSMi. The affected
CVE-2025-59699 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 USB Device Local Privilege Escalation
A vulnerability described as critical has been identified in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to
CVE-2025-59700 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Recovery Partition Local Privilege Escalation
A vulnerability classified as critical has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to
CVE-2025-59697 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Legacy GRUB Bootloader Configuration Local Privilege Escalation
A vulnerability classified as critical was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7.
CVE-2025-59701 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Appliance SSD information disclosure
A vulnerability, which was classified as problematic, has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi
CVE-2025-59702 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7
A vulnerability, which was classified as problematic, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up
CVE-2025-59696 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Chassis Management Board
A vulnerability has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified
CVE-2025-59698 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 EOL Legacy Bootloader Local Privilege Escalation
A vulnerability was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified as
CVE-2025-13505 | Datateam Information Datactive prior 2.14.0.6 cross site scripting
A vulnerability was found in Datateam Information Datactive. It has been classified as problematic. This vulnerability affects unknown code. The
CVE-2025-59693 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Chassis Management Board Local Privilege Escalation
A vulnerability was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. It has been
CVE-2025-59694 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 Chassis Management Board Local Privilege Escalation
A vulnerability was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. It has been
CVE-2025-59705 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 USB Interface improper authorization
A vulnerability categorized as critical has been discovered in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to
CVE-2025-13645 | Modula Image Gallery Plugin 2.13.1/2.13.2 on WordPress Path Validation ajax_unzip_file denial of service
A vulnerability identified as problematic has been detected in Modula Image Gallery Plugin 2.13.1/2.13.2 on WordPress. The impacted element is
CVE-2025-13646 | Modula Image Gallery Plugin up to 2.13.1/2.13.2 on WordPress ajax_unzip_file race condition
A vulnerability labeled as problematic has been found in Modula Image Gallery Plugin up to 2.13.1/2.13.2 on WordPress. This affects
CVE-2025-12585 | MxChat Plugin up to 2.5.5 on WordPress Conversation information disclosure
A vulnerability marked as problematic has been reported in MxChat Plugin up to 2.5.5 on WordPress. This impacts an unknown
CVE-2025-13448 | CSSIgniter Shortcodes Plugin up to 2.4.1 on WordPress Shortcode element cross site scripting
A vulnerability described as problematic has been identified in CSSIgniter Shortcodes Plugin up to 2.4.1 on WordPress. Affected is an
CVE-2025-13879 | SOLIDserver IPAM 8.2.3 list directory path traversal
A vulnerability described as critical has been identified in SOLIDserver IPAM 8.2.3. Affected by this issue is some unknown functionality
CVE-2025-13353 | Cloudflare gokey up to 0.1.x random values (GHSA-69jw-4jj8-fcxm)
A vulnerability classified as problematic has been found in Cloudflare gokey up to 0.1.x. This affects an unknown part. This
CVE-2025-11783 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 AddEvent stack-based overflow
A vulnerability classified as critical was found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2. This vulnerability affects the function AddEvent. Such
CVE-2025-41742 | Sprecher Automation SPRECON-E-C/SPRECON-E-P/SPRECON-E-T3 default key
A vulnerability, which was classified as very critical, has been found in Sprecher Automation SPRECON-E-C, SPRECON-E-P and SPRECON-E-T3. This issue
CVE-2025-41744 | Sprecher Automation SPRECON-E-C/SPRECON-E-P/SPRECON-E-T3 default key
A vulnerability, which was classified as critical, was found in Sprecher Automation SPRECON-E-C, SPRECON-E-P and SPRECON-E-T3. Impacted is an unknown
CVE-2025-11778 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 TACACSPLUS read_packet heap-based overflow
A vulnerability has been found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2 and classified as critical. The affected element is the
CVE-2025-11780 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 showMeterReport buffer overflow
A vulnerability was found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2 and classified as critical. The impacted element is the function
CVE-2025-11784 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 ShowMeterDatabase meter stack-based overflow
A vulnerability was found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2. It has been classified as critical. This affects the function
CVE-2025-11785 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 ShowMeterPasswords meter stack-based overflow
A vulnerability was found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2. It has been declared as critical. This impacts the function
CVE-2025-11779 | Circutor SGE-PLC1000/SGE-PLC50 9.0.2 SetLan stack-based overflow
A vulnerability was found in Circutor SGE-PLC1000 and SGE-PLC50 9.0.2. It has been rated as critical. Affected is the function