[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew CVE
CVE posts on X about networks, oracle, ibm, plugin the most. They currently have XXXXXX followers and 1024 posts still getting attention that total XXXXXX engagements in the last XX hours.
Engagements: XXXXXX #
- X Week XXXXXXX -XXXX%
- X Month XXXXXXX +43%
- X Months XXXXXXXXX -XX%
- X Year XXXXXXXXX -XX%
Mentions: XXX #
- X Week XXX -XX%
- X Month XXXXX +47%
- X Months XXXXX -XXXX%
- X Year XXXXXX +22%
Followers: XXXXXX #
- X Week XXXXXX +0.18%
- X Month XXXXXX +0.65%
- X Months XXXXXX +2.20%
- X Year XXXXXX +3.40%
CreatorRank: XXXXXXX #
Social Influence #
Social category influence technology brands XXXX% stocks XXXX% social networks XXXX% finance XXX%
Social topic influence networks 2.25%, oracle 2.05%, ibm 1.46%, plugin 1.37%, has been 1.27%, protocol 1.17%, files 0.78%, ios 0.59%, javascript 0.59%, $2395tw XXXX%
Top accounts mentioned or mentioned by @cveannounce @asuspressroom @notnotnotveg
Top assets mentioned IBM (IBM) Medtronic PLC (MDT) Dell Technologies, Inc. (DELL) PACS Group, Inc. (PACS) Alphabet Inc Class A (GOOGL)
Top Social Posts #
Top posts by engagements in the last XX hours
"CVE-2025-7716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS)"
@CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-53942 authentik is an open-source Identity Provider that emphasizes flexibility and versatility with support for a wide set of protocols. In versions 2025.4.4 and earlier" @CVEnew on X 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-4700 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under specific circumstan" @CVEnew on X 2025-07-23 17:57:05 UTC 55.1K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user" @CVEnew on X 2025-07-11 15:53:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-53885 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows to h" @CVEnew on X 2025-07-14 23:52:04 UTC 55.1K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7962 In Jakarta Mail XXX it is possible to preform a SMTP Injection by utilizing ther and n UTF-8 characters to separate different messages" @CVEnew on X 2025-07-21 17:46:31 UTC 55K followers, XXX engagements
"CVE-2025-6082 The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to and including XXX. This is due to insufficient protecti" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat" @CVEnew on X 2025-07-14 23:16:21 UTC 55.1K followers, XXX engagements
"CVE-2024-12310 A vulnerability in Imprivata Enterprise Access Management(formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows un" @CVEnew on X 2025-07-23 12:32:37 UTC 55.1K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-51396 A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7948 A vulnerability classified as problematic was found in jshERP up to XXX. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/update" @CVEnew on X 2025-07-22 03:09:39 UTC 55K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-54454 Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO X Server allows Authentication Bypass.This issue affects MagicINFO X Server: less than 21" @CVEnew on X 2025-07-23 06:24:31 UTC 55.1K followers, XXX engagements
"CVE-2025-54090 A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65 which fixe" @CVEnew on X 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-4439 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an auth" @CVEnew on X 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7931 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-31952 HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked increasing the risk of unau" @CVEnew on X 2025-07-24 21:36:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7934 A vulnerability which was classified as critical has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the fu" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-5039 A maliciously crafted binary file when present while loading files in certain Autodesk applications could lead to execution of arbitrary code in the context of the cu" @CVEnew on X 2025-07-24 17:40:01 UTC 55.1K followers, XXX engagements
"CVE-2025-54313 eslint-config-prettier 8.10.1 9.1.1 10.1.6 and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install" @CVEnew on X 2025-07-19 16:49:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2015-10141 An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier a PHP debugging extension developed by Derick Rethans. When rem" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2018-25113 An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to re" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-36116 IBM Db2 Mirror for i XXX XXX and XXX GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request an unauthenticated ma" @CVEnew on X 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-46996 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 16:19:20 UTC 55.1K followers, XXX engagements
"CVE-2025-6018 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-36117 IBM Db2 Mirror for i XXX XXX and XXX does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system" @CVEnew on X 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-0765 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an unaut" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-41687 An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in change_label" @CVEnew on X 2025-07-15 20:45:14 UTC 55.1K followers, XXX engagements
"CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-52575 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authent" @CVEnew on X 2025-07-21 18:23:52 UTC 55K followers, XXX engagements
"CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2016-15044 A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices mo" @CVEnew on X 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7947 A vulnerability classified as critical has been found in jshERP up to XXX. Affected is an unknown function of the file /user/delete of the component Account Handler. Th" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2012-10020 The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to and includ" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-34108 A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP P" @CVEnew on X 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7598 A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/set" @CVEnew on X 2025-07-14 11:32:24 UTC 55.1K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component" @CVEnew on X 2025-07-11 15:53:41 UTC 55.1K followers, XXX engagements
