[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
[@CVEnew](/creator/twitter/CVEnew)
"CVE-2025-46385 CWE-918 Server-Side Request Forgery (SSRF)"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952152402055622) 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS)"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339042225324182) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-53942 authentik is an open-source Identity Provider that emphasizes flexibility and versatility with support for a wide set of protocols. In versions 2025.4.4 and earlier"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948122392485662843) 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-7867 A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946789189883703509) 2025-07-20 04:28:07 UTC 55K followers, XXX engagements
"CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390790264934646) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7490 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. Affected is an unknown function of the file /admin/r"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944137745401860605) 2025-07-12 20:52:13 UTC 55K followers, XXX engagements
"CVE-2025-53885 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows to h"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944907783867883683) 2025-07-14 23:52:04 UTC 55.1K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700219394179580) 2025-07-11 15:53:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409998549532951) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7962 In Jakarta Mail XXX it is possible to preform a SMTP Injection by utilizing ther and n UTF-8 characters to separate different messages"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352504712200559) 2025-07-21 17:46:31 UTC 55K followers, XXX engagements
"CVE-2025-52374 Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.conf"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331046883610754) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-6082 The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to and including XXX. This is due to insufficient protecti"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594458335219920) 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700216718196774) 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390789396664540) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-51396 A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374998244466839) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700217569706026) 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390830416887808) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390812469530867) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-54454 Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO X Server allows Authentication Bypass.This issue affects MagicINFO X Server: less than 21"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947905646222790848) 2025-07-23 06:24:31 UTC 55.1K followers, XXX engagements
"CVE-2025-7222 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390843125641703) 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390783814045934) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-53024 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207822033043823) 2025-07-15 19:44:19 UTC 55K followers, XXX engagements
"CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390838662959216) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2018-25113 An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to re"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024979074793869) 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-36116 IBM Db2 Mirror for i XXX XXX and XXX GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request an unauthenticated ma"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948032643351581094) 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-46996 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948417725182673363) 2025-07-24 16:19:20 UTC 55.1K followers, XXX engagements
"CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390795537166697) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-0765 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an unaut"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948276022496866467) 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-41687 An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947943064812638623) 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369697919569958) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-50103 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 9.0.0-9.3.0. Difficult t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207828605538614) 2025-07-15 19:44:21 UTC 55K followers, XXX engagements
"CVE-2025-7926 A vulnerability which was classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. This affects an unknown part of the file /admin/booking"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300342300868684) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2012-10020 The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to and includ"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494215010660572) 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-50108 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207823907926301) 2025-07-15 19:44:20 UTC 55K followers, XXX engagements
"CVE-2025-54122 Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy hand"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405331354816665) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4130 Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300337989067074) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390799857283416) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7877 A vulnerability which was classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946854359209242768) 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-50477 A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948094257295978547) 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2025-51658 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808328338792620) 2025-07-14 17:16:52 UTC 55K followers, XXX engagements
"CVE-2025-7925 A vulnerability which was classified as problematic has been found in PHPGurukul Online Banquet Booking System XXX. Affected by this issue is some unknown functionali"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947287570704158878) 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-7911 A vulnerability classified as critical was found in D-Link DI-8100 XXX. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhtt"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947067430641012818) 2025-07-20 22:53:44 UTC 55K followers, XXX engagements
"CVE-2025-51397 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374999188160828) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7859 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/update_passwo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946742253600530891) 2025-07-20 01:21:36 UTC 55K followers, XXX engagements
"CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410009836454325) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-34116 A remote command execution vulnerability exists in IPFire before version XXXX Core Update XXX via the 'proxy.cgi' CGI interface. An authenticated attacker can inject"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118959558385964) 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207838986350723) 2025-07-15 19:44:23 UTC 55K followers, XXX engagements
"CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below the NodeJS version of HAX CMS has a disabled Conte"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405328699822552) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4570 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211148316627411) 2025-07-21 08:24:49 UTC 55K followers, XXX engagements
"CVE-2025-7593 A vulnerability was found in code-projects Job Diary XXX and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944703066315669757) 2025-07-14 10:18:36 UTC 55K followers, XXX engagements
"CVE-2025-43977 The application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction b"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322219690066089) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-4129 Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300339041857832) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7486 The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to and including XXXXXX due to insufficient"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426677937537380) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390799035220089) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-53537 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below there is a traffic-induced memory leak that can"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948122390443004054) 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-54365 fastapi-guard is a security library for FastAPI that provides middleware to control IPs log requests detect penetration attempts and more. In version 3.0.1 the reg"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948151375072055790) 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-52080 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945156658365145572) 2025-07-15 16:21:01 UTC 55K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700206983193052) 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-53084 A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A specially craft"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948407410844107015) 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-6831 The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to and including 4"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494216818385327) 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-4393 Medtronic MyCareLink Patient Monitor has an internal service that deserializes data which allows a local attacker to interact with the service by crafting a binary pay"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948234096162771045) 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-44655 In TOTOLink A7100RU V7.4 A950RG V5.9 and T10 V5.9 the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system file"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331044127953062) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7920 WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability allowing unauthenticated remote attackers to execute arbitrar"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202228327948737) 2025-07-21 07:49:23 UTC 55K followers, XXX engagements
"CVE-2025-7928 A vulnerability was found in code-projects Church Donation System XXX and classified as critical. This issue affects some unknown processing of the file /members/edit_u"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315100962165130) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-4394 Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage which allows an attacker with physical access to read and modify files. This"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948234094959001653) 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-8037 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the S"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772503771746387) 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-51471 Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947732016285340043) 2025-07-22 18:54:34 UTC 55K followers, XXX engagements
"CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX. It has been classified as critical. Affected is the function addGoods of the file GoodsController"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405330511761671) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-7919 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188860863041824) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2016-15045 A local privilege escalation vulnerability exists in lastore-daemon the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024976654717420) 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-41678 A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232870247927976) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410000583835725) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390784778760696) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7888 A vulnerability was found in TDuckCloud tduck-platform XXX and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946920305361879072) 2025-07-20 13:09:07 UTC 55K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668165860635053) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390831222288479) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700215824797703) 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390819390132695) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7511 A vulnerability was found in code-projects Chat System XXX and classified as critical. This issue affects some unknown processing of the file /user/update_account.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944235145604587837) 2025-07-13 03:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390814180839849) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-7369 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 7.4.2. This is due"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202225572356223) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369699303690462) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-4040 Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic St"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947287571639554067) 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-49087 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4 a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mod"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947006248693735654) 2025-07-20 18:50:37 UTC 55.1K followers, XXX engagements
"CVE-2025-53028 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207817884885405) 2025-07-15 19:44:18 UTC 55K followers, XXX engagements
"CVE-2025-7895 A vulnerability which was classified as critical was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/contro"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946336168767501) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-54319 An issue was discovered in Westermo WeOS X (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947037354386178107) 2025-07-20 20:54:14 UTC 55K followers, XXX engagements
"CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390809944559803) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-30739 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207887946457547) 2025-07-15 19:44:35 UTC 55K followers, XXX engagements
"CVE-2025-7588 A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This affects an unknown part of the file edit-product.php. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944682065221312596) 2025-07-14 08:55:09 UTC 55K followers, XXX engagements
"CVE-2025-7852 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948245086539522426) 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390816877744421) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-46123 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where the authent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315103889871240) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410005180752147) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562958710350222) 2025-07-16 19:15:30 UTC 55K followers, XXX engagements
"CVE-2025-44658 In Netgear RAX30 V1.0.10.94 a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker m"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325175248359866) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668217349869972) 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700200456872091) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390832052736253) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2010-10012 A path traversal vulnerability exists in httpdasm version XXXX a lightweight Windows HTTP server that allows unauthenticated attackers to read arbitrary files on th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024974813360434) 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390815892046047) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46383 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946335388696901) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-50151 File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users ar"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232866489803073) 2025-07-21 09:51:07 UTC 55K followers, XXX engagements
"CVE-2025-54018 Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435454414934465) 2025-07-16 10:48:51 UTC 55K followers, XXX engagements
"CVE-2025-7818 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946557593276567686) 2025-07-19 13:07:50 UTC 55.1K followers, XXX engagements
"CVE-2025-7427 Uncontrolled Search Path Element in Arm Development Studio before 2025may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to lo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947602124973441431) 2025-07-22 10:18:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7913 A vulnerability which was classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947082311259869549) 2025-07-20 23:52:52 UTC 55K followers, XXX engagements
"CVE-2025-51864 A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat through 2025-05-27 allowing attackers to hijack accounts through sto"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947677518116356326) 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-7906 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/jav"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947021346204262716) 2025-07-20 19:50:37 UTC 55K followers, XXX engagements
"CVE-2025-51472 Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947759871153070427) 2025-07-22 20:45:15 UTC 55K followers, XXX engagements
"CVE-2025-7893 A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xm"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946932091565867519) 2025-07-20 13:55:57 UTC 55K followers, XXX engagements
"CVE-2025-24937 File contents could be read from the local file system by an attacker. Additionally malicious code could be inserted in the file leading to a full compromise of the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188858761671150) 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-43976 The application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322218704445869) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-8070 The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947926010466275511) 2025-07-23 07:45:26 UTC 55.1K followers, XXX engagements
"CVE-2025-7936 A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947383760602705988) 2025-07-21 19:50:43 UTC 55K followers, XXX engagements
"CVE-2025-54377 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below RooCode does not validate line breaks (n) in its comma"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948122389201453087) 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-7627 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the fu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944825153076006951) 2025-07-14 18:23:44 UTC 55K followers, XXX engagements
"CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390796505952648) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668164782678454) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-46171 vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.phpdo=buddylist endpoint. If an authenticated user has a sufficiently large buddy list p"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948050431155847274) 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-43720 Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role revealing the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947345252190159158) 2025-07-21 17:17:42 UTC 55K followers, XXX engagements
"CVE-2022-4978 Remote Control Server maintained bySteppschuh 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled which is the default configurati"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024980978999562) 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7604 A vulnerability was found in PHPGurukul Hospital Management System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944747133329870902) 2025-07-14 13:13:42 UTC 55K followers, XXX engagements
"CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390802445127728) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397531404574795) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-8022 All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the $ shell API due to i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947897515514159424) 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54296 A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947983332240654553) 2025-07-23 11:33:12 UTC 55.1K followers, XXX engagements
"CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187445777281467) 2025-07-15 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397532327223491) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-7909 A vulnerability was found in D-Link DIR-513 XXX. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSet"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947051857404178782) 2025-07-20 21:51:51 UTC 55.1K followers, XXX engagements
"CVE-2024-40682 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local user to cause a denial of service due to improper"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947983333184422115) 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390810800198108) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7863 A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/c"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772889132261383) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390828793798664) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2020-26799 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374997242056804) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-51865 Ai2 playground web service LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR) allowing attackers to gain s"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947677519131341078) 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207851699384777) 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-2634 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948050428328862000) 2025-07-23 15:59:49 UTC 55.1K followers, XXX engagements
"CVE-2025-41679 An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232868893106283) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-41674 A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232874907762917) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-46118 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where hard-coded c"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307945227640890) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-4049 Use of hard-coded the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.T"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211149998424422) 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390788465483889) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390785726648656) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7901 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946957069615251788) 2025-07-20 15:35:12 UTC 55K followers, XXX engagements
"CVE-2025-7512 A vulnerability was found in code-projects Modern Bag XXX. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944235144639906030) 2025-07-13 03:19:15 UTC 55.1K followers, XXX engagements
"CVE-2025-54316 An issue was discovered in Logpoint before 7.6.0. When creating reports attackers can create custom Jinja templates that chained built-in filter functions to generat"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011958051332578) 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-54013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects W"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435458080821727) 2025-07-16 10:48:52 UTC 55K followers, XXX engagements
"CVE-2025-7600 A vulnerability which was classified as critical was found in PHPGurukul Online Library Management System XXX. This affects an unknown part of the file /admin/student"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944726862363553973) 2025-07-14 11:53:09 UTC 55K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700198640746944) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-52687 Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the paylo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945389109775868072) 2025-07-16 07:44:42 UTC 55.1K followers, XXX engagements
"CVE-2025-41673 A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements us"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232875780128849) 2025-07-21 09:51:10 UTC 55K followers, XXX engagements
"CVE-2025-8031 The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects F"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772502131736999) 2025-07-22 21:35:27 UTC 55K followers, XXX engagements
"CVE-2025-20300 In Splunk Enterprise versions below 9.4.2 9.3.5 9.2.6 and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103 9.3.2408.112 and 9.2.2406.119 a low-privil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942280703753814291) 2025-07-07 17:53:00 UTC 55K followers, XXX engagements
"CVE-2025-53643 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14 the Python parser is vulnerable to a request smuggling vulne"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860704890101914) 2025-07-14 20:45:00 UTC 55K followers, XXX engagements
"CVE-2025-30752 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java S"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207876827410657) 2025-07-15 19:44:32 UTC 55.1K followers, XXX engagements
"CVE-2025-47281 Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below a Denial of Service (DoS) vulnerability exists due to i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948122391441219728) 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-41458 Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the apps filesyste"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258495381721116) 2025-07-21 11:32:58 UTC 55K followers, XXX engagements
"CVE-2025-51868 Insecure Direct Object Reference (IDOR) vulnerability in Dippy v2 allows attackers to gain sensitive information via the conversation_id parameter to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410012717883495) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409993977758152) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-6187 The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594455080472654) 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390787538588093) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7625 A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944801991999308142) 2025-07-14 16:51:42 UTC 55K followers, XXX engagements
"CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397530477535610) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700204173078902) 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205037121823) 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207847043600883) 2025-07-15 19:44:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390841146024094) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7601 A vulnerability has been found in PHPGurukul Online Library Management System XXX and classified as problematic. This vulnerability affects unknown code of the file /ad"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736655862313181) 2025-07-14 12:32:04 UTC 55K followers, XXX engagements
"CVE-2025-54138 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS ve"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947776821204017597) 2025-07-22 21:52:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7918 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188861840368046) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-6213 The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.1.1 via the 'nppp_preload_cache_on_upd"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594456057643463) 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339044137959659) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7914 A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947134871387742416) 2025-07-21 03:21:44 UTC 55K followers, XXX engagements
"CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390832887443724) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7915 A vulnerability was found in Chanjet CRM XXX and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947134870469091382) 2025-07-21 03:21:43 UTC 55K followers, XXX engagements
"CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409995722617144) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700212339368002) 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2017-20198 The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations attac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024977539666383) 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-46686 Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks sent by an authenticated user. This occurs because the server allocates"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948094255354003925) 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335892678037713) 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-7935 A vulnerability which was classified as critical was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374995371434179) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410001464635614) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7745 : Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948282165487177865) 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-7880 A vulnerability was found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/co"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946862936552591851) 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390803275616420) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390839497626077) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7394 In the OpenSSL compatibility layer implementation the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned fr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946343155000873383) 2025-07-18 22:55:44 UTC 55K followers, XXX engagements
"CVE-2025-7929 A vulnerability was found in code-projects Church Donation System XXX. It has been classified as critical. Affected is an unknown function of the file /members/edit_Mem"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325173235061189) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369696975896779) 2025-07-21 18:54:50 UTC 55K followers, XXX engagements
"CVE-2025-47917 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011957019623707) 2025-07-20 19:13:18 UTC 55K followers, XXX engagements
"CVE-2025-50127 A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947983334086160837) 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-46267 Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited the product's hidden debug function may be enabled by a remote attacker who can log in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594453218169164) 2025-07-22 09:47:56 UTC 55.1K followers, XXX engagements
"CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390804173197319) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7437 The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions u"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948245085616837073) 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-51869 Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id thread_id and mes"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947379222571585721) 2025-07-21 19:32:41 UTC 55K followers, XXX engagements
"CVE-2025-46117 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where a hidden de"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307944183234621) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-5681 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258492462473536) 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482486240469456) 2025-07-16 13:55:44 UTC 55.1K followers, XXX engagements
"CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405335234548098) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-40597 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040054116426056) 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52362 Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375003919393065) 2025-07-21 19:15:56 UTC 55K followers, XXX engagements
"CVE-2025-30748 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207880530989437) 2025-07-15 19:44:33 UTC 55K followers, XXX engagements
"CVE-2025-7834 A vulnerability which was classified as problematic was found in PHPGurukul Complaint Management System XXX. Affected is an unknown function. The manipulation leads t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946613331420201409) 2025-07-19 16:49:19 UTC 55K followers, XXX engagements
"CVE-2025-54020 Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form X allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7:"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435453358047250) 2025-07-16 10:48:51 UTC 55.1K followers, XXX engagements
"CVE-2025-41240 Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948276021578363248) 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2015-10140 The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions allowing any authenticated users such as subscriber to upload and"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947656930429669784) 2025-07-22 13:56:12 UTC 55.1K followers, XXX engagements
"CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410011883262465) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-54121 Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit designed for building async web services in Python. In versions 0.47.1 and"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397528636227857) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410010859806838) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-4976 An issue has been discovered in GitLab EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under certain circumstances"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948276024363401516) 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-53528 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below the version parameter of the "/docs" endpo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397526736323068) 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-5284 The Master Addons Elementor Addons with White Label Free Widgets Hover Effects Conditions & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435481644351607) 2025-07-16 10:48:57 UTC 55K followers, XXX engagements
"CVE-2025-54443 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947905633455353927) 2025-07-23 06:24:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7904 A vulnerability which was classified as critical was found in itsourcecode Insurance Management System XXX. This affects an unknown part of the file /insertNominee.ph"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946981991875830167) 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390836163154338) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700197768396914) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700208732287204) 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7371 Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947687624723824645) 2025-07-22 15:58:10 UTC 55K followers, XXX engagements
"CVE-2025-34110 A directory traversal vulnerability exists in ColoradoFTP Server XXX Build X for Windows allowing unauthenticated attackers to read or write arbitrary files outsid"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118962251129024) 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390823789961622) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390827996844227) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7932 A vulnerability classified as critical has been found in D-Link DIR817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352505630748836) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-38352 In the Linux kernel the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947580621049762147) 2025-07-22 08:52:59 UTC 55.1K followers, XXX engagements
"CVE-2025-44651 In TRENDnet TPL-430AP FW1.0 the USERLIMIT_GLOBAL option is set to X in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are conn"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322221548171695) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405334324425099) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-6235 In ExtremeControl before 25.5.12 a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from impro"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300336873492704) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive inf"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390825442513121) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700207855607885) 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700202369515829) 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-41676 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232873158791278) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390820287713776) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7876 A vulnerability classified as critical was found in Metasoft MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946840387487969603) 2025-07-20 07:51:33 UTC 55K followers, XXX engagements
"CVE-2025-50481 A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948057680137883973) 2025-07-23 16:28:38 UTC 55.1K followers, XXX engagements
"CVE-2025-41675 A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of sp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232874001756474) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-44109 A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948103969512857626) 2025-07-23 19:32:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409997580669078) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7885 A vulnerability which was classified as problematic has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the comp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946895320312336389) 2025-07-20 11:29:50 UTC 55K followers, XXX engagements
"CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390837006209124) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-54317 An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template whi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011958948999569) 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668163788612062) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-51659 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808329202852189) 2025-07-14 17:16:53 UTC 55K followers, XXX engagements
"CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409988109865224) 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397533270987129) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-2301 Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947263601464492232) 2025-07-21 11:53:15 UTC 55K followers, XXX engagements
"CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369700222242871) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-7645 The Extensions For CF7 (Contact form X Database Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947551076762161196) 2025-07-22 06:55:35 UTC 55.1K followers, XXX engagements
"CVE-2025-51463 Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitt"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947684638505242887) 2025-07-22 15:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-30959 Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. Thi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482477348536570) 2025-07-16 13:55:42 UTC 55K followers, XXX engagements
"CVE-2025-7900 The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947609924017545317) 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below the NodeJS version of HAX CMS uses an ins"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405329622569410) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-52081 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945150006849044909) 2025-07-15 15:54:35 UTC 55K followers, XXX engagements
"CVE-2025-51398 A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTM"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375000144445590) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214067445874) 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-51401 A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML vi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375002061287735) 2025-07-21 19:15:55 UTC 55.1K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668167047524629) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-30762 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207870502416826) 2025-07-15 19:44:31 UTC 55K followers, XXX engagements
"CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390834552541310) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-8009 The Security Ninja WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including XXXXX via the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948288222728946161) 2025-07-24 07:44:44 UTC 55.1K followers, XXX engagements
"CVE-2025-51400 A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375001205653912) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below the HAX CMS NodeJS application crashes when an aut"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405326824952179) 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7343 The SFT developed by Digiwin has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read modify and delete d"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196005142683982) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-7840 A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System XXX. It has been classified as problematic. This affects an unknown part of the file"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946643737737932907) 2025-07-19 18:50:08 UTC 55K followers, XXX engagements
"CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390786620035389) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7875 A vulnerability classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946835637560136116) 2025-07-20 07:32:41 UTC 55K followers, XXX engagements
"CVE-2025-7524 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944331656921579909) 2025-07-13 09:42:45 UTC 55.1K followers, XXX engagements
"CVE-2025-7862 A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772889945899281) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390829624258828) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-8058 The regcomp function in the GNU C library version from XXX to XXXX is subject to a double free if some previous allocation fails. It can be accomplished either by a m"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948115528557498847) 2025-07-23 20:18:30 UTC 55.1K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700199567728738) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390827141206138) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7724 An unauthenticated OS command injection vulnerability existsin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772508276482275) 2025-07-22 21:35:28 UTC 55K followers, XXX engagements
"CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410007068119481) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-7897 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/con"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952150153941071) 2025-07-20 15:15:39 UTC 55K followers, XXX engagements
"CVE-2025-41684 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947943065802469500) 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-48291 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482491848176031) 2025-07-16 13:55:46 UTC 55K followers, XXX engagements
"CVE-2025-7878 A vulnerability which was classified as critical was found in Metasoft MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946854358341013882) 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-4700 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under specific circumstan"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948079938197676414) 2025-07-23 17:57:05 UTC 55.1K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700211378913755) 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944898793880641936) 2025-07-14 23:16:21 UTC 55K followers, XXX engagements
"CVE-2024-12310 A vulnerability in Imprivata Enterprise Access Management(formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows un"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947998284255014966) 2025-07-23 12:32:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390797344870608) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426678931689634) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7948 A vulnerability classified as problematic was found in jshERP up to XXX. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/update"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494219603468595) 2025-07-22 03:09:39 UTC 55K followers, XXX engagements
"CVE-2025-54090 A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65 which fixe"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948012102414655951) 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-4439 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an auth"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948094254368358731) 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390791741280620) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7931 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339047199760877) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7934 A vulnerability which was classified as critical has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the fu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374996327723481) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7354 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202224637002077) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-54313 eslint-config-prettier 8.10.1 9.1.1 10.1.6 and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946613332506550506) 2025-07-19 16:49:19 UTC 55.1K followers, XXX engagements
"CVE-2025-41677 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232872240214266) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2015-10141 An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier a PHP debugging extension developed by Derick Rethans. When rem"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024975773892642) 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-6018 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040050106606052) 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-36117 IBM Db2 Mirror for i XXX XXX and XXX does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948032642261123248) 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-7583 A vulnerability has been found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944658333312713058) 2025-07-14 07:20:51 UTC 55K followers, XXX engagements
"CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in change_label"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223153292087579) 2025-07-15 20:45:14 UTC 55.1K followers, XXX engagements
"CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390807100821543) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-52575 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361904046870890) 2025-07-21 18:23:52 UTC 55K followers, XXX engagements
"CVE-2025-50063 Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerabilit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207865725079884) 2025-07-15 19:44:30 UTC 55K followers, XXX engagements
"CVE-2025-53771 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947063357644636665) 2025-07-20 22:37:33 UTC 55K followers, XXX engagements
"CVE-2016-15044 A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices mo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948151376481247557) 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7947 A vulnerability classified as critical has been found in jshERP up to XXX. Affected is an unknown function of the file /user/delete of the component Account Handler. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494220412887173) 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-44647 In TRENDnet TEW-WLC100P 2.03b03 the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file so that IKE Respon"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325174266937572) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700230924308738) 2025-07-11 15:53:41 UTC 55K followers, XXX engagements
"CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409991012409733) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7927 A vulnerability has been found in PHPGurukul Online Banquet Booking System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/vi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307941486264783) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390818542882843) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7941 A vulnerability which was classified as problematic was found in PHPGurukul Time Table Generator System XXX. Affected is an unknown function of the file /admin/profil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426679921447165) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7916 WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary code on the ser"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947181807256166624) 2025-07-21 06:28:14 UTC 55K followers, XXX engagements
"CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207854668898681) 2025-07-15 19:44:27 UTC 55K followers, XXX engagements
"CVE-2025-7715 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This iss"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339043185820009) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7912 A vulnerability which was classified as critical has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the compon"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947073274812248126) 2025-07-20 23:16:58 UTC 55K followers, XXX engagements
"CVE-2025-7917 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability allowing remote attackers with administrator privileges to upload and"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188863354458184) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-36845 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361904969601530) 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-54314 Thor before 1.4.0 can construct an unsafe shell command from library input"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772890801578251) 2025-07-20 03:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7692 The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.0.5. This is due to the olws_handle_verify_"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594459257983342) 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System XXX. This vulnerability affects unknown code of the file /pages/settings_update"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369701140795602) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below the application returns a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405327848378772) 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7930 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331043159069170) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7393 Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339045115154565) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2024-41751 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local authenticated attacker to bypass client-side enf"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947983335940051232) 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7344 The EAI developed by Digiwin has a Privilege Escalation vulnerability allowing remote attackers with regular privileges to elevate their privileges to administrator le"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196004056314230) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 is vulnerable to HTTP header injection caused by improper validation"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947983335046644165) 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390805024641226) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772498642169929) 2025-07-22 21:35:26 UTC 55K followers, XXX engagements
"CVE-2025-54310 qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946294372267680016) 2025-07-18 19:41:53 UTC 55K followers, XXX engagements
"CVE-2025-7908 A vulnerability was found in D-Link DI-8100 XXX. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.aspopt=add"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947042588445307013) 2025-07-20 21:15:02 UTC 55K followers, XXX engagements
"CVE-2025-47187 A vulnerability in the Mitel 6800 Series 6900 Series and 6900w Series SIP Phones including the 6970 Conference Unit through XXX SP4 could allow an unauthenticated"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948094256457085252) 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2024-13973 A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR1 (21.0.1) can potentially lead to administrators achieving arbitrar"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300340086251916) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214973350185) 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942453102914982247) 2025-07-08 05:18:03 UTC 55K followers, XXX engagements
"CVE-2025-54438 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947905631685357780) 2025-07-23 06:24:27 UTC 55.1K followers, XXX engagements
"CVE-2025-8107 In OceanBase's Oracle tenant mode a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted command"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948282164610470188) 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-53832 Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which e"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397525733814564) 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700213236912444) 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-46116 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where an authenti"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307942568509498) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7717 Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0 from 2.0.0 before 2.0.1"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339041105383439) 2025-07-21 16:53:01 UTC 55K followers, XXX engagements
"CVE-2025-8029 Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability affects Firefox XXX Firefox ESR XXXXXX Firefox ESR XXXXX Thu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772505495667115) 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700218567958857) 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-44650 In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2 the USERLIMIT_GLOBAL option is set to X in the bftpd.conf configuration file. This can cause DoS attacks"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322220612857926) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700231746376174) 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2025-46382 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946337016029440) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700201417392463) 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390835361972679) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-53826 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.39.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187446859395512) 2025-07-15 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-40599 An authenticated arbitrary file upload vulnerability exists in the SMA XXX series web management interface. A remote attacker with administrative privileges can explo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948012103421264057) 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-1299 An issue has been discovered in GitLab CE/EE affecting all versions starting from XXXX before 18.0.5 all versions starting from XXXX before 18.1.3 all versions starti"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948276023377740093) 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700232669216990) 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390821994750457) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-32019 Harbor is an open source trusted cloud native registry project that stores signs and scans content. Versions 2.11.2 and below as well as versions 2.12.0-rc1 and 2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948125321082876065) 2025-07-23 20:57:25 UTC 55.1K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668171254477166) 2025-07-11 13:46:18 UTC 55K followers, XXX engagements
"CVE-2025-32744 Dell AppSync version(s) 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could poten"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339048214827474) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-50069 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerabili"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207860385747071) 2025-07-15 19:44:28 UTC 55K followers, XXX engagements
"CVE-2025-46122 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the authenticated diagnostics API endpoint /admin/_cmdstat.j"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315102878929377) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409991842816163) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-8038 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772500428968088) 2025-07-22 21:35:26 UTC 55K followers, XXX engagements
"CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390793645494344) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410003343675854) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7853 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946658951438676399) 2025-07-19 19:50:35 UTC 55K followers, XXX engagements
"CVE-2025-48301 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid YaySMTP allows SQL Injection. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435431979672005) 2025-07-16 10:48:46 UTC 55K followers, XXX engagements
"CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390817724993944) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-53839 DRACOON is a file sharing service and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Br"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944903204212511040) 2025-07-14 23:33:53 UTC 55K followers, XXX engagements
"CVE-2025-41237 VMware ESXiWorkstation and Fusioncontain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.A malicious"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195277062648236) 2025-07-15 18:54:28 UTC 55K followers, XXX engagements
"CVE-2025-52372 An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331045050700205) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390794622767179) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-4685 The Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of mu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202226482483607) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-50130 A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO. LTD. Opening V9 files or X1 files specia"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942594394202296511) 2025-07-08 14:39:29 UTC 55K followers, XXX engagements
"CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390837832487359) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668215416287368) 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409994820813282) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390801522397650) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-51464 Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947714894390038858) 2025-07-22 17:46:32 UTC 55.1K followers, XXX engagements
"CVE-2025-53882 A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allowspotential escalation from mai"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947957960078197118) 2025-07-23 09:52:23 UTC 55.1K followers, XXX engagements
"CVE-2025-46121 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the functions stamgr_cfg_adpt_addStaFavourite and stamgr_c"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315101910081994) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-53820 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944863289491505276) 2025-07-14 20:55:16 UTC 55.1K followers, XXX engagements
"CVE-2025-41459 Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attacke"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258494412894464) 2025-07-21 11:32:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7940 A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functional"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409987182932239) 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7924 A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. Affected by this vulnerability is an unknown functionality of the f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258493481750909) 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390800696103028) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR2 (21.0.2)can lead to adjacent attackers achieving pre-auth code execution"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300343366164659) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-41681 A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232867609682299) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-51462 Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafte"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947759870213570902) 2025-07-22 20:45:15 UTC 55K followers, XXX engagements
"CVE-2024-6107 Due to insufficient verification an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947226365981298913) 2025-07-21 09:25:18 UTC 55K followers, XXX engagements
"CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390821118185976) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390840344875198) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2018-25114 A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024979955548408) 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7687 The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594460197503073) 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-44649 In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03 the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase X exposes i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339051100434898) 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2024-13974 A business logic vulnerability in the Up2Date component of Sophos Firewall older than version XXXX MR1 (20.0.1) can lead to attackers controlling the firewalls DNS e"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300341172621341) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7903 A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Imag"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946981992903364726) 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-2633 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvreUDecStrToNum that may result in information disclosure or arbitrary code executio"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948050429268361526) 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2015-10138 The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946535699055808923) 2025-07-19 11:40:50 UTC 55.1K followers, XXX engagements
"CVE-2025-6262 The video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to and including 0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948319165527339189) 2025-07-24 09:47:41 UTC 55.1K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668199788343741) 2025-07-11 13:46:25 UTC 55K followers, XXX engagements
"CVE-2025-7294 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410008892678431) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-53472 WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploite"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594454191284375) 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7907 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/re"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947034683717669114) 2025-07-20 20:43:37 UTC 55K followers, XXX engagements
"CVE-2025-7723 A command injection vulnerability exists that can be exploited after authenticationin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947772509111103901) 2025-07-22 21:35:28 UTC 55K followers, XXX engagements
"CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390811643252974) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7945 A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /go"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947444715554533692) 2025-07-21 23:52:56 UTC 55.1K followers, XXX engagements
"CVE-2025-27930 Zohocorp ManageEngine Applications Manager versions176600 and prior are vulnerable to stored cross-site scripting in theFile/Directory monitor"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947972393101869360) 2025-07-23 10:49:44 UTC 55.1K followers, XXX engagements
"CVE-2025-36603 Dell AppSync version(s) 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could p"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339050118947233) 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668169098621434) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207830878810514) 2025-07-15 19:44:21 UTC 55K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195275993141461) 2025-07-15 18:54:28 UTC 55K followers, 1204 engagements
"CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410008037106060) 2025-07-21 21:35:01 UTC 55.1K followers, XXX engagements
"CVE-2025-7953 A vulnerability which was classified as problematic has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947520172975108129) 2025-07-22 04:52:47 UTC 55.1K followers, XXX engagements
"CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409989175214258) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-46993 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948417724008337910) 2025-07-24 16:19:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7949 A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494218730979615) 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390841976393745) 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-1469 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947218895603204259) 2025-07-21 08:55:36 UTC 55K followers, XXX engagements
"CVE-2025-7910 A vulnerability classified as critical has been found in D-Link DIR-513 XXXX. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947063358793916923) 2025-07-20 22:37:34 UTC 55K followers, XXX engagements
"CVE-2025-26397 SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948297854931406859) 2025-07-24 08:23:00 UTC 55.1K followers, XXX engagements
"CVE-2025-47061 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948411564240863365) 2025-07-24 15:54:51 UTC 55.1K followers, XXX engagements
"CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390792664027228) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-46384 CWE-434 Unrestricted Upload of File with Dangerous Type"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946334507794839) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-7685 The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or incorrect"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947594457362153689) 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-8015 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947677510709268832) 2025-07-22 15:17:59 UTC 55.1K followers, XXX engagements
"CVE-2025-50081 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207850789126520) 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390806198989045) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409990177759462) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-20323 In Splunk Enterprise versions below 9.4.3 9.3.5 9.2.7 and 9.1.10 a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the s"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942280697571397949) 2025-07-07 17:52:58 UTC 55K followers, XXX engagements
"CVE-2025-46099 In Pluck CMS 4.7.20-dev an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948024981889196292) 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7898 A vulnerability was found in Codecanyon iDentSoft XXX. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946957070663848023) 2025-07-20 15:35:13 UTC 55K followers, XXX engagements
"CVE-2025-51655 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808325696380958) 2025-07-14 17:16:52 UTC 55K followers, XXX engagements
"CVE-2025-41683 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947943066800701937) 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54033 Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elemen"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435446483562977) 2025-07-16 10:48:49 UTC 55.1K followers, XXX engagements
"CVE-2025-50076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnera"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207855612604692) 2025-07-15 19:44:27 UTC 55.1K followers, XXX engagements
"CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX and classified as critical. This issue affects the function updateGoods of the file GoodsController"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409992899850389) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335891855880316) 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390813308334271) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-53639 MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or s"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860706760741112) 2025-07-14 20:45:00 UTC 55.1K followers, XXX engagements
"CVE-2025-4569 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211149180633108) 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-24938 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administra"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188857650253990) 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668161687269421) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users ar"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232871296422306) 2025-07-21 09:51:09 UTC 55.1K followers, 1740 engagements
"CVE-2025-7001 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed priviled"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948276025311273087) 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the componen"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946870662640906377) 2025-07-20 09:51:51 UTC 55K followers, XXX engagements
"CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410002378969113) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410006061576382) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668216406110601) 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668170222719111) 2025-07-11 13:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-7879 A vulnerability has been found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file m"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946862937643094255) 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-50106 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207825732350209) 2025-07-15 19:44:20 UTC 55.1K followers, XXX engagements
"CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390824607846746) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390798187954221) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947435532180472288) 2025-07-21 23:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48965 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than ze"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946998843507179528) 2025-07-20 18:21:12 UTC 55K followers, XXX engagements
"CVE-2025-54071 RomM (ROM Manager) allows users to scan enrich browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397527667449987) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390807973237030) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-54451 Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO X Server allows Code Injection.This issue affects MagicINFO 9"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947905642825470102) 2025-07-23 06:24:30 UTC 55.1K followers, XXX engagements
"CVE-2024-55040 Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET re"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322217806893427) 2025-07-21 15:46:10 UTC 55K followers, XXX engagements
"CVE-2015-10137 The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' func"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494216000532746) 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207844933878219) 2025-07-15 19:44:25 UTC 55K followers, XXX engagements
"CVE-2015-10136 The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before XXX via the 'fileid' parameter. This allows unauthenticated attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508125517091305) 2025-07-19 09:51:16 UTC 55K followers, XXX engagements
"CVE-2025-24936 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network st"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188859843797430) 2025-07-21 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390833696866499) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-0664 A locally authenticated privileged user can craft a malicious OpenSSL configuration file potentially leading the agent to load an arbitrary local library. This may im"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202227455594598) 2025-07-21 07:49:22 UTC 55.1K followers, XXX engagements
"CVE-2025-7614 A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component H"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944779091900604639) 2025-07-14 15:20:42 UTC 55K followers, XXX engagements
"CVE-2025-7886 A vulnerability which was classified as critical was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the fu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946900513301082485) 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207839867208185) 2025-07-15 19:44:23 UTC 55.1K followers, XXX engagements
"CVE-2025-44657 In Linksys EA6350 V2.1.2 the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to sy"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322222479339546) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-8069 During the AWS Client VPN client installation on Windows devices the install process references the C:usrlocalwindows-x86_64-openssl-localbuildssl directory locati"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948050430207918585) 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-44652 In Netgear RAX30 V1.0.10.94_3 the USERLIMIT_GLOBAL option is set to X in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352506608058445) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7899 The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download ofarbitraryfiles from the webserver. This issue affects powermail vers"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947609924944408601) 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7887 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file The"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946900512420298755) 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-4968 The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element Hover"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948234093050621984) 2025-07-24 04:09:38 UTC 55.1K followers, XXX engagements
"CVE-2025-5240 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the type parameter in all versions up to and including 2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494217837666754) 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-7301 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410004182536577) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335884700401975) 2025-07-10 15:45:55 UTC 55K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700209646571993) 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7921 Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability allowing unauthenticated remote attackers to control the program's execution fl"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196006073774462) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207848742302169) 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-30477 Dell PowerScale OneFS versions prior to 9.11.0.0 contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339046063071692) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-54446 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947905638111072486) 2025-07-23 06:24:29 UTC 55.1K followers, XXX engagements
"CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405333170971118) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668168058421744) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397529613504520) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-44653 In H3C GR2200 MiniGR1A0V100R016 the USERLIMIT_GLOBAL option is set to X in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352507522416840) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390822833648101) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409999522672859) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7819 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been classified as problematic. This affects an unknown part of the file /creat"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946557592227942601) 2025-07-19 13:07:49 UTC 55K followers, XXX engagements
"CVE-2025-53824 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944893508944584980) 2025-07-14 22:55:21 UTC 55K followers, XXX engagements
"CVE-2025-46119 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304 where an authenticated request to the management endpoint /admin/_cmdstat.jsp disclo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307946477588505) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-52373 Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailSer"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331045927309436) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7905 A vulnerability has been found in itsourcecode Insurance Management System XXX and classified as critical. This vulnerability affects unknown code of the file /insertPa"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947015675957964801) 2025-07-20 19:28:05 UTC 55K followers, XXX engagements
"CVE-2025-44654 In Linksys E2500 3.0.04.002 the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files privile"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352508386390416) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-36846 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vuln"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361905862959435) 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-7902 A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/syste"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946975397326840247) 2025-07-20 16:48:02 UTC 55K followers, XXX engagements
"CVE-2025-7896 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/dele"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952151353414003) 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-5042 A maliciously crafted RFA file when parsed through Autodesk Revit can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947701417919320136) 2025-07-22 16:52:59 UTC 55.1K followers, XXX engagements
"CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405332290097206) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-33076 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040052958744595) 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-33020 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040055106277804) 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700203262877937) 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409996536287596) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-51482 Remote Code Execution in in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947707753893372076) 2025-07-22 17:18:09 UTC 55.1K followers, XXX engagements
"CVE-2025-54082 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0 a vulnerability was discovered in the marshmallow-packages/no"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339049179513334) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390815040639279) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46120 An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector where a path-traversal flaw in the web interface lets the se"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307947555455400) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390826331705367) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207835312209945) 2025-07-15 19:44:22 UTC 55K followers, XXX engagements
"CVE-2025-40596 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040056058290278) 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668214321545476) 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-4395 Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password which allows an attacker with physical access to log in with no password and ac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948234093981745320) 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7946 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been rated as problematic. This issue affects some unknown processing of the fi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947494221205651857) 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-30753 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207875942457662) 2025-07-15 19:44:32 UTC 55K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205968224749) 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7894 A vulnerability which was classified as critical has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/age"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946936863006089296) 2025-07-20 14:14:55 UTC 55K followers, XXX engagements
"CVE-2025-8021 All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the int"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947897516436955591) 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668162756747774) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-40598 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface allowing a remote unauthenticated attacker to potentially execute arbi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040051088035959) 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-33077 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1948040052015067190) 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52378 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is exec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945131497171591345) 2025-07-15 14:41:02 UTC 55K followers, XXX engagements
"CVE-2025-51403 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web s"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375002992402540) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew
"CVE-2025-46385 CWE-918 Server-Side Request Forgery (SSRF)"
@CVEnew on X 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS)" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-53942 authentik is an open-source Identity Provider that emphasizes flexibility and versatility with support for a wide set of protocols. In versions 2025.4.4 and earlier" @CVEnew on X 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-7867 A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component" @CVEnew on X 2025-07-20 04:28:07 UTC 55K followers, XXX engagements
"CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7490 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. Affected is an unknown function of the file /admin/r" @CVEnew on X 2025-07-12 20:52:13 UTC 55K followers, XXX engagements
"CVE-2025-53885 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows to h" @CVEnew on X 2025-07-14 23:52:04 UTC 55.1K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user" @CVEnew on X 2025-07-11 15:53:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7962 In Jakarta Mail XXX it is possible to preform a SMTP Injection by utilizing ther and n UTF-8 characters to separate different messages" @CVEnew on X 2025-07-21 17:46:31 UTC 55K followers, XXX engagements
"CVE-2025-52374 Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.conf" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-6082 The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to and including XXX. This is due to insufficient protecti" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-51396 A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-54454 Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO X Server allows Authentication Bypass.This issue affects MagicINFO X Server: less than 21" @CVEnew on X 2025-07-23 06:24:31 UTC 55.1K followers, XXX engagements
"CVE-2025-7222 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte" @CVEnew on X 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-53024 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:19 UTC 55K followers, XXX engagements
"CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2018-25113 An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to re" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-36116 IBM Db2 Mirror for i XXX XXX and XXX GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request an unauthenticated ma" @CVEnew on X 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-46996 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 16:19:20 UTC 55.1K followers, XXX engagements
"CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-0765 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an unaut" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-41687 An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-50103 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 9.0.0-9.3.0. Difficult t" @CVEnew on X 2025-07-15 19:44:21 UTC 55K followers, XXX engagements
"CVE-2025-7926 A vulnerability which was classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. This affects an unknown part of the file /admin/booking" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2012-10020 The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to and includ" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-50108 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000" @CVEnew on X 2025-07-15 19:44:20 UTC 55K followers, XXX engagements
"CVE-2025-54122 Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy hand" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4130 Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7877 A vulnerability which was classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile" @CVEnew on X 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-50477 A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages" @CVEnew on X 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2025-51658 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php" @CVEnew on X 2025-07-14 17:16:52 UTC 55K followers, XXX engagements
"CVE-2025-7925 A vulnerability which was classified as problematic has been found in PHPGurukul Online Banquet Booking System XXX. Affected by this issue is some unknown functionali" @CVEnew on X 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-7911 A vulnerability classified as critical was found in D-Link DI-8100 XXX. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhtt" @CVEnew on X 2025-07-20 22:53:44 UTC 55K followers, XXX engagements
"CVE-2025-51397 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7859 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/update_passwo" @CVEnew on X 2025-07-20 01:21:36 UTC 55K followers, XXX engagements
"CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-34116 A remote command execution vulnerability exists in IPFire before version XXXX Core Update XXX via the 'proxy.cgi' CGI interface. An authenticated attacker can inject" @CVEnew on X 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:23 UTC 55K followers, XXX engagements
"CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below the NodeJS version of HAX CMS has a disabled Conte" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4570 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se" @CVEnew on X 2025-07-21 08:24:49 UTC 55K followers, XXX engagements
"CVE-2025-7593 A vulnerability was found in code-projects Job Diary XXX and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The" @CVEnew on X 2025-07-14 10:18:36 UTC 55K followers, XXX engagements
"CVE-2025-43977 The application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction b" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-4129 Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.0" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7486 The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to and including XXXXXX due to insufficient" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-53537 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below there is a traffic-induced memory leak that can" @CVEnew on X 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-54365 fastapi-guard is a security library for FastAPI that provides middleware to control IPs log requests detect penetration attempts and more. In version 3.0.1 the reg" @CVEnew on X 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-52080 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 16:21:01 UTC 55K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at" @CVEnew on X 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-53084 A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo XXXX and dev master commit 8a8954ff. A specially craft" @CVEnew on X 2025-07-24 15:38:21 UTC 55.1K followers, XXX engagements
"CVE-2025-6831 The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to and including 4" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-4393 Medtronic MyCareLink Patient Monitor has an internal service that deserializes data which allows a local attacker to interact with the service by crafting a binary pay" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-44655 In TOTOLink A7100RU V7.4 A950RG V5.9 and T10 V5.9 the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system file" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7920 WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability allowing unauthenticated remote attackers to execute arbitrar" @CVEnew on X 2025-07-21 07:49:23 UTC 55K followers, XXX engagements
"CVE-2025-7928 A vulnerability was found in code-projects Church Donation System XXX and classified as critical. This issue affects some unknown processing of the file /members/edit_u" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-4394 Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage which allows an attacker with physical access to read and modify files. This" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-8037 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the S" @CVEnew on X 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-51471 Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via" @CVEnew on X 2025-07-22 18:54:34 UTC 55K followers, XXX engagements
"CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX. It has been classified as critical. Affected is the function addGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-7919 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2016-15045 A local privilege escalation vulnerability exists in lastore-daemon the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-41678 A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7888 A vulnerability was found in TDuckCloud tduck-platform XXX and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/" @CVEnew on X 2025-07-20 13:09:07 UTC 55K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7511 A vulnerability was found in code-projects Chat System XXX and classified as critical. This issue affects some unknown processing of the file /user/update_account.php" @CVEnew on X 2025-07-13 03:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-7369 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 7.4.2. This is due" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-4040 Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic St" @CVEnew on X 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-49087 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4 a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mod" @CVEnew on X 2025-07-20 18:50:37 UTC 55.1K followers, XXX engagements
"CVE-2025-53028 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 55K followers, XXX engagements
"CVE-2025-7895 A vulnerability which was classified as critical was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/contro" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-54319 An issue was discovered in Westermo WeOS X (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging" @CVEnew on X 2025-07-20 20:54:14 UTC 55K followers, XXX engagements
"CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-30739 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12" @CVEnew on X 2025-07-15 19:44:35 UTC 55K followers, XXX engagements
"CVE-2025-7588 A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This affects an unknown part of the file edit-product.php. Th" @CVEnew on X 2025-07-14 08:55:09 UTC 55K followers, XXX engagements
"CVE-2025-7852 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_" @CVEnew on X 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-46123 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where the authent" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also v" @CVEnew on X 2025-07-16 19:15:30 UTC 55K followers, XXX engagements
"CVE-2025-44658 In Netgear RAX30 V1.0.10.94 a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker m" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d" @CVEnew on X 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2010-10012 A path traversal vulnerability exists in httpdasm version XXXX a lightweight Windows HTTP server that allows unauthenticated attackers to read arbitrary files on th" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46383 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-50151 File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users ar" @CVEnew on X 2025-07-21 09:51:07 UTC 55K followers, XXX engagements
"CVE-2025-54018 Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af" @CVEnew on X 2025-07-16 10:48:51 UTC 55K followers, XXX engagements
"CVE-2025-7818 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of" @CVEnew on X 2025-07-19 13:07:50 UTC 55.1K followers, XXX engagements
"CVE-2025-7427 Uncontrolled Search Path Element in Arm Development Studio before 2025may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to lo" @CVEnew on X 2025-07-22 10:18:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7913 A vulnerability which was classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service" @CVEnew on X 2025-07-20 23:52:52 UTC 55K followers, XXX engagements
"CVE-2025-51864 A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat through 2025-05-27 allowing attackers to hijack accounts through sto" @CVEnew on X 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-7906 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/jav" @CVEnew on X 2025-07-20 19:50:37 UTC 55K followers, XXX engagements
"CVE-2025-51472 Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values" @CVEnew on X 2025-07-22 20:45:15 UTC 55K followers, XXX engagements
"CVE-2025-7893 A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xm" @CVEnew on X 2025-07-20 13:55:57 UTC 55K followers, XXX engagements
"CVE-2025-24937 File contents could be read from the local file system by an attacker. Additionally malicious code could be inserted in the file leading to a full compromise of the" @CVEnew on X 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-43976 The application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-8070 The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by" @CVEnew on X 2025-07-23 07:45:26 UTC 55.1K followers, XXX engagements
"CVE-2025-7936 A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is" @CVEnew on X 2025-07-21 19:50:43 UTC 55K followers, XXX engagements
"CVE-2025-54377 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below RooCode does not validate line breaks (n) in its comma" @CVEnew on X 2025-07-23 20:45:46 UTC 55.1K followers, XXX engagements
"CVE-2025-7627 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the fu" @CVEnew on X 2025-07-14 18:23:44 UTC 55K followers, XXX engagements
"CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-46171 vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.phpdo=buddylist endpoint. If an authenticated user has a sufficiently large buddy list p" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-43720 Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role revealing the" @CVEnew on X 2025-07-21 17:17:42 UTC 55K followers, XXX engagements
"CVE-2022-4978 Remote Control Server maintained bySteppschuh 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled which is the default configurati" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7604 A vulnerability was found in PHPGurukul Hospital Management System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of" @CVEnew on X 2025-07-14 13:13:42 UTC 55K followers, XXX engagements
"CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-8022 All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the $ shell API due to i" @CVEnew on X 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54296 A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered" @CVEnew on X 2025-07-23 11:33:12 UTC 55.1K followers, XXX engagements
"CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secu" @CVEnew on X 2025-07-15 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-7909 A vulnerability was found in D-Link DIR-513 XXX. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSet" @CVEnew on X 2025-07-20 21:51:51 UTC 55.1K followers, XXX engagements
"CVE-2024-40682 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local user to cause a denial of service due to improper" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7863 A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/c" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2020-26799 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-51865 Ai2 playground web service LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR) allowing attackers to gain s" @CVEnew on X 2025-07-22 15:18:01 UTC 55.1K followers, XXX engagements
"CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 a" @CVEnew on X 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-2634 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful" @CVEnew on X 2025-07-23 15:59:49 UTC 55.1K followers, XXX engagements
"CVE-2025-41679 An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-41674 A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-46118 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where hard-coded c" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-4049 Use of hard-coded the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.T" @CVEnew on X 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7901 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index" @CVEnew on X 2025-07-20 15:35:12 UTC 55K followers, XXX engagements
"CVE-2025-7512 A vulnerability was found in code-projects Modern Bag XXX. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipu" @CVEnew on X 2025-07-13 03:19:15 UTC 55.1K followers, XXX engagements
"CVE-2025-54316 An issue was discovered in Logpoint before 7.6.0. When creating reports attackers can create custom Jinja templates that chained built-in filter functions to generat" @CVEnew on X 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-54013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects W" @CVEnew on X 2025-07-16 10:48:52 UTC 55K followers, XXX engagements
"CVE-2025-7600 A vulnerability which was classified as critical was found in PHPGurukul Online Library Management System XXX. This affects an unknown part of the file /admin/student" @CVEnew on X 2025-07-14 11:53:09 UTC 55K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-52687 Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the paylo" @CVEnew on X 2025-07-16 07:44:42 UTC 55.1K followers, XXX engagements
"CVE-2025-41673 A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements us" @CVEnew on X 2025-07-21 09:51:10 UTC 55K followers, XXX engagements
"CVE-2025-8031 The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects F" @CVEnew on X 2025-07-22 21:35:27 UTC 55K followers, XXX engagements
"CVE-2025-20300 In Splunk Enterprise versions below 9.4.2 9.3.5 9.2.6 and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103 9.3.2408.112 and 9.2.2406.119 a low-privil" @CVEnew on X 2025-07-07 17:53:00 UTC 55K followers, XXX engagements
"CVE-2025-53643 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14 the Python parser is vulnerable to a request smuggling vulne" @CVEnew on X 2025-07-14 20:45:00 UTC 55K followers, XXX engagements
"CVE-2025-30752 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java S" @CVEnew on X 2025-07-15 19:44:32 UTC 55.1K followers, XXX engagements
"CVE-2025-47281 Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below a Denial of Service (DoS) vulnerability exists due to i" @CVEnew on X 2025-07-23 20:45:47 UTC 55.1K followers, XXX engagements
"CVE-2025-41458 Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the apps filesyste" @CVEnew on X 2025-07-21 11:32:58 UTC 55K followers, XXX engagements
"CVE-2025-51868 Insecure Direct Object Reference (IDOR) vulnerability in Dippy v2 allows attackers to gain sensitive information via the conversation_id parameter to" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-6187 The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7625 A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function" @CVEnew on X 2025-07-14 16:51:42 UTC 55K followers, XXX engagements
"CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7601 A vulnerability has been found in PHPGurukul Online Library Management System XXX and classified as problematic. This vulnerability affects unknown code of the file /ad" @CVEnew on X 2025-07-14 12:32:04 UTC 55K followers, XXX engagements
"CVE-2025-54138 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS ve" @CVEnew on X 2025-07-22 21:52:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7918 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-6213 The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.1.1 via the 'nppp_preload_cache_on_upd" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7914 A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component" @CVEnew on X 2025-07-21 03:21:44 UTC 55K followers, XXX engagements
"CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7915 A vulnerability was found in Chanjet CRM XXX and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the" @CVEnew on X 2025-07-21 03:21:43 UTC 55K followers, XXX engagements
"CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2017-20198 The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations attac" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-46686 Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks sent by an authenticated user. This occurs because the server allocates" @CVEnew on X 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-7935 A vulnerability which was classified as critical was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLo" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7745 : Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2" @CVEnew on X 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-7880 A vulnerability was found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/co" @CVEnew on X 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7394 In the OpenSSL compatibility layer implementation the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned fr" @CVEnew on X 2025-07-18 22:55:44 UTC 55K followers, XXX engagements
"CVE-2025-7929 A vulnerability was found in code-projects Church Donation System XXX. It has been classified as critical. Affected is an unknown function of the file /members/edit_Mem" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede" @CVEnew on X 2025-07-21 18:54:50 UTC 55K followers, XXX engagements
"CVE-2025-47917 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509" @CVEnew on X 2025-07-20 19:13:18 UTC 55K followers, XXX engagements
"CVE-2025-50127 A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-46267 Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited the product's hidden debug function may be enabled by a remote attacker who can log in" @CVEnew on X 2025-07-22 09:47:56 UTC 55.1K followers, XXX engagements
"CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7437 The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions u" @CVEnew on X 2025-07-24 04:53:19 UTC 55.1K followers, XXX engagements
"CVE-2025-51869 Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id thread_id and mes" @CVEnew on X 2025-07-21 19:32:41 UTC 55K followers, XXX engagements
"CVE-2025-46117 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where a hidden de" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-5681 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23" @CVEnew on X 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: f" @CVEnew on X 2025-07-16 13:55:44 UTC 55.1K followers, XXX engagements
"CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-40597 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52362 Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl" @CVEnew on X 2025-07-21 19:15:56 UTC 55K followers, XXX engagements
"CVE-2025-30748 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60" @CVEnew on X 2025-07-15 19:44:33 UTC 55K followers, XXX engagements
"CVE-2025-7834 A vulnerability which was classified as problematic was found in PHPGurukul Complaint Management System XXX. Affected is an unknown function. The manipulation leads t" @CVEnew on X 2025-07-19 16:49:19 UTC 55K followers, XXX engagements
"CVE-2025-54020 Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form X allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7:" @CVEnew on X 2025-07-16 10:48:51 UTC 55.1K followers, XXX engagements
"CVE-2025-41240 Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2015-10140 The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions allowing any authenticated users such as subscriber to upload and" @CVEnew on X 2025-07-22 13:56:12 UTC 55.1K followers, XXX engagements
"CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-54121 Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit designed for building async web services in Python. In versions 0.47.1 and" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-4976 An issue has been discovered in GitLab EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under certain circumstances" @CVEnew on X 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-53528 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below the version parameter of the "/docs" endpo" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-5284 The Master Addons Elementor Addons with White Label Free Widgets Hover Effects Conditions & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scr" @CVEnew on X 2025-07-16 10:48:57 UTC 55K followers, XXX engagements
"CVE-2025-54443 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7904 A vulnerability which was classified as critical was found in itsourcecode Insurance Management System XXX. This affects an unknown part of the file /insertNominee.ph" @CVEnew on X 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7371 Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to th" @CVEnew on X 2025-07-22 15:58:10 UTC 55K followers, XXX engagements
"CVE-2025-34110 A directory traversal vulnerability exists in ColoradoFTP Server XXX Build X for Windows allowing unauthenticated attackers to read or write arbitrary files outsid" @CVEnew on X 2025-07-15 13:51:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7932 A vulnerability classified as critical has been found in D-Link DIR817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation l" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-38352 In the Linux kernel the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exi" @CVEnew on X 2025-07-22 08:52:59 UTC 55.1K followers, XXX engagements
"CVE-2025-44651 In TRENDnet TPL-430AP FW1.0 the USERLIMIT_GLOBAL option is set to X in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are conn" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-6235 In ExtremeControl before 25.5.12 a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from impro" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive inf" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-41676 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7876 A vulnerability classified as critical was found in Metasoft MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. Th" @CVEnew on X 2025-07-20 07:51:33 UTC 55K followers, XXX engagements
"CVE-2025-50481 A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via i" @CVEnew on X 2025-07-23 16:28:38 UTC 55.1K followers, XXX engagements
"CVE-2025-41675 A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of sp" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-44109 A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages" @CVEnew on X 2025-07-23 19:32:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7885 A vulnerability which was classified as problematic has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the comp" @CVEnew on X 2025-07-20 11:29:50 UTC 55K followers, XXX engagements
"CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-54317 An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template whi" @CVEnew on X 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-51659 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php" @CVEnew on X 2025-07-14 17:16:53 UTC 55K followers, XXX engagements
"CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-2301 Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects" @CVEnew on X 2025-07-21 11:53:15 UTC 55K followers, XXX engagements
"CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-7645 The Extensions For CF7 (Contact form X Database Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient f" @CVEnew on X 2025-07-22 06:55:35 UTC 55.1K followers, XXX engagements
"CVE-2025-51463 Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitt" @CVEnew on X 2025-07-22 15:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-30959 Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. Thi" @CVEnew on X 2025-07-16 13:55:42 UTC 55K followers, XXX engagements
"CVE-2025-7900 The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1" @CVEnew on X 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below the NodeJS version of HAX CMS uses an ins" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-52081 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 15:54:35 UTC 55K followers, XXX engagements
"CVE-2025-51398 A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTM" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-51401 A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML vi" @CVEnew on X 2025-07-21 19:15:55 UTC 55.1K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-30762 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:31 UTC 55K followers, XXX engagements
"CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-8009 The Security Ninja WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including XXXXX via the" @CVEnew on X 2025-07-24 07:44:44 UTC 55.1K followers, XXX engagements
"CVE-2025-51400 A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below the HAX CMS NodeJS application crashes when an aut" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7343 The SFT developed by Digiwin has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read modify and delete d" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-7840 A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System XXX. It has been classified as problematic. This affects an unknown part of the file" @CVEnew on X 2025-07-19 18:50:08 UTC 55K followers, XXX engagements
"CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7875 A vulnerability classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads" @CVEnew on X 2025-07-20 07:32:41 UTC 55K followers, XXX engagements
"CVE-2025-7524 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstec" @CVEnew on X 2025-07-13 09:42:45 UTC 55.1K followers, XXX engagements
"CVE-2025-7862 A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-8058 The regcomp function in the GNU C library version from XXX to XXXX is subject to a double free if some previous allocation fails. It can be accomplished either by a m" @CVEnew on X 2025-07-23 20:18:30 UTC 55.1K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7724 An unauthenticated OS command injection vulnerability existsin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build" @CVEnew on X 2025-07-22 21:35:28 UTC 55K followers, XXX engagements
"CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-7897 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/con" @CVEnew on X 2025-07-20 15:15:39 UTC 55K followers, XXX engagements
"CVE-2025-41684 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-48291 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allo" @CVEnew on X 2025-07-16 13:55:46 UTC 55K followers, XXX engagements
"CVE-2025-7878 A vulnerability which was classified as critical was found in Metasoft MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp" @CVEnew on X 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-4700 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that under specific circumstan" @CVEnew on X 2025-07-23 17:57:05 UTC 55.1K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke" @CVEnew on X 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat" @CVEnew on X 2025-07-14 23:16:21 UTC 55K followers, XXX engagements
"CVE-2024-12310 A vulnerability in Imprivata Enterprise Access Management(formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows un" @CVEnew on X 2025-07-23 12:32:37 UTC 55.1K followers, XXX engagements
"CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7948 A vulnerability classified as problematic was found in jshERP up to XXX. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/update" @CVEnew on X 2025-07-22 03:09:39 UTC 55K followers, XXX engagements
"CVE-2025-54090 A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65 which fixe" @CVEnew on X 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-4439 An issue has been discovered in GitLab CE/EE affecting all versions from XXXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed an auth" @CVEnew on X 2025-07-23 18:53:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7931 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7934 A vulnerability which was classified as critical has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the fu" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7354 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-54313 eslint-config-prettier 8.10.1 9.1.1 10.1.6 and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install" @CVEnew on X 2025-07-19 16:49:19 UTC 55.1K followers, XXX engagements
"CVE-2025-41677 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2015-10141 An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier a PHP debugging extension developed by Derick Rethans. When rem" @CVEnew on X 2025-07-23 14:18:41 UTC 55.1K followers, XXX engagements
"CVE-2025-6018 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-36117 IBM Db2 Mirror for i XXX XXX and XXX does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system" @CVEnew on X 2025-07-23 14:49:09 UTC 55.1K followers, XXX engagements
"CVE-2025-7583 A vulnerability has been found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/all" @CVEnew on X 2025-07-14 07:20:51 UTC 55K followers, XXX engagements
"CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in change_label" @CVEnew on X 2025-07-15 20:45:14 UTC 55.1K followers, XXX engagements
"CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-52575 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authent" @CVEnew on X 2025-07-21 18:23:52 UTC 55K followers, XXX engagements
"CVE-2025-50063 Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerabilit" @CVEnew on X 2025-07-15 19:44:30 UTC 55K followers, XXX engagements
"CVE-2025-53771 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a" @CVEnew on X 2025-07-20 22:37:33 UTC 55K followers, XXX engagements
"CVE-2016-15044 A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices mo" @CVEnew on X 2025-07-23 22:40:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7947 A vulnerability classified as critical has been found in jshERP up to XXX. Affected is an unknown function of the file /user/delete of the component Account Handler. Th" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-44647 In TRENDnet TEW-WLC100P 2.03b03 the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file so that IKE Respon" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component" @CVEnew on X 2025-07-11 15:53:41 UTC 55K followers, XXX engagements
"CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7927 A vulnerability has been found in PHPGurukul Online Banquet Booking System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/vi" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7941 A vulnerability which was classified as problematic was found in PHPGurukul Time Table Generator System XXX. Affected is an unknown function of the file /admin/profil" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7916 WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary code on the ser" @CVEnew on X 2025-07-21 06:28:14 UTC 55K followers, XXX engagements
"CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:27 UTC 55K followers, XXX engagements
"CVE-2025-7715 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This iss" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7912 A vulnerability which was classified as critical has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the compon" @CVEnew on X 2025-07-20 23:16:58 UTC 55K followers, XXX engagements
"CVE-2025-7917 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability allowing remote attackers with administrator privileges to upload and" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-36845 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-54314 Thor before 1.4.0 can construct an unsafe shell command from library input" @CVEnew on X 2025-07-20 03:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7692 The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.0.5. This is due to the olws_handle_verify_" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System XXX. This vulnerability affects unknown code of the file /pages/settings_update" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below the application returns a" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7930 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7393 Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2024-41751 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 could allow a local authenticated attacker to bypass client-side enf" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7344 The EAI developed by Digiwin has a Privilege Escalation vulnerability allowing remote attackers with regular privileges to elevate their privileges to administrator le" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis 1.3.7.0 1.3.7.1 1.3.7.2 1.3.8.0 1.3.8.1 and 1.3.8.2 is vulnerable to HTTP header injection caused by improper validation" @CVEnew on X 2025-07-23 11:33:13 UTC 55.1K followers, XXX engagements
"CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141" @CVEnew on X 2025-07-22 21:35:26 UTC 55K followers, XXX engagements
"CVE-2025-54310 qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp" @CVEnew on X 2025-07-18 19:41:53 UTC 55K followers, XXX engagements
"CVE-2025-7908 A vulnerability was found in D-Link DI-8100 XXX. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.aspopt=add" @CVEnew on X 2025-07-20 21:15:02 UTC 55K followers, XXX engagements
"CVE-2025-47187 A vulnerability in the Mitel 6800 Series 6900 Series and 6900w Series SIP Phones including the 6970 Conference Unit through XXX SP4 could allow an unauthenticated" @CVEnew on X 2025-07-23 18:53:59 UTC 55.1K followers, XXX engagements
"CVE-2024-13973 A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR1 (21.0.1) can potentially lead to administrators achieving arbitrar" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch" @CVEnew on X 2025-07-08 05:18:03 UTC 55K followers, XXX engagements
"CVE-2025-54438 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:27 UTC 55.1K followers, XXX engagements
"CVE-2025-8107 In OceanBase's Oracle tenant mode a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted command" @CVEnew on X 2025-07-24 07:20:40 UTC 55.1K followers, XXX engagements
"CVE-2025-53832 Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which e" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to" @CVEnew on X 2025-07-11 15:53:37 UTC 55.1K followers, XXX engagements
"CVE-2025-46116 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where an authenti" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7717 Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0 from 2.0.0 before 2.0.1" @CVEnew on X 2025-07-21 16:53:01 UTC 55K followers, XXX engagements
"CVE-2025-8029 Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability affects Firefox XXX Firefox ESR XXXXXX Firefox ESR XXXXX Thu" @CVEnew on X 2025-07-22 21:35:27 UTC 55.1K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG" @CVEnew on X 2025-07-11 15:53:38 UTC 55.1K followers, XXX engagements
"CVE-2025-44650 In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2 the USERLIMIT_GLOBAL option is set to X in the bftpd.conf configuration file. This can cause DoS attacks" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage" @CVEnew on X 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2025-46382 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by" @CVEnew on X 2025-07-11 15:53:34 UTC 55.1K followers, XXX engagements
"CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-53826 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.39.0" @CVEnew on X 2025-07-15 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-40599 An authenticated arbitrary file upload vulnerability exists in the SMA XXX series web management interface. A remote attacker with administrative privileges can explo" @CVEnew on X 2025-07-23 13:27:32 UTC 55.1K followers, XXX engagements
"CVE-2025-1299 An issue has been discovered in GitLab CE/EE affecting all versions starting from XXXX before 18.0.5 all versions starting from XXXX before 18.1.3 all versions starti" @CVEnew on X 2025-07-24 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body" @CVEnew on X 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-32019 Harbor is an open source trusted cloud native registry project that stores signs and scans content. Versions 2.11.2 and below as well as versions 2.12.0-rc1 and 2" @CVEnew on X 2025-07-23 20:57:25 UTC 55.1K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f" @CVEnew on X 2025-07-11 13:46:18 UTC 55K followers, XXX engagements
"CVE-2025-32744 Dell AppSync version(s) 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could poten" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-50069 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerabili" @CVEnew on X 2025-07-15 19:44:28 UTC 55K followers, XXX engagements
"CVE-2025-46122 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the authenticated diagnostics API endpoint /admin/_cmdstat.j" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-8038 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Th" @CVEnew on X 2025-07-22 21:35:26 UTC 55K followers, XXX engagements
"CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7853 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipu" @CVEnew on X 2025-07-19 19:50:35 UTC 55K followers, XXX engagements
"CVE-2025-48301 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid YaySMTP allows SQL Injection. Th" @CVEnew on X 2025-07-16 10:48:46 UTC 55K followers, XXX engagements
"CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-53839 DRACOON is a file sharing service and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Br" @CVEnew on X 2025-07-14 23:33:53 UTC 55K followers, XXX engagements
"CVE-2025-41237 VMware ESXiWorkstation and Fusioncontain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.A malicious" @CVEnew on X 2025-07-15 18:54:28 UTC 55K followers, XXX engagements
"CVE-2025-52372 An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-4685 The Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of mu" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-50130 A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO. LTD. Opening V9 files or X1 files specia" @CVEnew on X 2025-07-08 14:39:29 UTC 55K followers, XXX engagements
"CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t" @CVEnew on X 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-51464 Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to t" @CVEnew on X 2025-07-22 17:46:32 UTC 55.1K followers, XXX engagements
"CVE-2025-53882 A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allowspotential escalation from mai" @CVEnew on X 2025-07-23 09:52:23 UTC 55.1K followers, XXX engagements
"CVE-2025-46121 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the functions stamgr_cfg_adpt_addStaFavourite and stamgr_c" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-53820 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 20:55:16 UTC 55.1K followers, XXX engagements
"CVE-2025-41459 Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attacke" @CVEnew on X 2025-07-21 11:32:58 UTC 55.1K followers, XXX engagements
"CVE-2025-7940 A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functional" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7924 A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. Affected by this vulnerability is an unknown functionality of the f" @CVEnew on X 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR2 (21.0.2)can lead to adjacent attackers achieving pre-auth code execution" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-41681 A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-51462 Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafte" @CVEnew on X 2025-07-22 20:45:15 UTC 55K followers, XXX engagements
"CVE-2024-6107 Due to insufficient verification an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in" @CVEnew on X 2025-07-21 09:25:18 UTC 55K followers, XXX engagements
"CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2018-25114 A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7687 The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or i" @CVEnew on X 2025-07-22 09:47:58 UTC 55.1K followers, XXX engagements
"CVE-2025-44649 In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03 the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase X exposes i" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2024-13974 A business logic vulnerability in the Up2Date component of Sophos Firewall older than version XXXX MR1 (20.0.1) can lead to attackers controlling the firewalls DNS e" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7903 A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Imag" @CVEnew on X 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-2633 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvreUDecStrToNum that may result in information disclosure or arbitrary code executio" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2015-10138 The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server" @CVEnew on X 2025-07-19 11:40:50 UTC 55.1K followers, XXX engagements
"CVE-2025-6262 The video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to and including 0" @CVEnew on X 2025-07-24 09:47:41 UTC 55.1K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu" @CVEnew on X 2025-07-11 13:46:25 UTC 55K followers, XXX engagements
"CVE-2025-7294 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-53472 WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploite" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-7907 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/re" @CVEnew on X 2025-07-20 20:43:37 UTC 55K followers, XXX engagements
"CVE-2025-7723 A command injection vulnerability exists that can be exploited after authenticationin VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P" @CVEnew on X 2025-07-22 21:35:28 UTC 55K followers, XXX engagements
"CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7945 A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /go" @CVEnew on X 2025-07-21 23:52:56 UTC 55.1K followers, XXX engagements
"CVE-2025-27930 Zohocorp ManageEngine Applications Manager versions176600 and prior are vulnerable to stored cross-site scripting in theFile/Directory monitor" @CVEnew on X 2025-07-23 10:49:44 UTC 55.1K followers, XXX engagements
"CVE-2025-36603 Dell AppSync version(s) 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could p" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:21 UTC 55K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal" @CVEnew on X 2025-07-15 18:54:28 UTC 55K followers, 1204 engagements
"CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55.1K followers, XXX engagements
"CVE-2025-7953 A vulnerability which was classified as problematic has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publi" @CVEnew on X 2025-07-22 04:52:47 UTC 55.1K followers, XXX engagements
"CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-46993 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 16:19:19 UTC 55.1K followers, XXX engagements
"CVE-2025-7949 A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-1469 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11" @CVEnew on X 2025-07-21 08:55:36 UTC 55K followers, XXX engagements
"CVE-2025-7910 A vulnerability classified as critical has been found in D-Link DIR-513 XXXX. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component" @CVEnew on X 2025-07-20 22:37:34 UTC 55K followers, XXX engagements
"CVE-2025-26397 SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can" @CVEnew on X 2025-07-24 08:23:00 UTC 55.1K followers, XXX engagements
"CVE-2025-47061 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attack" @CVEnew on X 2025-07-24 15:54:51 UTC 55.1K followers, XXX engagements
"CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-46384 CWE-434 Unrestricted Upload of File with Dangerous Type" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-7685 The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or incorrect" @CVEnew on X 2025-07-22 09:47:57 UTC 55.1K followers, XXX engagements
"CVE-2025-8015 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields" @CVEnew on X 2025-07-22 15:17:59 UTC 55.1K followers, XXX engagements
"CVE-2025-50081 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-20323 In Splunk Enterprise versions below 9.4.3 9.3.5 9.2.7 and 9.1.10 a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the s" @CVEnew on X 2025-07-07 17:52:58 UTC 55K followers, XXX engagements
"CVE-2025-46099 In Pluck CMS 4.7.20-dev an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logi" @CVEnew on X 2025-07-23 14:18:42 UTC 55.1K followers, XXX engagements
"CVE-2025-7898 A vulnerability was found in Codecanyon iDentSoft XXX. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of th" @CVEnew on X 2025-07-20 15:35:13 UTC 55K followers, XXX engagements
"CVE-2025-51655 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php" @CVEnew on X 2025-07-14 17:16:52 UTC 55K followers, XXX engagements
"CVE-2025-41683 An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main" @CVEnew on X 2025-07-23 08:53:12 UTC 55.1K followers, XXX engagements
"CVE-2025-54033 Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elemen" @CVEnew on X 2025-07-16 10:48:49 UTC 55.1K followers, XXX engagements
"CVE-2025-50076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnera" @CVEnew on X 2025-07-15 19:44:27 UTC 55.1K followers, XXX engagements
"CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX and classified as critical. This issue affects the function updateGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-53639 MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or s" @CVEnew on X 2025-07-14 20:45:00 UTC 55.1K followers, XXX engagements
"CVE-2025-4569 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se" @CVEnew on X 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-24938 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administra" @CVEnew on X 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users ar" @CVEnew on X 2025-07-21 09:51:09 UTC 55.1K followers, 1740 engagements
"CVE-2025-7001 An issue has been discovered in GitLab CE/EE affecting all versions from XXXX before 18.0.5 XXXX before 18.1.3 and XXXX before 18.2.1 that could have allowed priviled" @CVEnew on X 2025-07-24 06:56:16 UTC 55.1K followers, XXX engagements
"CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the componen" @CVEnew on X 2025-07-20 09:51:51 UTC 55K followers, XXX engagements
"CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker" @CVEnew on X 2025-07-11 13:46:29 UTC 55.1K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec" @CVEnew on X 2025-07-11 13:46:18 UTC 55.1K followers, XXX engagements
"CVE-2025-7879 A vulnerability has been found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file m" @CVEnew on X 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-50106 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are" @CVEnew on X 2025-07-15 19:44:20 UTC 55.1K followers, XXX engagements
"CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file" @CVEnew on X 2025-07-21 23:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48965 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than ze" @CVEnew on X 2025-07-20 18:21:12 UTC 55K followers, XXX engagements
"CVE-2025-54071 RomM (ROM Manager) allows users to scan enrich browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below an" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-54451 Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO X Server allows Code Injection.This issue affects MagicINFO 9" @CVEnew on X 2025-07-23 06:24:30 UTC 55.1K followers, XXX engagements
"CVE-2024-55040 Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET re" @CVEnew on X 2025-07-21 15:46:10 UTC 55K followers, XXX engagements
"CVE-2015-10137 The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' func" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4" @CVEnew on X 2025-07-15 19:44:25 UTC 55K followers, XXX engagements
"CVE-2015-10136 The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before XXX via the 'fileid' parameter. This allows unauthenticated attacker" @CVEnew on X 2025-07-19 09:51:16 UTC 55K followers, XXX engagements
"CVE-2025-24936 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network st" @CVEnew on X 2025-07-21 06:56:15 UTC 55.1K followers, XXX engagements
"CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-0664 A locally authenticated privileged user can craft a malicious OpenSSL configuration file potentially leading the agent to load an arbitrary local library. This may im" @CVEnew on X 2025-07-21 07:49:22 UTC 55.1K followers, XXX engagements
"CVE-2025-7614 A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component H" @CVEnew on X 2025-07-14 15:20:42 UTC 55K followers, XXX engagements
"CVE-2025-7886 A vulnerability which was classified as critical was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the fu" @CVEnew on X 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:23 UTC 55.1K followers, XXX engagements
"CVE-2025-44657 In Linksys EA6350 V2.1.2 the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to sy" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-8069 During the AWS Client VPN client installation on Windows devices the install process references the C:usrlocalwindows-x86_64-openssl-localbuildssl directory locati" @CVEnew on X 2025-07-23 15:59:50 UTC 55.1K followers, XXX engagements
"CVE-2025-44652 In Netgear RAX30 V1.0.10.94_3 the USERLIMIT_GLOBAL option is set to X in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7899 The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download ofarbitraryfiles from the webserver. This issue affects powermail vers" @CVEnew on X 2025-07-22 10:49:25 UTC 55.1K followers, XXX engagements
"CVE-2025-7887 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file The" @CVEnew on X 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-4968 The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element Hover" @CVEnew on X 2025-07-24 04:09:38 UTC 55.1K followers, XXX engagements
"CVE-2025-5240 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the type parameter in all versions up to and including 2" @CVEnew on X 2025-07-22 03:09:38 UTC 55K followers, XXX engagements
"CVE-2025-7301 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process" @CVEnew on X 2025-07-10 15:45:55 UTC 55K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l" @CVEnew on X 2025-07-11 15:53:36 UTC 55.1K followers, XXX engagements
"CVE-2025-7921 Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability allowing unauthenticated remote attackers to control the program's execution fl" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 55K followers, XXX engagements
"CVE-2025-30477 Dell PowerScale OneFS versions prior to 9.11.0.0 contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote a" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-54446 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO X Server allows Upload a Web Shell to a" @CVEnew on X 2025-07-23 06:24:29 UTC 55.1K followers, XXX engagements
"CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-44653 In H3C GR2200 MiniGR1A0V100R016 the USERLIMIT_GLOBAL option is set to X in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7819 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been classified as problematic. This affects an unknown part of the file /creat" @CVEnew on X 2025-07-19 13:07:49 UTC 55K followers, XXX engagements
"CVE-2025-53824 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 22:55:21 UTC 55K followers, XXX engagements
"CVE-2025-46119 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304 where an authenticated request to the management endpoint /admin/_cmdstat.jsp disclo" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-52373 Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailSer" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7905 A vulnerability has been found in itsourcecode Insurance Management System XXX and classified as critical. This vulnerability affects unknown code of the file /insertPa" @CVEnew on X 2025-07-20 19:28:05 UTC 55K followers, XXX engagements
"CVE-2025-44654 In Linksys E2500 3.0.04.002 the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files privile" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-36846 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vuln" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-7902 A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/syste" @CVEnew on X 2025-07-20 16:48:02 UTC 55K followers, XXX engagements
"CVE-2025-7896 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/dele" @CVEnew on X 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-5042 A maliciously crafted RFA file when parsed through Autodesk Revit can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to" @CVEnew on X 2025-07-22 16:52:59 UTC 55.1K followers, XXX engagements
"CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-33076 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-33020 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensi" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-51482 Remote Code Execution in in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code" @CVEnew on X 2025-07-22 17:18:09 UTC 55.1K followers, XXX engagements
"CVE-2025-54082 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0 a vulnerability was discovered in the marshmallow-packages/no" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46120 An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector where a path-traversal flaw in the web interface lets the se" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:22 UTC 55K followers, XXX engagements
"CVE-2025-40596 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote unauthenticated attacker to cause Denial of Service (DoS) or potentially" @CVEnew on X 2025-07-23 15:18:36 UTC 55.1K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f" @CVEnew on X 2025-07-11 13:46:28 UTC 55.1K followers, XXX engagements
"CVE-2025-4395 Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password which allows an attacker with physical access to log in with no password and ac" @CVEnew on X 2025-07-24 04:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-7946 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been rated as problematic. This issue affects some unknown processing of the fi" @CVEnew on X 2025-07-22 03:09:39 UTC 55.1K followers, XXX engagements
"CVE-2025-30753 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:32 UTC 55K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo" @CVEnew on X 2025-07-11 15:53:35 UTC 55.1K followers, XXX engagements
"CVE-2025-7894 A vulnerability which was classified as critical has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/age" @CVEnew on X 2025-07-20 14:14:55 UTC 55K followers, XXX engagements
"CVE-2025-8021 All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the int" @CVEnew on X 2025-07-23 05:52:12 UTC 55.1K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-40598 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface allowing a remote unauthenticated attacker to potentially execute arbi" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-33077 IBM Engineering Systems Design Rhapsody 9.0.2 XXXX and 10.0.1 is vulnerable to a stack-based buffer overflow caused by improper bounds checking. A local user could" @CVEnew on X 2025-07-23 15:18:35 UTC 55.1K followers, XXX engagements
"CVE-2025-52378 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is exec" @CVEnew on X 2025-07-15 14:41:02 UTC 55K followers, XXX engagements
"CVE-2025-51403 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web s" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements