[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@CVEnew Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::821806287461740544.png) @CVEnew CVE

CVE posts on X about plugin, $2395tw, ibm, core the most. They currently have XXXXXX followers and XXX posts still getting attention that total XXXXXX engagements in the last XX hours.

### Engagements: XXXXXX [#](/creator/twitter::821806287461740544/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:interactions.svg)

- X Week XXXXXXX +29%
- X Month XXXXXXX -XX%
- X Months XXXXXXXXX +67%
- X Year XXXXXXXXX -XX%

### Mentions: XXX [#](/creator/twitter::821806287461740544/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:posts_active.svg)

- X Week XXX +11%
- X Month XXXXX -XX%
- X Months XXXXXX +83%
- X Year XXXXXX +13%

### Followers: XXXXXX [#](/creator/twitter::821806287461740544/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:followers.svg)

- X Week XXXXXX +0.20%
- X Month XXXXXX +0.26%
- X Months XXXXXX +2.40%
- X Year XXXXXX +4%

### CreatorRank: XXXXXXX [#](/creator/twitter::821806287461740544/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[stocks](/list/stocks)  XXXX% [technology brands](/list/technology-brands)  XXXX% [finance](/list/finance)  XXXX% [social networks](/list/social-networks)  XXXX%

**Social topic influence**
[plugin](/topic/plugin) #52, [$2395tw](/topic/$2395tw) 1.02%, [ibm](/topic/ibm) #87, [core](/topic/core) 0.57%, [linksys](/topic/linksys) #6, [files](/topic/files) #818, [virtual](/topic/virtual) #1769, [command](/topic/command) #899, [ai](/topic/ai) 0.34%, [products](/topic/products) XXXX%

**Top accounts mentioned or mentioned by**
[@cveannounce](/creator/undefined) [@tiptapextensionlink](/creator/undefined) [@chaeynz_](/creator/undefined) [@kundu_vinit](/creator/undefined) [@sudosu01](/creator/undefined)

**Top assets mentioned**
[IBM (IBM)](/topic/ibm) [Dell Technologies, Inc. (DELL)](/topic/dell) [Intercorp Financial Services Inc. (IFS)](/topic/$ifs) [QUALCOMM, Inc. (QCOM)](/topic/$qcom) [Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts
Top posts by engagements in the last XX hours

"CVE-2025-64527 Envoy is a high-performance edge/middle/service proxy. In 1.33.12 1.34.10 1.35.6 1.36.2 and earlier Envoy crashes when JWT authentication is configured with the"  
[X Link](https://x.com/CVEnew/status/1996284707353313499)  2025-12-03T18:25Z 55.9K followers, XXX engagements


"CVE-2025-12782 The Beaver Builder WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 2.9.4. This is due to the"  
[X Link](https://x.com/CVEnew/status/1996473230257684938)  2025-12-04T06:54Z 55.9K followers, XXX engagements


"CVE-2025-40239 In the Linux kernel the following vulnerability has been resolved: net: phy: micrel: always set shared-phydev for LAN8814 Currently during the LAN8814 PTP probe"  
[X Link](https://x.com/CVEnew/status/1996607073430482973)  2025-12-04T15:46Z 55.9K followers, XXX engagements


"CVE-2025-13373 Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests which could allow an attacker to inject SQL commands"  
[X Link](https://x.com/CVEnew/status/1996720172002893942)  2025-12-04T23:16Z 55.9K followers, XXX engagements


"CVE-2025-12355 The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX"  
[X Link](https://x.com/CVEnew/status/1996841692339806473)  2025-12-05T07:18Z 55.9K followers, XXX engagements


"CVE-2025-59775 Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes Onand MergeSlashes Off allows to potentially leak NT"  
[X Link](https://x.com/CVEnew/status/1996893839995359484)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-55753 An integer overflow in the case of failed ACME certificate renewal leads after a number of failures (30 days in default configurations) to the backoff timer becomi"  
[X Link](https://x.com/CVEnew/status/1996893840955879935)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-13682 The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 1.0.0 due to insufficient"  
[X Link](https://x.com/CVEnew/status/1996893841849233833)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-13614 The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to and including"  
[X Link](https://x.com/CVEnew/status/1996893842692292933)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-13678 The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including XXX. T"  
[X Link](https://x.com/CVEnew/status/1996893843589906734)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-12876 The Projectopia WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_de"  
[X Link](https://x.com/CVEnew/status/1996893844453970289)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-12879 The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce v"  
[X Link](https://x.com/CVEnew/status/1996893845309555162)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-13739 The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to and including 4.0.4 due to in"  
[X Link](https://x.com/CVEnew/status/1996893846160953770)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-12851 The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 3.6.32 via the 'controller' parameter. This m"  
[X Link](https://x.com/CVEnew/status/1996893847016657014)  2025-12-05T10:46Z 55.9K followers, XXX engagements


"CVE-2025-66200 mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause s"  
[X Link](https://x.com/CVEnew/status/1996905325702873272)  2025-12-05T11:31Z 55.9K followers, XXX engagements


"CVE-2025-6966 NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a craf"  
[X Link](https://x.com/CVEnew/status/1996930387247821065)  2025-12-05T13:11Z 55.9K followers, XXX engagements


"CVE-2025-13654 A stack buffer overflow vulnerability exists in the buffer_get function of duc a disk management tool where a condition can evaluate to true due to underflow allow"  
[X Link](https://x.com/CVEnew/status/1996930388296417710)  2025-12-05T13:11Z 55.9K followers, XXX engagements


"CVE-2025-14090 A security flaw has been discovered in AMTT Hotel Broadband Operation System XXX. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing"  
[X Link](https://x.com/CVEnew/status/1996969012572410016)  2025-12-05T15:44Z 55.9K followers, XXX engagements


"CVE-2025-14089 A vulnerability was identified in Himool ERP up to XXX. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component"  
[X Link](https://x.com/CVEnew/status/1996969013608349834)  2025-12-05T15:44Z 55.9K followers, XXX engagements


"CVE-2025-64054 A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary com"  
[X Link](https://x.com/CVEnew/status/1996969015558717801)  2025-12-05T15:44Z 55.9K followers, XXX engagements


"CVE-2025-65730 Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18 fixed in 0.62.19 uses a hardcoded secret for signing JWT tokens used for authentication"  
[X Link](https://x.com/CVEnew/status/1996969017701974270)  2025-12-05T15:44Z 55.9K followers, XXX engagements


"CVE-2025-64053 A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POS"  
[X Link](https://x.com/CVEnew/status/1996971503653400629)  2025-12-05T15:54Z 55.9K followers, XXX engagements


"CVE-2025-14091 A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /p"  
[X Link](https://x.com/CVEnew/status/1996980173552734416)  2025-12-05T16:29Z 55.9K followers, XXX engagements


"CVE-2025-65879 Warehouse Management System XXX contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg pa"  
[X Link](https://x.com/CVEnew/status/1996980174571921632)  2025-12-05T16:29Z 55.9K followers, XXX engagements


"CVE-2025-65897 zdh_web is a data collection processing monitoring scheduling and management platform. In zdh_web thru 5.6.17 insufficient validation of file upload paths in the"  
[X Link](https://x.com/CVEnew/status/1996980175570194896)  2025-12-05T16:29Z 55.9K followers, XXX engagements


"CVE-2025-66511 Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3 the Calendar app generates participant tokens for meeting proposals using a hash function allowin"  
[X Link](https://x.com/CVEnew/status/1996985615179452456)  2025-12-05T16:50Z 55.9K followers, XXX engagements


"CVE-2025-14093 A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of t"  
[X Link](https://x.com/CVEnew/status/1996985619973619887)  2025-12-05T16:50Z 55.9K followers, XXX engagements


"CVE-2025-65878 The warehouse management system version XXX contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path"  
[X Link](https://x.com/CVEnew/status/1996985625019404713)  2025-12-05T16:50Z 55.9K followers, XXX engagements


"CVE-2025-66546 Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19 5.5.6 and 6.0.1 the calendar app allowed blindly booking appointments with a squential ID witho"  
[X Link](https://x.com/CVEnew/status/1996994593099841995)  2025-12-05T17:26Z 55.9K followers, XXX engagements


"CVE-2020-36876 ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro) 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 and 2.0.1.823 allows unauthenticated attackers to disc"  
[X Link](https://x.com/CVEnew/status/1996997028086493226)  2025-12-05T17:36Z 55.9K followers, XXX engagements


"CVE-2025-66513 Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9 0.9.6 and 1.0.1 the information which table (numeric ID) is shared wi"  
[X Link](https://x.com/CVEnew/status/1996997029260939382)  2025-12-05T17:36Z 55.9K followers, XXX engagements


"CVE-2025-14094 A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument"  
[X Link](https://x.com/CVEnew/status/1996997030296932690)  2025-12-05T17:36Z 55.9K followers, XXX engagements


"CVE-2025-66557 Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2"  
[X Link](https://x.com/CVEnew/status/1997000966613135488)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34256 Advantech WISE-DeviceOn Server versions prior to 5.4contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIR"  
[X Link](https://x.com/CVEnew/status/1997000970446811282)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34265 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authentic"  
[X Link](https://x.com/CVEnew/status/1997000971432399137)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2020-36879 Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services enabling remote code execution during startup or re"  
[X Link](https://x.com/CVEnew/status/1997000973395321110)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34263 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint"  
[X Link](https://x.com/CVEnew/status/1997000974351643106)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34266 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. Whe"  
[X Link](https://x.com/CVEnew/status/1997000976255918220)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34264 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenti"  
[X Link](https://x.com/CVEnew/status/1997000977249865757)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34262 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/agent_id endpoint. When a"  
[X Link](https://x.com/CVEnew/status/1997000978181099561)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34258 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authent"  
[X Link](https://x.com/CVEnew/status/1997000980026556524)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34259 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an aut"  
[X Link](https://x.com/CVEnew/status/1997000981007987049)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34261 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenti"  
[X Link](https://x.com/CVEnew/status/1997000982299812227)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34260 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authen"  
[X Link](https://x.com/CVEnew/status/1997000983226748979)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-34257 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an authent"  
[X Link](https://x.com/CVEnew/status/1997000984099201504)  2025-12-05T17:51Z 55.9K followers, XXX engagements


"CVE-2025-66556 Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2 a participant with chat permissions was able to delete poll drafts of ot"  
[X Link](https://x.com/CVEnew/status/1997009581000864197)  2025-12-05T18:26Z 55.9K followers, XXX engagements


"CVE-2025-66554 Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4 6.0.6 and 7.2.5 a malicious user was a"  
[X Link](https://x.com/CVEnew/status/1997009581965562136)  2025-12-05T18:26Z 55.9K followers, XXX engagements


"CVE-2025-66549 Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5 when trying to manually lock a file inside an end-to-end encrypted directory the path of"  
[X Link](https://x.com/CVEnew/status/1997009583244800171)  2025-12-05T18:26Z 55.9K followers, XXX engagements


"CVE-2025-66577 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0 a vulnerability allows attacker-controlled HTTP headers to influenc"  
[X Link](https://x.com/CVEnew/status/1997016160785584165)  2025-12-05T18:52Z 55.9K followers, XXX engagements


"CVE-2025-66570 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0 a vulnerability allows attacker-controlled HTTP headers to influenc"  
[X Link](https://x.com/CVEnew/status/1997016161792217547)  2025-12-05T18:52Z 55.9K followers, XXX engagements


"CVE-2025-66566 yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlie"  
[X Link](https://x.com/CVEnew/status/1997016162752729581)  2025-12-05T18:52Z 55.9K followers, XXX engagements


"CVE-2025-66562 TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4 a critical Remote Code Execution (RCE) vulnerability exists in Tuui due t"  
[X Link](https://x.com/CVEnew/status/1997016164057121138)  2025-12-05T18:52Z 55.9K followers, XXX engagements


"CVE-2025-66558 Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1 a missing ownership check allowed an attack to take-away a 2"  
[X Link](https://x.com/CVEnew/status/1997016164988314013)  2025-12-05T18:52Z 55.9K followers, XXX engagements


"CVE-2025-46603 Dell CloudBoost Virtual Appliance versions 19.13.0.0 and prior contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticat"  
[X Link](https://x.com/CVEnew/status/1997021626089566362)  2025-12-05T19:13Z 55.9K followers, XXX engagements


"CVE-2025-66624 BACnet Protocol Stack library provides a BACnet application layer network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2 The npdu_is"  
[X Link](https://x.com/CVEnew/status/1997021627473662154)  2025-12-05T19:13Z 55.9K followers, 4991 engagements


"CVE-2025-66623 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1 in some situat"  
[X Link](https://x.com/CVEnew/status/1997021628421562716)  2025-12-05T19:13Z 55.9K followers, XXX engagements


"CVE-2025-66581 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0 a flaw in the server-side authorization logic"  
[X Link](https://x.com/CVEnew/status/1997021629419782299)  2025-12-05T19:13Z 55.9K followers, XXX engagements


"CVE-2025-66644 Array Networks ArrayOS AG before 9.4.5.9 allows command injection as exploited in the wild in August through December 2025"  
[X Link](https://x.com/CVEnew/status/1997021630321557510)  2025-12-05T19:13Z 55.9K followers, XXX engagements


"CVE-2025-14105 A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web I"  
[X Link](https://x.com/CVEnew/status/1997056503748952565)  2025-12-05T21:32Z 55.9K followers, XXX engagements


"CVE-2022-50595 Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication"  
[X Link](https://x.com/CVEnew/status/1986528448693871078)  2025-11-06T20:17Z 55.9K followers, XXX engagements


"CVE-2022-50591 Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication"  
[X Link](https://x.com/CVEnew/status/1986528449776001397)  2025-11-06T20:17Z 55.9K followers, XXX engagements


"CVE-2022-50593 Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication"  
[X Link](https://x.com/CVEnew/status/1986528450837098963)  2025-11-06T20:17Z 55.9K followers, XXX engagements


"CVE-2022-50592 Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication"  
[X Link](https://x.com/CVEnew/status/1986528451705381255)  2025-11-06T20:17Z 55.9K followers, XXX engagements


"CVE-2022-50594 Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication"  
[X Link](https://x.com/CVEnew/status/1986528452619677828)  2025-11-06T20:17Z 55.9K followers, XXX engagements


"CVE-2025-63291 When processing API requests the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Al"  
[X Link](https://x.com/CVEnew/status/1989441995685925066)  2025-11-14T21:15Z 55.9K followers, XXX engagements


"CVE-2025-66032 Claude Code is an agentic coding tool. Prior to 1.0.93 Due to errors in parsing shell commands related to $IFS and short CLI flags it was possible to bypass the Cla"  
[X Link](https://x.com/CVEnew/status/1996284703733633507)  2025-12-03T18:25Z 55.9K followers, XXX engagements


"CVE-2025-64763 Envoy is a high-performance edge/middle/service proxy. In 1.33.12 1.34.10 1.35.6 1.36.2 and earlier when Envoy is configured in TCP proxy mode to handle CONNECT"  
[X Link](https://x.com/CVEnew/status/1996284706485141839)  2025-12-03T18:25Z 55.9K followers, XXX engagements


"CVE-2025-66220 Envoy is a high-performance edge/middle/service proxy. In 1.33.12 1.34.10 1.35.6 1.36.2 and earlier Envoys mTLS certificate matcher for match_typed_subject_alt_"  
[X Link](https://x.com/CVEnew/status/1996291985838145566)  2025-12-03T18:54Z 55.9K followers, XXX engagements


"CVE-2025-53963 An issue was discovered on Thermo Fisher Ion Torrent OneTouch X INS1005527 devices. They run an SSH server accessible over the default port XX. The root account has a"  
[X Link](https://x.com/CVEnew/status/1996600330126078337)  2025-12-04T15:19Z 55.9K followers, XXX engagements


"CVE-2025-54303 The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials which are stored as fixtures for the Django ORM API. The ionadmin user account"  
[X Link](https://x.com/CVEnew/status/1996600331010978132)  2025-12-04T15:19Z 55.9K followers, XXX engagements


"CVE-2025-54305 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application LocalhostAuthMiddleware au"  
[X Link](https://x.com/CVEnew/status/1996600332835545513)  2025-12-04T15:19Z 55.9K followers, XXX engagements


"CVE-2025-14133 A vulnerability was found in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulne"  
[X Link](https://x.com/CVEnew/status/1997257376605311173)  2025-12-06T10:50Z 55.9K followers, XXX engagements


"CVE-2025-14135 A vulnerability was identified in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the"  
[X Link](https://x.com/CVEnew/status/1997272458651693334)  2025-12-06T11:50Z 55.9K followers, XXX engagements


"CVE-2025-14136 A security flaw has been discovered in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnera"  
[X Link](https://x.com/CVEnew/status/1997299357155274881)  2025-12-06T13:37Z 55.9K followers, XXX engagements


"CVE-2025-14204 A vulnerability has been found in TykoDev cherry-studio-TykoFork XXX. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authoriza"  
[X Link](https://x.com/CVEnew/status/1997811170632208736)  2025-12-07T23:31Z 55.9K followers, XXX engagements


"CVE-2025-14205 A vulnerability was found in code-projects Chamber of Commerce Membership Management System XXX. Impacted is an unknown function of the file /membership_profile.php o"  
[X Link](https://x.com/CVEnew/status/1997813798229454865)  2025-12-07T23:41Z 55.9K followers, XXX engagements


"CVE-2025-65267 In ERPNext v15.83.2 and Frappe Framework v15.86.0 improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload execu"  
[X Link](https://x.com/CVEnew/status/1996239832037949747)  2025-12-03T15:27Z 56K followers, XXX engagements


"CVE-2023-53819 In the Linux kernel the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_"  
[X Link](https://x.com/CVEnew/status/1998198609427181624)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2025-66271 Clone for Windows provided by ELECOM CO.LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the sy"  
[X Link](https://x.com/CVEnew/status/1998355338727498064)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2023-53801 In the Linux kernel the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain the driver would"  
[X Link](https://x.com/CVEnew/status/1998355410001318011)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-62408 c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer() wh"  
[X Link](https://x.com/CVEnew/status/1998160043821166733)  2025-12-08T22:37Z 56K followers, XXX engagements


"CVE-2025-66481 DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized M"  
[X Link](https://x.com/CVEnew/status/1998198606600245302)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2025-40941 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected devices exposes server information in its responses. This could allow an"  
[X Link](https://x.com/CVEnew/status/1998355313762955398)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40939 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This"  
[X Link](https://x.com/CVEnew/status/1998355316245991716)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40830 A vulnerability has been identified in SINEC Security Monitor (All versions V4.10.0). The affected application does not have proper authorization checks for the fil"  
[X Link](https://x.com/CVEnew/status/1998355322029908185)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40820 Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthentic"  
[X Link](https://x.com/CVEnew/status/1998355323002982780)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40818 A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that a"  
[X Link](https://x.com/CVEnew/status/1998355325100195868)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40801 A vulnerability has been identified in COMOS V10.6 (All versions) COMOS V10.6 (All versions) JT Bi-Directional Translator for STEP (All versions) NX V2412 (All ver"  
[X Link](https://x.com/CVEnew/status/1998355328296263875)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56840 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). Under certain conditions IPsec may allow code injection in the affected devi"  
[X Link](https://x.com/CVEnew/status/1998355330368176185)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56839 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual"  
[X Link](https://x.com/CVEnew/status/1998355331437715735)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-41693 A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced"  
[X Link](https://x.com/CVEnew/status/1998355340925259965)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-14307 An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create"  
[X Link](https://x.com/CVEnew/status/1998355359946490288)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13428 A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (R"  
[X Link](https://x.com/CVEnew/status/1998355362035220933)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40344 In the Linux kernel the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles th"  
[X Link](https://x.com/CVEnew/status/1998355368234348590)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40342 In the Linux kernel the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the rem"  
[X Link](https://x.com/CVEnew/status/1998355370348257761)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40341 In the Linux kernel the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_l"  
[X Link](https://x.com/CVEnew/status/1998355371384250815)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40339 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv-prt_va the bo of thi"  
[X Link](https://x.com/CVEnew/status/1998355373540114497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40337 In the Linux kernel the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously"  
[X Link](https://x.com/CVEnew/status/1998355375612158402)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40336 In the Linux kernel the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially cover"  
[X Link](https://x.com/CVEnew/status/1998355376677515474)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40335 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args and rej"  
[X Link](https://x.com/CVEnew/status/1998355377629585823)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40334 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object"  
[X Link](https://x.com/CVEnew/status/1998355378703331740)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40333 In the Linux kernel the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data and look u"  
[X Link](https://x.com/CVEnew/status/1998355379689046395)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40332 In the Linux kernel the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fau"  
[X Link](https://x.com/CVEnew/status/1998355380741746833)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40330 In the Linux kernel the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops"  
[X Link](https://x.com/CVEnew/status/1998355382746693975)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-67487 Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which ca"  
[X Link](https://x.com/CVEnew/status/1998355386714525999)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-67504 WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptogr"  
[X Link](https://x.com/CVEnew/status/1998355387658260871)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50662 In the Linux kernel the following vulnerability has been resolved: RDMA/hns: fix memory leak in hns_roce_alloc_mr() When hns_roce_mr_enable() failed in hns_roce_al"  
[X Link](https://x.com/CVEnew/status/1998355390648783179)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50658 In the Linux kernel the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect"  
[X Link](https://x.com/CVEnew/status/1998355394725556392)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50657 In the Linux kernel the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasan_init Hi Atish It seems that the panic is due to the mis"  
[X Link](https://x.com/CVEnew/status/1998355395681914970)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53820 In the Linux kernel the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info() lo-lo"  
[X Link](https://x.com/CVEnew/status/1998355397749747965)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14285 A vulnerability was found in code-projects Employee Profile Management System XXX. Affected is an unknown function of the file edit_personnel.php. The manipulation of"  
[X Link](https://x.com/CVEnew/status/1998355398840209497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53811 In the Linux kernel the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + X The irdma driver can use a maximum number of msix v"  
[X Link](https://x.com/CVEnew/status/1998355399871991817)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53810 In the Linux kernel the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key"  
[X Link](https://x.com/CVEnew/status/1998355400937316497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53809 In the Linux kernel the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() When a file descriptor of pppo"  
[X Link](https://x.com/CVEnew/status/1998355402015342908)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53805 In the Linux kernel the following vulnerability has been resolved: tty: n_gsm: fix UAF in gsm_cleanup_mux In gsm_cleanup_mux() the 'gsm-dlci' pointer was not clea"  
[X Link](https://x.com/CVEnew/status/1998355405999927383)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53800 In the Linux kernel the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported"  
[X Link](https://x.com/CVEnew/status/1998355411288961096)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53795 In the Linux kernel the following vulnerability has been resolved: iommufd: IOMMUFD_DESTROY should not increase the refcount syzkaller found a race where IOMMUFD_D"  
[X Link](https://x.com/CVEnew/status/1998355416468901942)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-54306 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functi"  
[X Link](https://x.com/CVEnew/status/1996600333754151113)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-54307 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bund"  
[X Link](https://x.com/CVEnew/status/1996600334672679361)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-14224 A vulnerability was found in Yottamaster DM2 DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Pe"  
[X Link](https://x.com/CVEnew/status/1997974350281191500)  2025-12-08T10:19Z 56K followers, XXX engagements


"CVE-2025-66490 Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2 requests using PathPrefix Path or PathRegex matchers can"  
[X Link](https://x.com/CVEnew/status/1998198605614661718)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2024-56838 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). The SCEP client available in the affected device for secure certificate enrol"  
[X Link](https://x.com/CVEnew/status/1998355332524122531)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-41694 A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data resulting i"  
[X Link](https://x.com/CVEnew/status/1998355342997217625)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-41695 An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device"  
[X Link](https://x.com/CVEnew/status/1998355346226811062)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-66631 CSLA .NET is a framework designed for the development of reusable object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProx"  
[X Link](https://x.com/CVEnew/status/1998355388656455977)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-66533 Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through ="  
[X Link](https://x.com/CVEnew/status/1998418815953072249)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-55182 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0 19.1.0 19.1.1 and 19.2.0 including the following package"  
[X Link](https://x.com/CVEnew/status/1996247470494626001)  2025-12-03T15:57Z 56K followers, 18.3K engagements


"CVE-2025-14134 A vulnerability was determined in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this"  
[X Link](https://x.com/CVEnew/status/1997266767836795391)  2025-12-06T11:27Z 56K followers, XXX engagements


"CVE-2025-36102 IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation passing user input into t"  
[X Link](https://x.com/CVEnew/status/1998148860217000038)  2025-12-08T21:53Z 56K followers, XXX engagements


"CVE-2025-64650 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files"  
[X Link](https://x.com/CVEnew/status/1998154708096020880)  2025-12-08T22:16Z 56K followers, XXX engagements


"CVE-2025-64497 Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Ent"  
[X Link](https://x.com/CVEnew/status/1998163811912855775)  2025-12-08T22:52Z 56K followers, XXX engagements


"CVE-2025-64760 Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and"  
[X Link](https://x.com/CVEnew/status/1998174133062889769)  2025-12-08T23:33Z 56K followers, XXX engagements


"CVE-2023-53854 In the Linux kernel the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fix use-after-free in driver remove path When devm runs function in the"  
[X Link](https://x.com/CVEnew/status/1998225362833297816)  2025-12-09T02:57Z 56K followers, XXX engagements


"CVE-2025-40806 A vulnerability has been identified in Gridscale X Prepay (All versions V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable r"  
[X Link](https://x.com/CVEnew/status/1998355327272837568)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40329 In the Linux kernel the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed"  
[X Link](https://x.com/CVEnew/status/1998355383732392429)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50659 In the Linux kernel the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device("  
[X Link](https://x.com/CVEnew/status/1998355393618354659)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53808 In the Linux kernel the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Always free the zeroed page on return"  
[X Link](https://x.com/CVEnew/status/1998355403017789886)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53803 In the Linux kernel the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-o"  
[X Link](https://x.com/CVEnew/status/1998355407958606134)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53802 In the Linux kernel the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stat"  
[X Link](https://x.com/CVEnew/status/1998355408923357475)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53798 In the Linux kernel the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when se"  
[X Link](https://x.com/CVEnew/status/1998355413369287068)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53797 In the Linux kernel the following vulnerability has been resolved: HID: wacom: Use ktime_t rather than int when dealing with timestamps Code which interacts with t"  
[X Link](https://x.com/CVEnew/status/1998355414405329003)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53796 In the Linux kernel the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to"  
[X Link](https://x.com/CVEnew/status/1998355415407755716)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14345 A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under"  
[X Link](https://x.com/CVEnew/status/1998418818310254675)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63076 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows"  
[X Link](https://x.com/CVEnew/status/1998418821816762663)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63073 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects"  
[X Link](https://x.com/CVEnew/status/1998418825222524933)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63052 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored"  
[X Link](https://x.com/CVEnew/status/1998418847938793580)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63050 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This iss"  
[X Link](https://x.com/CVEnew/status/1998418849222263261)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63044 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Base"  
[X Link](https://x.com/CVEnew/status/1998418856323232150)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63035 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue af"  
[X Link](https://x.com/CVEnew/status/1998418860974748129)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63023 Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Contr"  
[X Link](https://x.com/CVEnew/status/1998418868893540515)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63008 Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a t"  
[X Link](https://x.com/CVEnew/status/1998418876942442973)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62999 Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects L"  
[X Link](https://x.com/CVEnew/status/1998418881581371833)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62996 Missing Authorization vulnerability in Code Amp Custom Layouts Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control"  
[X Link](https://x.com/CVEnew/status/1998418883800117276)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62995 Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configur"  
[X Link](https://x.com/CVEnew/status/1998418884945170653)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62993 Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security"  
[X Link](https://x.com/CVEnew/status/1998418887218470976)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62870 Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Se"  
[X Link](https://x.com/CVEnew/status/1998418891966472485)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62866 Cross-Site Request Forgery (CSRF) vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from"  
[X Link](https://x.com/CVEnew/status/1998418895481237633)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62865 Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects"  
[X Link](https://x.com/CVEnew/status/1998418896542380371)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62762 Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through ="  
[X Link](https://x.com/CVEnew/status/1998418897653936592)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62740 Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff"  
[X Link](https://x.com/CVEnew/status/1998418898715034016)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62739 Cross-Site Request Forgery (CSRF) vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: f"  
[X Link](https://x.com/CVEnew/status/1998418899801391314)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62738 Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff"  
[X Link](https://x.com/CVEnew/status/1998418900845789374)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62152 Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a"  
[X Link](https://x.com/CVEnew/status/1998418909024645442)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62103 Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Med"  
[X Link](https://x.com/CVEnew/status/1998418912531091834)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62100 Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe"  
[X Link](https://x.com/CVEnew/status/1998418914670162322)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62086 Missing Authorization vulnerability in akazanstev  (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This iss"  
[X Link](https://x.com/CVEnew/status/1998418918159884361)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-59132 Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicate Content Cure duplicate-content-cure allows Cross Site Request Forgery.This issue affects Dupli"  
[X Link](https://x.com/CVEnew/status/1998418921330741325)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-36017 IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6stores unencrypted sensitive information in environmental variables files whi"  
[X Link](https://x.com/CVEnew/status/1998148858086330712)  2025-12-08T21:53Z 56K followers, XXX engagements


"CVE-2023-53814 In the Linux kernel the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: X n"  
[X Link](https://x.com/CVEnew/status/1998198614259106095)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2025-41745 An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the d"  
[X Link](https://x.com/CVEnew/status/1998355347304747115)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-14306 A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file pat"  
[X Link](https://x.com/CVEnew/status/1998355361016021097)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40340 In the Linux kernel the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault"  
[X Link](https://x.com/CVEnew/status/1998355372546134385)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40338 In the Linux kernel the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly t"  
[X Link](https://x.com/CVEnew/status/1998355374567801333)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40328 In the Linux kernel the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab"  
[X Link](https://x.com/CVEnew/status/1998355384717938806)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53804 In the Linux kernel the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of ni"  
[X Link](https://x.com/CVEnew/status/1998355406964560055)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-63071 Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensit"  
[X Link](https://x.com/CVEnew/status/1998418827537711114)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63054 Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Le"  
[X Link](https://x.com/CVEnew/status/1998418846810517944)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63006 Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Leve"  
[X Link](https://x.com/CVEnew/status/1998418879287115864)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-49350 Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Securit"  
[X Link](https://x.com/CVEnew/status/1998418923553767663)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-49348 Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a throug"  
[X Link](https://x.com/CVEnew/status/1998418924669432180)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-54304 An issue was discovered on Thermo Fisher Ion Torrent OneTouch X INS1005527 devices. When they are powered on an X11 display server is started. The display server lis"  
[X Link](https://x.com/CVEnew/status/1996600331933766068)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-14201 A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability"  
[X Link](https://x.com/CVEnew/status/1997739721527800213)  2025-12-07T18:47Z 56K followers, XXX engagements


"CVE-2025-66461 FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM p"  
[X Link](https://x.com/CVEnew/status/1997974340537888776)  2025-12-08T10:19Z 56K followers, XXX engagements


"CVE-2025-48622 In ProcessArea of dng_misc_opcodes.cpp there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no addit"  
[X Link](https://x.com/CVEnew/status/1998079570080084372)  2025-12-08T17:17Z 56K followers, XXX engagements


"CVE-2025-12635 IBM WebSphere Application Server XXX XXX and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper"  
[X Link](https://x.com/CVEnew/status/1998154707114623453)  2025-12-08T22:16Z 56K followers, XXX engagements


"CVE-2025-64498 Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterpr"  
[X Link](https://x.com/CVEnew/status/1998163810750976122)  2025-12-08T22:52Z 56K followers, XXX engagements


"CVE-2025-65962 Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and"  
[X Link](https://x.com/CVEnew/status/1998174132110819615)  2025-12-08T23:33Z 56K followers, XXX engagements


"CVE-2025-66202 Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication ch"  
[X Link](https://x.com/CVEnew/status/1998178447647187224)  2025-12-08T23:50Z 56K followers, XXX engagements


"CVE-2025-66491 Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the"  
[X Link](https://x.com/CVEnew/status/1998198604574466542)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2013-10031 Plack-Middleware-Session versions before XXXX may be vulnerable to HMAC comparison timing attacks"  
[X Link](https://x.com/CVEnew/status/1998198607539777963)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2023-53818 In the Linux kernel the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynq_early_slcr_init of_find_compatible_node() returns a node po"  
[X Link](https://x.com/CVEnew/status/1998198610329047229)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2023-53817 In the Linux kernel the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a contr"  
[X Link](https://x.com/CVEnew/status/1998198611436249264)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2023-53813 In the Linux kernel the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4_mb_use_preallocated During allocations while looking for"  
[X Link](https://x.com/CVEnew/status/1998198615257264155)  2025-12-09T01:10Z 56K followers, XXX engagements


"CVE-2025-40819 A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.2 SP4). Affected applications do not properly validate license restrictions aga"  
[X Link](https://x.com/CVEnew/status/1998355324043251717)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40807 A vulnerability has been identified in Gridscale X Prepay (All versions V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens"  
[X Link](https://x.com/CVEnew/status/1998355326186443165)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56836 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). During the Dynamic DNS configuration of the affected product it is possible t"  
[X Link](https://x.com/CVEnew/status/1998355334537363808)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56835 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). The DHCP Server configuration file of the affected products is subject to cod"  
[X Link](https://x.com/CVEnew/status/1998355335636201688)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-64696 Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited application-specific files may be accessed fr"  
[X Link](https://x.com/CVEnew/status/1998355339767591348)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-41697 An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692"  
[X Link](https://x.com/CVEnew/status/1998355345182536025)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-41748 An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacke"  
[X Link](https://x.com/CVEnew/status/1998355350303731941)  2025-12-09T11:33Z 56K followers, XX engagements