"CVE-2025-54122 Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy hand" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-50477 A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages" @CVEnew on X 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-51658 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php" @CVEnew on X 2025-07-14 17:16:52 UTC 55.1K followers, XXX engagements
"CVE-2025-38361 In the Linux kernel the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it WHAT hws was checked for null earlie" @CVEnew on X 2025-07-25 13:14:27 UTC 55.1K followers, XXX engagements
"CVE-2020-36849 The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-e" @CVEnew on X 2025-07-12 12:27:49 UTC 55.1K followers, XXX engagements
"CVE-2025-7715 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This iss" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7404 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web Autocaliweb allows Blind OS Command Injection.T" @CVEnew on X 2025-07-24 20:55:03 UTC 55.1K followers, XXX engagements
"CVE-2025-7917 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability allowing remote attackers with administrator privileges to upload and" @CVEnew on X 2025-07-21 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-51397 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-36845 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-7692 The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.0.5. This is due to the olws_handle_verify_" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7859 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/update_passwo" @CVEnew on X 2025-07-20 01:21:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-34116 A remote command execution vulnerability exists in IPFire before version XXXX Core Update XXX via the 'proxy.cgi' CGI interface. An authenticated attacker can inject" @CVEnew on X 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System XXX. This vulnerability affects unknown code of the file /pages/settings_update" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below the application returns a" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7393 Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:23 UTC 55K followers, XXX engagements
"CVE-2025-4657 A buffer overflow vulnerability was reported in the Lenovo Protection Driver prior to version 5.1.1110.4231 used in Lenovo PC Manager Lenovo Browser and Lenovo App" @CVEnew on X 2025-07-17 19:43:46 UTC 55.1K followers, XXX engagements
"CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below the NodeJS version of HAX CMS has a disabled Conte" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2024-41751 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local authenticated attacker to bypass client-side enf" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 is vulnerable to HTTP header injection caused by improper validation" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7486 The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to and including XXXXXX due to insufficient" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-53537 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below there is a traffic-induced memory leak that can" @CVEnew on X 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-54365 fastapi-guard is a security library for FastAPI that provides middleware to control IPs log requests detect penetration attempts and more. In version 3.0.1 the reg" @CVEnew on X 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-6831 The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to and including 4" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-52080 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 16:21:01 UTC 55K followers, XXX engagements
"CVE-2025-4393 Medtronic MyCareLink Patient Monitor has an internal service that deserializes data which allows a local attacker to interact with the service by crafting a binary pay" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-53084 A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A specially craft" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141" @CVEnew on X 2025-07-22 21:35:26 UTC 55.1K followers, XXX engagements
"CVE-2025-54310 qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp" @CVEnew on X 2025-07-18 19:41:53 UTC 55K followers, XXX engagements
"CVE-2025-7607 A vulnerability which was classified as critical has been found in code-projects Simple Shopping Cart XXX. This issue affects some unknown processing of the file /Cus" @CVEnew on X 2025-07-14 14:17:58 UTC 55.1K followers, XXX engagements
"CVE-2025-47187 A vulnerability in the Mitel 6800 Series 6900 Series and 6900w Series SIP Phones including the 6970 Conference Unit through XXX SP4 could allow an unauthenticated" @CVEnew on X 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2025-4394 Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage which allows an attacker with physical access to read and modify files. This" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-8037 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the S" @CVEnew on X 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX. It has been classified as critical. Affected is the function addGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-51471 Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via" @CVEnew on X 2025-07-22 18:54:34 UTC 55.1K followers, XXX engagements
"CVE-2016-15045 A local privilege escalation vulnerability exists in lastore-daemon the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch" @CVEnew on X 2025-07-08 05:18:03 UTC 55K followers, XXX engagements
"CVE-2025-3614 The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all version" @CVEnew on X 2025-07-24 22:41:17 UTC 55.1K followers, XXX engagements
"CVE-2025-54438 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:27 UTC 55.1K followers, XXX engagements
"CVE-2025-8107 In OceanBase's Oracle tenant mode a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted command" @CVEnew on X 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7525 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /" @CVEnew on X 2025-07-13 09:52:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-53832 Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which e" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires" @CVEnew on X 2025-07-11 13:46:17 UTC 55.1K followers, XXX engagements
"CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7807 A vulnerability which was classified as critical has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlF" @CVEnew on X 2025-07-18 20:55:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-7511 A vulnerability was found in code-projects Chat System XXX and classified as critical. This issue affects some unknown processing of the file /user/update_account.php" @CVEnew on X 2025-07-13 03:19:15 UTC 55K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7717 Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0 from 2.0.0 before 2.0.1" @CVEnew on X 2025-07-21 16:53:01 UTC 55K followers, XXX engagements
"CVE-2025-8029 Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability affects Firefox XXX Firefox ESR XXXXXX Firefox ESR XXXXX Thu" @CVEnew on X 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-49087 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4 a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mod" @CVEnew on X 2025-07-20 18:50:37 UTC 55.1K followers, XXX engagements
"CVE-2025-53028 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 55.1K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage" @CVEnew on X 2025-07-11 15:53:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-41420 A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A specially c" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-7852 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_" @CVEnew on X 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:22 UTC 55.1K followers, XXX engagements
"CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-53101 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26 in ImageMagick's magick mo" @CVEnew on X 2025-07-14 20:18:38 UTC 55.1K followers, XXX engagements
"CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also v" @CVEnew on X 2025-07-16 19:15:30 UTC 55K followers, XXX engagements
"CVE-2025-8123 A vulnerability was found in deerwms deer-wms-2 up to XXX. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipu" @CVEnew on X 2025-07-24 21:36:19 UTC 55.1K followers, XXX engagements
"CVE-2025-38430 In the Linux kernel the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being proce" @CVEnew on X 2025-07-25 14:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d" @CVEnew on X 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-40599 An authenticated arbitrary file upload vulnerability exists in the SMA XXX series web management interface. A remote attacker with administrative privileges can explo" @CVEnew on X 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-1299 An issue has been discovered in GitLab CE/EE affecting all versions starting from XXXX before 18.0.5 all versions starting from XXXX before 18.1.3 all versions starti" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2010-10012 A path traversal vulnerability exists in httpdasm version XXXX a lightweight Windows HTTP server that allows unauthenticated attackers to read arbitrary files on th" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-54018 Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af" @CVEnew on X 2025-07-16 10:48:51 UTC 55K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body" @CVEnew on X 2025-07-11 15:53:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7818 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of" @CVEnew on X 2025-07-19 13:07:50 UTC 55.1K followers, XXX engagements
"CVE-2025-7427 Uncontrolled Search Path Element in Arm Development Studio before 2025may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to lo" @CVEnew on X 2025-07-22 10:18:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-50070 Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low priv" @CVEnew on X 2025-07-15 19:44:28 UTC 55.1K followers, XXX engagements
"CVE-2025-51864 A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat through 2025-05-27 allowing attackers to hijack accounts through sto" @CVEnew on X 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-51472 Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values" @CVEnew on X 2025-07-22 20:45:15 UTC 55.1K followers, XXX engagements
"CVE-2025-33109 IBM i XXX XXX XXX XXX and XXX is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedu" @CVEnew on X 2025-07-24 15:38:22 UTC 55.1K followers, XXX engagements
"CVE-2025-32019 Harbor is an open source trusted cloud native registry project that stores signs and scans content. Versions 2.11.2 and below as well as versions 2.12.0-rc1 and 2" @CVEnew on X 2025-07-23 20:57:25 UTC 55.1K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f" @CVEnew on X 2025-07-11 13:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-7510 A vulnerability has been found in code-projects Modern Bag XXX and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.ph" @CVEnew on X 2025-07-13 01:19:57 UTC 55.1K followers, XXX engagements
"CVE-2025-31955 HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system" @CVEnew on X 2025-07-24 21:36:20 UTC 55.1K followers, XXX engagements
"CVE-2025-32744 Dell AppSync version(s) 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could poten" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-8070 The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by" @CVEnew on X 2025-07-23 07:45:26 UTC 55.1K followers, XXX engagements
"CVE-2025-7936 A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is" @CVEnew on X 2025-07-21 19:50:43 UTC 55K followers, XXX engagements
"CVE-2025-54377 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below RooCode does not validate line breaks (n) in its comma" @CVEnew on X 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-7627 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the fu" @CVEnew on X 2025-07-14 18:23:44 UTC 55K followers, XXX engagements
"CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-36548 A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an" @CVEnew on X 2025-07-11 13:46:16 UTC 55.1K followers, XXX engagements
"CVE-2025-46171 vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.phpdo=buddylist endpoint. If an authenticated user has a sufficiently large buddy list p" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-8038 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Th" @CVEnew on X 2025-07-22 21:35:26 UTC 55.1K followers, XXX engagements
"CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-43720 Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role revealing the" @CVEnew on X 2025-07-21 17:17:42 UTC 55K followers, XXX engagements
"CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-53839 DRACOON is a file sharing service and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Br" @CVEnew on X 2025-07-14 23:33:53 UTC 55.1K followers, XXX engagements
"CVE-2025-51087 Tenda AC8V4 V16.03.34.06 was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer" @CVEnew on X 2025-07-24 15:17:22 UTC 55.1K followers, XXX engagements
"CVE-2022-4978 Remote Control Server maintained bySteppschuh 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled which is the default configurati" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t" @CVEnew on X 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-8115 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality" @CVEnew on X 2025-07-24 19:16:03 UTC 55.1K followers, XXX engagements
"CVE-2025-48732 An incomplete blacklist exists in the .htaccess sample of WWBN AVideo XXXX and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary co" @CVEnew on X 2025-07-24 15:38:22 UTC 55.1K followers, XXX engagements
"CVE-2025-51464 Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to t" @CVEnew on X 2025-07-22 17:46:32 UTC 55.1K followers, XXX engagements
"CVE-2025-7035 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all version" @CVEnew on X 2025-07-16 10:48:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-53882 A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allowspotential escalation from mai" @CVEnew on X 2025-07-23 09:52:23 UTC 55.1K followers, XXX engagements
"CVE-2025-8022 All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the $ shell API due to i" @CVEnew on X 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54296 A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered" @CVEnew on X 2025-07-23 11:33:12 UTC 55.1K followers, XXX engagements
"CVE-2025-53820 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 20:55:16 UTC 55.1K followers, XXX engagements
"CVE-2025-41459 Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attacke" @CVEnew on X 2025-07-21 11:32:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7940 A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functional" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secu" @CVEnew on X 2025-07-15 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7755 A vulnerability was found in code-projects Online Ordering System XXX. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit" @CVEnew on X 2025-07-17 20:56:50 UTC 55.1K followers, XXX engagements
"CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7909 A vulnerability was found in D-Link DIR-513 XXX. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSet" @CVEnew on X 2025-07-20 21:51:51 UTC 55.1K followers, XXX engagements
"CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-8114 A flaw was found in libssh a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process an allocation failure in" @CVEnew on X 2025-07-24 14:49:13 UTC 55.1K followers, XXX engagements
"CVE-2025-51085 Tenda AC8V4 V16.03.34.06 was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument timeZone and timeType leads to stack" @CVEnew on X 2025-07-24 15:17:21 UTC 55.1K followers, XXX engagements
"CVE-2025-51462 Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafte" @CVEnew on X 2025-07-22 20:45:15 UTC 55.1K followers, XXX engagements
"CVE-2024-40682 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local user to cause a denial of service due to improper" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2020-26799 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-51865 Ai2 playground web service LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR) allowing attackers to gain s" @CVEnew on X 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-45731 A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending" @CVEnew on X 2025-07-24 13:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 a" @CVEnew on X 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-2634 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful" @CVEnew on X 2025-07-23 15:59:49 UTC 55.1K followers, XXX engagements
"CVE-2025-38366 In the Linux kernel the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is" @CVEnew on X 2025-07-25 13:14:25 UTC 55.1K followers, XXX engagements
"CVE-2018-25114 A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7687 The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or i" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7512 A vulnerability was found in code-projects Modern Bag XXX. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipu" @CVEnew on X 2025-07-13 03:19:15 UTC 55.1K followers, XXX engagements
"CVE-2025-6260 The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers either on the local area network or from" @CVEnew on X 2025-07-24 21:16:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7600 A vulnerability which was classified as critical was found in PHPGurukul Online Library Management System XXX. This affects an unknown part of the file /admin/student" @CVEnew on X 2025-07-14 11:53:09 UTC 55.1K followers, XXX engagements
"CVE-2025-44649 In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03 the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase X exposes i" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-2633 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvreUDecStrToNum that may result in information disclosure or arbitrary code executio" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2015-10138 The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server" @CVEnew on X 2025-07-19 11:40:50 UTC 55.1K followers, XXX engagements
"CVE-2025-6262 The video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to and including 0" @CVEnew on X 2025-07-24 09:47:41 UTC 55.1K followers, XXX engagements
"CVE-2025-52687 Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the paylo" @CVEnew on X 2025-07-16 07:44:42 UTC 55.1K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu" @CVEnew on X 2025-07-11 13:46:25 UTC 55.1K followers, XXX engagements
"CVE-2025-53472 WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploite" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-8031 The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects F" @CVEnew on X 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-20300 In Splunk Enterprise versions below 9.4.2 9.3.5 9.2.6 and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103 9.3.2408.112 and 9.2.2406.119 a low-privil" @CVEnew on X 2025-07-07 17:53:00 UTC 55K followers, XXX engagements
"CVE-2025-53643 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14 the Python parser is vulnerable to a request smuggling vulne" @CVEnew on X 2025-07-14 20:45:00 UTC 55.1K followers, XXX engagements
"CVE-2025-7723 A command injection vulnerability exists that can be exploited after authenticationin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P" @CVEnew on X 2025-07-22 21:35:28 UTC 55.1K followers, XXX engagements
"CVE-2025-30752 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java S" @CVEnew on X 2025-07-15 19:44:32 UTC 55.1K followers, XXX engagements
"CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7945 A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /go" @CVEnew on X 2025-07-21 23:52:56 UTC 55.1K followers, XXX engagements
"CVE-2025-47281 Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below a Denial of Service (DoS) vulnerability exists due to i" @CVEnew on X 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-41458 Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the apps filesyste" @CVEnew on X 2025-07-21 11:32:58 UTC 55K followers, XXX engagements
"CVE-2025-36603 Dell AppSync version(s) 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could p" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2025-27930 Zohocorp ManageEngine Applications Manager versions176600 and prior are vulnerable to stored cross-site scripting in theFile/Directory monitor" @CVEnew on X 2025-07-23 10:49:44 UTC 55.1K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert" @CVEnew on X 2025-07-11 13:46:17 UTC 55.1K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal" @CVEnew on X 2025-07-15 18:54:28 UTC 55K followers, 1204 engagements
"CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55.1K followers, XXX engagements
"CVE-2025-7953 A vulnerability which was classified as problematic has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publi" @CVEnew on X 2025-07-22 04:52:47 UTC 55.1K followers, XXX engagements
"CVE-2025-51082 Tenda AC8V4 V16.03.34.06 was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based" @CVEnew on X 2025-07-24 15:17:21 UTC 55.1K followers, XXX engagements
"CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-46993 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 16:19:19 UTC 55.1K followers, XXX engagements
"CVE-2025-38421 In the Linux kernel the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reaso" @CVEnew on X 2025-07-25 14:40:59 UTC 55.1K followers, XXX engagements
"CVE-2025-7949 A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-4822 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection.T" @CVEnew on X 2025-07-24 13:27:01 UTC 55.1K followers, XXX engagements
"CVE-2025-6187 The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2024-42648 NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message" @CVEnew on X 2025-07-14 16:51:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7601 A vulnerability has been found in PHPGurukul Online Library Management System XXX and classified as problematic. This vulnerability affects unknown code of the file /ad" @CVEnew on X 2025-07-14 12:32:04 UTC 55.1K followers, XXX engagements
"CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-54138 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS ve" @CVEnew on X 2025-07-22 21:52:36 UTC 55.1K followers, XXX engagements
"CVE-2025-53940 Quiet is an alternative to team chat apps like Slack Discord and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alp" @CVEnew on X 2025-07-24 22:41:17 UTC 55.1K followers, XXX engagements
"CVE-2025-26397 SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can" @CVEnew on X 2025-07-24 08:23:00 UTC 55.1K followers, XXX engagements
"CVE-2025-6213 The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.1.1 via the 'nppp_preload_cache_on_upd" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-47061 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 15:54:51 UTC 55.1K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-54379 LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1 there is a cri" @CVEnew on X 2025-07-24 22:41:16 UTC 55.1K followers, XXX engagements
"CVE-2017-20198 The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations attac" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-7685 The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or incorrect" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-8015 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields" @CVEnew on X 2025-07-22 15:17:59 UTC 55.1K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55.1K followers, XXX engagements
"CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-46686 Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks sent by an authenticated user. This occurs because the server allocates" @CVEnew on X 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7586 A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /gofor" @CVEnew on X 2025-07-14 08:23:41 UTC 55.1K followers, XXX engagements
"CVE-2025-7935 A vulnerability which was classified as critical was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLo" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7745 : Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2" @CVEnew on X 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-20323 In Splunk Enterprise versions below 9.4.3 9.3.5 9.2.7 and 9.1.10 a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the s" @CVEnew on X 2025-07-07 17:52:58 UTC 55K followers, XXX engagements
"CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-46099 In Pluck CMS 4.7.20-dev an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logi" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7394 In the OpenSSL compatibility layer implementation the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned fr" @CVEnew on X 2025-07-18 22:55:44 UTC 55.1K followers, XXX engagements
"CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede" @CVEnew on X 2025-07-21 18:54:50 UTC 55K followers, XXX engagements
"CVE-2025-7595 A vulnerability was found in code-projects Job Diary XXX. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manip" @CVEnew on X 2025-07-14 10:48:59 UTC 55.1K followers, XXX engagements
"CVE-2025-38438 In the Linux kernel the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata-tplg_filename can have ad" @CVEnew on X 2025-07-25 16:27:18 UTC 55.1K followers, XXX engagements
"CVE-2025-51655 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php" @CVEnew on X 2025-07-14 17:16:52 UTC 55.1K followers, XXX engagements
"CVE-2025-51088 Tenda AC8V4 V16.03.34.06 was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer" @CVEnew on X 2025-07-24 15:17:22 UTC 55.1K followers, XXX engagements
"CVE-2025-50127 A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-41683 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54033 Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elemen" @CVEnew on X 2025-07-16 10:48:49 UTC 55.1K followers, XXX engagements
"CVE-2025-46267 Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited the product's hidden debug function may be enabled by a remote attacker who can log in" @CVEnew on X 2025-07-22 09:47:56 UTC 55.1K followers, XXX engagements
"CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7437 The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions u" @CVEnew on X 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-50076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnera" @CVEnew on X 2025-07-15 19:44:27 UTC 55.1K followers, XXX engagements
"CVE-2025-24777 Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7" @CVEnew on X 2025-07-16 13:55:38 UTC 55.1K followers, XXX engagements
"CVE-2025-51869 Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id thread_id and mes" @CVEnew on X 2025-07-21 19:32:41 UTC 55K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55.1K followers, XXX engagements
"CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX and classified as critical. This issue affects the function updateGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-53639 MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or s" @CVEnew on X 2025-07-14 20:45:00 UTC 55.1K followers, XXX engagements
"CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: f" @CVEnew on X 2025-07-16 13:55:44 UTC 55.1K followers, XXX engagements
"CVE-2025-46410 A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo XXXX and dev master commit 8a895" @CVEnew on X 2025-07-24 15:38:20 UTC 55.1K followers, XXX engagements
"CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-25214 A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A series of specially craf" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-40597 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-5243 Unrestricted Upload of File with Dangerous Type Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Softwar" @CVEnew on X 2025-07-24 13:27:01 UTC 55.1K followers, XXX engagements
"CVE-2025-31953 HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties" @CVEnew on X 2025-07-24 20:55:03 UTC 55.1K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker" @CVEnew on X 2025-07-11 13:46:16 UTC 55.1K followers, XXX engagements
"CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users ar" @CVEnew on X 2025-07-21 09:51:09 UTC 55.1K followers, 1740 engagements
"CVE-2025-7001 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed priviled" @CVEnew on X 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-30748 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60" @CVEnew on X 2025-07-15 19:44:33 UTC 55K followers, XXX engagements
"CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the componen" @CVEnew on X 2025-07-20 09:51:51 UTC 55K followers, XXX engagements
"CVE-2025-54020 Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form X allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7:" @CVEnew on X 2025-07-16 10:48:51 UTC 55.1K followers, XXX engagements
"CVE-2015-10140 The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions allowing any authenticated users such as subscriber to upload and" @CVEnew on X 2025-07-22 13:56:12 UTC 55.1K followers, XXX engagements
"CVE-2025-41240 Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-4976 An issue has been discovered in GitLab EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under certain circumstances" @CVEnew on X 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-53528 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below the version parameter of the "/docs" endpo" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker" @CVEnew on X 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec" @CVEnew on X 2025-07-11 13:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-50106 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are" @CVEnew on X 2025-07-15 19:44:20 UTC 55.1K followers, XXX engagements
"CVE-2025-54443 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-50068 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:29 UTC 55.1K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file" @CVEnew on X 2025-07-21 23:16:27 UTC 55K followers, XXX engagements
"CVE-2025-51089 Tenda AC8V4 V16.03.34.06 was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument mac leads to heap-based buffer ov" @CVEnew on X 2025-07-24 15:17:22 UTC 55.1K followers, XXX engagements
"CVE-2025-7371 Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to th" @CVEnew on X 2025-07-22 15:58:10 UTC 55.1K followers, XXX engagements
"CVE-2025-54071 RomM (ROM Manager) allows users to scan enrich browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below an" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-34110 A directory traversal vulnerability exists in ColoradoFTP Server XXX Build X for Windows allowing unauthenticated attackers to read or write arbitrary files outsid" @CVEnew on X 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-54451 Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO X Server allows Code Injection.This issue affects MagicINFO 9" @CVEnew on X 2025-07-23 06:24:30 UTC 55.1K followers, XXX engagements
"CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7932 A vulnerability classified as critical has been found in D-Link DIR817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation l" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55.1K followers, XXX engagements
"CVE-2015-10137 The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' func" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-38352 In the Linux kernel the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exi" @CVEnew on X 2025-07-22 08:52:59 UTC 55.1K followers, XXX engagements
"CVE-2015-10136 The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before XXX via the 'fileid' parameter. This allows unauthenticated attacker" @CVEnew on X 2025-07-19 09:51:16 UTC 55K followers, XXX engagements
"CVE-2025-24936 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network st" @CVEnew on X 2025-07-21 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-0664 A locally authenticated privileged user can craft a malicious OpenSSL configuration file potentially leading the agent to load an arbitrary local library. This may im" @CVEnew on X 2025-07-21 07:49:22 UTC 55.1K followers, XXX engagements
"CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4" @CVEnew on X 2025-07-15 19:44:25 UTC 55.1K followers, XXX engagements
"CVE-2025-45702 SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext" @CVEnew on X 2025-07-24 16:51:07 UTC 55.1K followers, XXX engagements
"CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive inf" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:23 UTC 55.1K followers, XXX engagements
"CVE-2025-4784 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtell" @CVEnew on X 2025-07-24 13:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-8069 During the AWS Client VPN client installation on Windows devices the install process references the C:usrlocalwindows-x86_64-openssl-localbuildssl directory locati" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-44652 In Netgear RAX30 V1.0.10.94_3 the USERLIMIT_GLOBAL option is set to X in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7899 The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download ofarbitraryfiles from the webserver. This issue affects powermail vers" @CVEnew on X 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-50481 A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via i" @CVEnew on X 2025-07-23 16:28:38 UTC 55.1K followers, XXX engagements
"CVE-2025-4968 The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element Hover" @CVEnew on X 2025-07-24 04:09:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7591 A vulnerability which was classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. Affected is an unknown function of the file view-invoi" @CVEnew on X 2025-07-14 09:50:05 UTC 55.1K followers, XXX engagements
"CVE-2025-5240 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the type parameter in all versions up to and including 2" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-44109 A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages" @CVEnew on X 2025-07-23 19:32:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-30477 Dell PowerScale OneFS versions prior to 9.11.0.0 contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote a" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-50105 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected a" @CVEnew on X 2025-07-15 19:44:20 UTC 55.1K followers, XXX engagements
"CVE-2025-54446 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:29 UTC 55.1K followers, XXX engagements
"CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by" @CVEnew on X 2025-07-11 13:46:17 UTC 55.1K followers, XXX engagements
"CVE-2025-44653 In H3C GR2200 MiniGR1A0V100R016 the USERLIMIT_GLOBAL option is set to X in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-22165 This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerab" @CVEnew on X 2025-07-24 22:41:16 UTC 55.1K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe" @CVEnew on X 2025-07-11 13:46:16 UTC 55.1K followers, XXX engagements
"CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7819 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been classified as problematic. This affects an unknown part of the file /creat" @CVEnew on X 2025-07-19 13:07:49 UTC 55.1K followers, XXX engagements
"CVE-2025-53824 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 22:55:21 UTC 55K followers, XXX engagements
"CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-7645 The Extensions For CF7 (Contact form X Database Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient f" @CVEnew on X 2025-07-22 06:55:35 UTC 55.1K followers, XXX engagements
"CVE-2025-51463 Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitt" @CVEnew on X 2025-07-22 15:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-32429 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through" @CVEnew on X 2025-07-24 22:41:17 UTC 55.1K followers, XXX engagements
"CVE-2025-50100 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and" @CVEnew on X 2025-07-15 19:44:21 UTC 55.1K followers, XXX engagements
"CVE-2022-4979 A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) XXX - XXXX and CMS XXX - XXX Update-6 that may allow authenticated Sitecore Shell" @CVEnew on X 2025-07-25 16:27:07 UTC 55.1K followers, XX engagements
"CVE-2025-7900 The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1" @CVEnew on X 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below the NodeJS version of HAX CMS uses an ins" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-52081 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 15:54:35 UTC 55.1K followers, XXX engagements
"CVE-2025-36846 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vuln" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-51398 A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTM" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:26 UTC 55.1K followers, XXX engagements
"CVE-2025-5042 A maliciously crafted RFA file when parsed through Autodesk Revit can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to" @CVEnew on X 2025-07-22 16:52:59 UTC 55.1K followers, XXX engagements
"CVE-2025-33076 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-33020 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensi" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-51401 A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML vi" @CVEnew on X 2025-07-21 19:15:55 UTC 55.1K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent" @CVEnew on X 2025-07-11 13:46:17 UTC 55.1K followers, XXX engagements
"CVE-2025-51482 Remote Code Execution in in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code" @CVEnew on X 2025-07-22 17:18:09 UTC 55.1K followers, XXX engagements
"CVE-2025-50107 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12" @CVEnew on X 2025-07-15 19:44:20 UTC 55.1K followers, XXX engagements
"CVE-2025-6998 ReDoS in strip_whitespaces() function in cps/string_helper.py in janeczku Calibre Web 0.6.24 (Nicolette) allows unauthenticated remote attackers to cause denial of serv" @CVEnew on X 2025-07-24 19:51:47 UTC 55.1K followers, XXX engagements
"CVE-2025-38418 In the Linux kernel the following vulnerability has been resolved: remoteproc: core: Release rproc-clean_table after rproc_attach() fails When rproc-state = RPRO" @CVEnew on X 2025-07-25 14:41:00 UTC 55.1K followers, XXX engagements
"CVE-2025-54082 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0 a vulnerability was discovered in the marshmallow-packages/no" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-38360 In the Linux kernel the following vulnerability has been resolved: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees WHY For non-zero DSC instances" @CVEnew on X 2025-07-25 13:14:27 UTC 55.1K followers, XXX engagements
"CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-50094 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42 8.4.5 and 9.3.0. Easily exploit" @CVEnew on X 2025-07-15 19:44:23 UTC 55.1K followers, XXX engagements
"CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-8009 The Security Ninja WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including XXXXX via the" @CVEnew on X 2025-07-24 07:44:44 UTC 55.1K followers, XXX engagements
"CVE-2025-51400 A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-49831 An attacker of Secrets Manager Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentica" @CVEnew on X 2025-07-15 20:45:15 UTC 55.1K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f" @CVEnew on X 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-40596 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-4395 Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password which allows an attacker with physical access to log in with no password and ac" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below the HAX CMS NodeJS application crashes when an aut" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-36005 IBM MQ Operator LTS 2.0.0 through 2.0.29 MQ Operator CD 3.0.0 3.0.1 3.1.0 through 3.1.3 3.3.0 3.4.0 3.4.1 3.5.0 3.5.1 3.6.0 and MQ Operator SC2 3.2.0 throug" @CVEnew on X 2025-07-24 15:17:21 UTC 55.1K followers, XXX engagements
"CVE-2025-50128 A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A speci" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-53032 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vu" @CVEnew on X 2025-07-15 19:44:17 UTC 55.1K followers, XXX engagements
"CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7946 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been rated as problematic. This issue affects some unknown processing of the fi" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-38362 In the Linux kernel the following vulnerability has been resolved: drm/amd/display: Add null pointer check for get_first_active_display() The function mod_hdcp_hdc" @CVEnew on X 2025-07-25 13:14:26 UTC 55.1K followers, XXX engagements
"CVE-2025-33013 IBM MQ Operator LTS 2.0.0 through 2.0.29 MQ Operator CD 3.0.0 3.0.1 3.1.0 through 3.1.3 3.3.0 3.4.0 3.4.1 3.5.0 3.5.1 3.6.0 and MQ Operator SC2 3.2.0 throug" @CVEnew on X 2025-07-24 15:17:21 UTC 55.1K followers, XXX engagements
"CVE-2025-53889 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0 Directus Flows with a manual" @CVEnew on X 2025-07-15 01:16:30 UTC 55.1K followers, XXX engagements
"CVE-2025-7524 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstec" @CVEnew on X 2025-07-13 09:42:45 UTC 55.1K followers, XXX engagements
"CVE-2025-30753 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:32 UTC 55K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-8021 All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the int" @CVEnew on X 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with" @CVEnew on X 2025-07-11 13:46:16 UTC 55.1K followers, XXX engagements
"CVE-2025-8058 The regcomp function in the GNU C library version from XXX to XXXX is subject to a double free if some previous allocation fails. It can be accomplished either by a m" @CVEnew on X 2025-07-23 20:18:30 UTC 55.1K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-40598 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface allowing a remote unauthenticated attacker to potentially execute arbi" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-33077 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52378 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is exec" @CVEnew on X 2025-07-15 14:41:02 UTC 55.1K followers, XXX engagements
"CVE-2025-51403 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web s" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-7724 An unauthenticated OS command injection vulnerability existsin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build" @CVEnew on X 2025-07-22 21:35:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7589 A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. This vulnerability affects unknown code of the file edit-company.p" @CVEnew on X 2025-07-14 08:55:09 UTC 55.1K followers, XXX engagements
"CVE-2025-41684 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements