[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.] [@CVEnew](/creator/twitter/CVEnew) "CVE-2025-6232 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932461499924985) 2025-07-17 19:43:47 UTC 55K followers, XXX engagements "CVE-2025-6717 The plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to and including 2.2.56 due to insufficient escaping on the us"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085260120465836) 2025-07-18 05:50:57 UTC 55K followers, XXX engagements "CVE-2025-46385 CWE-918 Server-Side Request Forgery (SSRF)"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952152402055622) 2025-07-20 15:15:40 UTC 55K followers, XXX engagements "CVE-2025-7716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS)"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339042225324182) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements "CVE-2025-7867 A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946789189883703509) 2025-07-20 04:28:07 UTC 55K followers, XXX engagements "CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390790264934646) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements "CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700219394179580) 2025-07-11 15:53:39 UTC 55K followers, XXX engagements "CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409998549532951) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements "CVE-2025-47995 Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265117634535703) 2025-07-18 17:45:38 UTC 55K followers, XXX engagements "CVE-2025-7962 In Jakarta Mail XXX it is possible to preform a SMTP Injection by utilizing ther and n UTF-8 characters to separate different messages"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352504712200559) 2025-07-21 17:46:31 UTC 55K followers, XXX engagements "CVE-2025-52374 Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.conf"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331046883610754) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements "CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700216718196774) 2025-07-11 15:53:38 UTC 55K followers, XXX engagements "CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390789396664540) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements "CVE-2025-51396 A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374998244466839) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements "CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700217569706026) 2025-07-11 15:53:38 UTC 55K followers, XXX engagements "CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390830416887808) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390812469530867) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements "CVE-2025-7869 A vulnerability which was classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intr"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946804651224920567) 2025-07-20 05:29:33 UTC 55K followers, XXX engagements "CVE-2025-7222 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390843125641703) 2025-07-21 20:18:52 UTC 55K followers, XXX engagements "CVE-2025-6726 The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085262825787598) 2025-07-18 05:50:57 UTC 55K followers, XXX engagements "CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390783814045934) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements "CVE-2025-50583 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946310122025914707) 2025-07-18 20:44:28 UTC 55K followers, XXX engagements "CVE-2025-1700 A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932466445025544) 2025-07-17 19:43:48 UTC 55K followers, XXX engagements "CVE-2025-53901 Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4 33.0.2 and 34.0.2 a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265114094469482) 2025-07-18 17:45:37 UTC 55K followers, XXX engagements "CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390838662959216) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements "CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390795537166697) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements "CVE-2025-7757 A vulnerability classified as critical was found in PHPGurukul Land Record System XXX. Affected by this vulnerability is an unknown functionality of the file /edit-prop"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945960301280514273) 2025-07-17 21:34:24 UTC 55K followers, XXX engagements "CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369697919569958) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements "CVE-2025-7767 A vulnerability which was classified as problematic has been found in PHPGurukul Art Gallery Management System XXX. Affected by this issue is some unknown functionali"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946044735921029259) 2025-07-18 03:09:55 UTC 55K followers, XXX engagements "CVE-2025-7638 The Forminator Forms Contact Form Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078248305111482) 2025-07-18 05:23:05 UTC 55K followers, XXX engagements "CVE-2025-7749 A vulnerability which was classified as critical has been found in code-projects Online Appointment Booking System XXX. This issue affects some unknown processing of"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925395347300564) 2025-07-17 19:15:42 UTC 55K followers, XXX engagements "CVE-2025-7926 A vulnerability which was classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. This affects an unknown part of the file /admin/booking"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300342300868684) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements "CVE-2025-52166 Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensit"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946274606462955857) 2025-07-18 18:23:20 UTC 55K followers, XXX engagements "CVE-2025-54122 Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy hand"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405331354816665) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements "CVE-2025-4130 Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300337989067074) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements "CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390799857283416) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements "CVE-2025-7877 A vulnerability which was classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946854359209242768) 2025-07-20 08:47:04 UTC 55K followers, XXX engagements "CVE-2025-7925 A vulnerability which was classified as problematic has been found in PHPGurukul Online Banquet Booking System XXX. Affected by this issue is some unknown functionali"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947287570704158878) 2025-07-21 13:28:30 UTC 55K followers, XXX engagements "CVE-2025-50126 A stored XSS vulnerability in the RSBlog component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153080275283980) 2025-07-18 10:20:26 UTC 55K followers, XXX engagements "CVE-2025-7911 A vulnerability classified as critical was found in D-Link DI-8100 XXX. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhtt"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947067430641012818) 2025-07-20 22:53:44 UTC 55K followers, XXX engagements "CVE-2025-7802 A vulnerability was found in PHPGurukul Complaint Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946291508011036823) 2025-07-18 19:30:30 UTC 55K followers, XXX engagements "CVE-2025-51397 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374999188160828) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements "CVE-2024-13972 A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privile"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925388808454211) 2025-07-17 19:15:40 UTC 55K followers, XXX engagements "CVE-2025-7859 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/update_passwo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946742253600530891) 2025-07-20 01:21:36 UTC 55K followers, XXX engagements "CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410009836454325) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements "CVE-2025-6053 The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.0. This is due to missing or inco"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078246644134019) 2025-07-18 05:23:05 UTC 55K followers, XXX engagements "CVE-2025-49486 A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153084922503247) 2025-07-18 10:20:27 UTC 55K followers, XXX engagements "CVE-2025-6813 The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions XXX t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078250154815891) 2025-07-18 05:23:05 UTC 55K followers, XXX engagements "CVE-2025-4657 A buffer overflow vulnerability was reported in the Lenovo Protection Driver prior to version 5.1.1110.4231 used in Lenovo PC Manager Lenovo Browser and Lenovo App"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932458509402260) 2025-07-17 19:43:46 UTC 55K followers, XXX engagements "CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below the NodeJS version of HAX CMS has a disabled Conte"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405328699822552) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements "CVE-2025-4570 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211148316627411) 2025-07-21 08:24:49 UTC 55K followers, XXX engagements "CVE-2025-43977 The application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction b"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322219690066089) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements "CVE-2025-7790 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946233232653205531) 2025-07-18 15:38:56 UTC 55K followers, XXX engagements "CVE-2025-4129 Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.0"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300339041857832) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements "CVE-2025-7486 The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to and including XXXXXX due to insufficient"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426677937537380) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements "CVE-2025-7854 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946675193725792360) 2025-07-19 20:55:08 UTC 55K followers, XXX engagements "CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390799035220089) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements "CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700206983193052) 2025-07-11 15:53:36 UTC 55K followers, XXX engagements "CVE-2025-44655 In TOTOLink A7100RU V7.4 A950RG V5.9 and T10 V5.9 the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331044127953062) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements "CVE-2025-7395 A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946339064757600296) 2025-07-18 22:39:28 UTC 55K followers, XXX engagements "CVE-2025-7920 WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability allowing unauthenticated remote attackers to execute arbitrar"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202228327948737) 2025-07-21 07:49:23 UTC 55K followers, XXX engagements "CVE-2025-7928 A vulnerability was found in code-projects Church Donation System XXX and classified as critical. This issue affects some unknown processing of the file /members/edit_u"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315100962165130) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements "CVE-2025-54075 MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2 a remote script-inclusion / stored cross-"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946237808579920242) 2025-07-18 15:57:07 UTC 55K followers, XXX engagements "CVE-2025-41678 A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232870247927976) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements "CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX. It has been classified as critical. Affected is the function addGoods of the file GoodsController"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405330511761671) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements "CVE-2025-7919 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188860863041824) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements "CVE-2025-50581 MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946310120373420449) 2025-07-18 20:44:28 UTC 55K followers, XXX engagements "CVE-2025-7772 The Malcure Malware Scanner #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946101825884557314) 2025-07-18 06:56:46 UTC 55K followers, XXX engagements "CVE-2025-54073 mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946237809456496845) 2025-07-18 15:57:07 UTC 55K followers, XXX engagements "CVE-2025-38351 In the Linux kernel the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hy"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946547839019929751) 2025-07-19 12:29:04 UTC 55K followers, XXX engagements "CVE-2025-3753 A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool affecting ROS distributions Noetic Ninjemys and earlier. The vulne"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932468185600344) 2025-07-17 19:43:48 UTC 55K followers, XXX engagements "CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410000583835725) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements "CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390784778760696) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements "CVE-2025-27209 The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946348333079093734) 2025-07-18 23:16:18 UTC 55K followers, XXX engagements "CVE-2025-7888 A vulnerability was found in TDuckCloud tduck-platform XXX and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946920305361879072) 2025-07-20 13:09:07 UTC 55K followers, XXX engagements "CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668165860635053) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements "CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390831222288479) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700215824797703) 2025-07-11 15:53:38 UTC 55K followers, XXX engagements "CVE-2025-5767 The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width parameter in all versions up to and including 3.1.1"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085261081039261) 2025-07-18 05:50:57 UTC 55K followers, XXX engagements "CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390819390132695) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements "CVE-2025-7807 A vulnerability which was classified as critical has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlF"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946312923686609107) 2025-07-18 20:55:36 UTC 55K followers, XXX engagements "CVE-2024-27779 An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below version 4.2.6 and below XXX all versions XXX all ve"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946130912384549097) 2025-07-18 08:52:21 UTC 55K followers, XXX engagements "CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390814180839849) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements "CVE-2025-7369 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 7.4.2. This is due"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202225572356223) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements "CVE-2025-50586 StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF)"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265120633393280) 2025-07-18 17:45:39 UTC 55K followers, XXX engagements "CVE-2023-52672 In the Linux kernel the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notificatio"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1791557124226506958) 2024-05-17 19:51:18 UTC 55K followers, XXX engagements "CVE-2016-15043 The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to and incl"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508123688272182) 2025-07-19 09:51:15 UTC 55K followers, XXX engagements "CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369699303690462) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements "CVE-2025-4040 Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic St"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947287571639554067) 2025-07-21 13:28:30 UTC 55K followers, XXX engagements "CVE-2025-49087 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4 a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mod"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947006248693735654) 2025-07-20 18:50:37 UTC 55K followers, XXX engagements "CVE-2025-7895 A vulnerability which was classified as critical was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/contro"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946336168767501) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements "CVE-2025-54319 An issue was discovered in Westermo WeOS X (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947037354386178107) 2025-07-20 20:54:14 UTC 55K followers, XXX engagements "CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390809944559803) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements "CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390816877744421) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements "CVE-2025-7433 A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925386996527104) 2025-07-17 19:15:40 UTC 55K followers, XXX engagements "CVE-2025-46123 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where the authent"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315103889871240) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements "CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410005180752147) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements "CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also v"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562958710350222) 2025-07-16 19:15:30 UTC 55K followers, XXX engagements "CVE-2025-50056 A reflected XSS vulnerability in RSMail component 1.19.20 - 1.22.26 XX Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTM"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153083035070546) 2025-07-18 10:20:27 UTC 55K followers, XXX engagements "CVE-2025-46002 An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946218956697514139) 2025-07-18 14:42:12 UTC 55K followers, XXX engagements "CVE-2025-44658 In Netgear RAX30 V1.0.10.94 a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker m"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325175248359866) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements "CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668217349869972) 2025-07-11 13:46:29 UTC 55K followers, XXX engagements "CVE-2015-10134 The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to and including 2.7.10. via the download_backup_file function. This"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508126456570058) 2025-07-19 09:51:16 UTC 55K followers, XXX engagements "CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700200456872091) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements "CVE-2025-46000 An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary cod"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946227744112537831) 2025-07-18 15:17:08 UTC 55K followers, XXX engagements "CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container where an attacker could execute arbitrary code wit"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925387919184228) 2025-07-17 19:15:40 UTC 55K followers, XXX engagements "CVE-2025-7794 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStat"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946258238493630935) 2025-07-18 17:18:18 UTC 55K followers, XXX engagements "CVE-2025-50585 StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946282040103452819) 2025-07-18 18:52:53 UTC 55K followers, XXX engagements "CVE-2025-54068 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3 a vulnerability allows unauthenticated attackers to achieve remote command"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925392490954939) 2025-07-17 19:15:41 UTC 55K followers, XXX engagements "CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390832052736253) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390815892046047) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements "CVE-2025-46383 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946335388696901) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements "CVE-2025-50151 File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users ar"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232866489803073) 2025-07-21 09:51:07 UTC 55K followers, XXX engagements "CVE-2025-7655 The Live Stream Badger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livestream' shortcode in all versions up to and including 1"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946418685276484075) 2025-07-19 03:55:51 UTC 55K followers, XXX engagements "CVE-2025-7818 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946557593276567686) 2025-07-19 13:07:50 UTC 55K followers, XXX engagements "CVE-2025-7786 A vulnerability which was classified as problematic has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946207142630875394) 2025-07-18 13:55:16 UTC 55K followers, XXX engagements "CVE-2025-7913 A vulnerability which was classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947082311259869549) 2025-07-20 23:52:52 UTC 55K followers, XXX engagements "CVE-2025-7906 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/jav"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947021346204262716) 2025-07-20 19:50:37 UTC 55K followers, XXX engagements "CVE-2025-7855 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. T"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946680253243609491) 2025-07-19 21:15:14 UTC 55K followers, XXX engagements "CVE-2025-7893 A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xm"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946932091565867519) 2025-07-20 13:55:57 UTC 55K followers, XXX engagements "CVE-2025-24937 File contents could be read from the local file system by an attacker. Additionally malicious code could be inserted in the file leading to a full compromise of the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188858761671150) 2025-07-21 06:56:15 UTC 55K followers, XXX engagements "CVE-2025-43976 The application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322218704445869) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements "CVE-2025-7438 The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' funct"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946101824798224620) 2025-07-18 06:56:46 UTC 55K followers, XXX engagements "CVE-2025-7936 A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947383760602705988) 2025-07-21 19:50:43 UTC 55K followers, XXX engagements "CVE-2025-7788 A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file s"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946227743214932318) 2025-07-18 15:17:07 UTC 55K followers, XXX engagements "CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390796505952648) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements "CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668164782678454) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements "CVE-2025-7783 Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946252011516608954) 2025-07-18 16:53:33 UTC 55K followers, XXX engagements "CVE-2025-6982 Use of Hard-coded Credentials in TP-Link Archer C50 V3( = 180703)/V4( = 250117 )/V5( = 200407 )allows attackers to decrypt the config.xml files"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945585495175741673) 2025-07-16 20:45:03 UTC 55K followers, 1035 engagements "CVE-2025-43720 Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role revealing the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947345252190159158) 2025-07-21 17:17:42 UTC 55K followers, XXX engagements "CVE-2025-7806 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilt"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946310119127667094) 2025-07-18 20:44:27 UTC 55K followers, XXX engagements "CVE-2025-7871 A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulat"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946825292510875769) 2025-07-20 06:51:34 UTC 55K followers, XXX engagements "CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390802445127728) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements "CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397531404574795) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements "CVE-2025-50584 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946294371265220657) 2025-07-18 19:41:53 UTC 55K followers, XXX engagements "CVE-2025-7755 A vulnerability was found in code-projects Online Ordering System XXX. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945950847172583862) 2025-07-17 20:56:50 UTC 55K followers, XXX engagements "CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397532327223491) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements "CVE-2025-7909 A vulnerability was found in D-Link DIR-513 XXX. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSet"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947051857404178782) 2025-07-20 21:51:51 UTC 55K followers, XXX engagements "CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390810800198108) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements "CVE-2025-7856 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been declared as problematic. Affected by this vulnerability is an unknown func"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946689277213241672) 2025-07-19 21:51:06 UTC 55K followers, XXX engagements "CVE-2025-7863 A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/c"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772889132261383) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements "CVE-2025-7660 The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to and includin"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078247495565528) 2025-07-18 05:23:05 UTC 55K followers, XXX engagements "CVE-2025-7836 A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /h"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946619899897422030) 2025-07-19 17:15:25 UTC 55K followers, XXX engagements "CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390828793798664) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2020-26799 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374997242056804) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements "CVE-2025-7857 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been rated as problematic. Affected by this issue is some unknown functionality"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946711072901357619) 2025-07-19 23:17:42 UTC 55K followers, XXX engagements "CVE-2025-41679 An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232868893106283) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements "CVE-2025-7795 A vulnerability which was classified as critical has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265112911679866) 2025-07-18 17:45:37 UTC 55K followers, XXX engagements "CVE-2025-7648 The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to and incl"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078251832533432) 2025-07-18 05:23:06 UTC 55K followers, XXX engagements "CVE-2025-41674 A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232874907762917) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements "CVE-2025-7762 A vulnerability which was classified as critical has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.as"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945970855969804467) 2025-07-17 22:16:21 UTC 55K followers, XXX engagements "CVE-2025-46118 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where hard-coded c"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307945227640890) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements "CVE-2025-4049 Use of hard-coded the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.T"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211149998424422) 2025-07-21 08:24:50 UTC 55K followers, XXX engagements "CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390788465483889) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements "CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390785726648656) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements "CVE-2025-7901 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946957069615251788) 2025-07-20 15:35:12 UTC 55K followers, XXX engagements "CVE-2025-54316 An issue was discovered in Logpoint before 7.6.0. When creating reports attackers can create custom Jinja templates that chained built-in filter functions to generat"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011958051332578) 2025-07-20 19:13:19 UTC 55K followers, XXX engagements "CVE-2025-49828 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager Self-Hosted (formerly k"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945210002391920804) 2025-07-15 19:52:59 UTC 55K followers, XXX engagements "CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700198640746944) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements "CVE-2025-49485 A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153083945300317) 2025-07-18 10:20:27 UTC 55K followers, XXX engagements "CVE-2025-7837 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946619898882363547) 2025-07-19 17:15:24 UTC 55K followers, XXX engagements "CVE-2025-38349 In the Linux kernel the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out tha"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946123357872619621) 2025-07-18 08:22:20 UTC 55K followers, XXX engagements "CVE-2025-7829 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946569556790768060) 2025-07-19 13:55:22 UTC 55K followers, XXX engagements "CVE-2025-7873 A vulnerability was found in Metasoft MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946831271147274720) 2025-07-20 07:15:20 UTC 55K followers, XXX engagements "CVE-2025-41673 A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements us"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232875780128849) 2025-07-21 09:51:10 UTC 55K followers, XXX engagements "CVE-2025-7431 The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to and including 2.3.1 due to insu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946044734901817764) 2025-07-18 03:09:55 UTC 55K followers, XXX engagements "CVE-2025-41458 Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the apps filesyste"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258495381721116) 2025-07-21 11:32:58 UTC 55K followers, XXX engagements "CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409993977758152) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements "CVE-2025-51868 Insecure Direct Object Reference (IDOR) vulnerability in Dippy v2 allows attackers to gain sensitive information via the conversation_id parameter to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410012717883495) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements "CVE-2025-7750 A vulnerability which was classified as critical was found in code-projects Online Appointment Booking System XXX. Affected is an unknown function of the file /admin/"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925389794062795) 2025-07-17 19:15:41 UTC 55K followers, XXX engagements "CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390787538588093) 2025-07-21 20:18:39 UTC 55K followers, XXX engagements "CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397530477535610) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements "CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700204173078902) 2025-07-11 15:53:35 UTC 55K followers, XXX engagements "CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205037121823) 2025-07-11 15:53:35 UTC 55K followers, XXX engagements "CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390841146024094) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements "CVE-2025-7798 A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to XXX. This affects an unk"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946274605527663076) 2025-07-18 18:23:20 UTC 55K followers, XXX engagements "CVE-2025-7918 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188861840368046) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements "CVE-2025-7392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339044137959659) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements "CVE-2025-7914 A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947134871387742416) 2025-07-21 03:21:44 UTC 55K followers, XXX engagements "CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390832887443724) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2025-7915 A vulnerability was found in Chanjet CRM XXX and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947134870469091382) 2025-07-21 03:21:43 UTC 55K followers, XXX engagements "CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409995722617144) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements "CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700212339368002) 2025-07-11 15:53:37 UTC 55K followers, XXX engagements "CVE-2025-46102 Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remot"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925396286840839) 2025-07-17 19:15:42 UTC 55K followers, XXX engagements "CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335892678037713) 2025-07-10 15:45:56 UTC 55K followers, XXX engagements "CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3 7.4.0"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945872584769167505) 2025-07-17 15:45:51 UTC 55K followers, XXX engagements "CVE-2025-7935 A vulnerability which was classified as critical was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374995371434179) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements "CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410001464635614) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements "CVE-2025-7880 A vulnerability was found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/co"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946862936552591851) 2025-07-20 09:21:09 UTC 55K followers, XXX engagements "CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390803275616420) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements "CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390839497626077) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements "CVE-2025-7394 In the OpenSSL compatibility layer implementation the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned fr"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946343155000873383) 2025-07-18 22:55:44 UTC 55K followers, XXX engagements "CVE-2025-7791 A vulnerability was found in PHPGurukul Online Security Guards Hiring System XXX. It has been declared as problematic. This vulnerability affects unknown code of the fi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946237810408554908) 2025-07-18 15:57:08 UTC 55K followers, XXX engagements "CVE-2025-7929 A vulnerability was found in code-projects Church Donation System XXX. It has been classified as critical. Affected is an unknown function of the file /members/edit_Mem"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325173235061189) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements "CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369696975896779) 2025-07-21 18:54:50 UTC 55K followers, XXX engagements "CVE-2025-7751 A vulnerability has been found in code-projects Online Appointment Booking System XXX and classified as critical. Affected by this vulnerability is an unknown functiona"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932469087490260) 2025-07-17 19:43:48 UTC 55K followers, XXX engagements "CVE-2025-5754 The Useful Tab Block Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in all versions up to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085264889409619) 2025-07-18 05:50:58 UTC 55K followers, XXX engagements "CVE-2025-47917 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011957019623707) 2025-07-20 19:13:18 UTC 55K followers, XXX engagements "CVE-2025-23270 NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode where an unprivileged local attacker may cause exposure of sensitive information via a side chan"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945941162872770895) 2025-07-17 20:18:21 UTC 55K followers, XXX engagements "CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390804173197319) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements "CVE-2025-7752 A vulnerability was found in code-projects Online Appointment Booking System XXX and classified as critical. Affected by this issue is some unknown functionality of the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932456466759691) 2025-07-17 19:43:45 UTC 55K followers, XXX engagements "CVE-2025-51869 Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id thread_id and mes"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947379222571585721) 2025-07-21 19:32:41 UTC 55K followers, XXX engagements "CVE-2025-46117 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where a hidden de"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307944183234621) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements "CVE-2025-1729 A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that under certain conditions could allow a local attacker to escalate privileges"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932465413279977) 2025-07-17 19:43:48 UTC 55K followers, XXX engagements "CVE-2025-7763 A vulnerability which was classified as problematic was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945976936070553757) 2025-07-17 22:40:30 UTC 55K followers, XXX engagements "CVE-2025-5681 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258492462473536) 2025-07-21 11:32:57 UTC 55K followers, XXX engagements "CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405335234548098) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements "CVE-2025-52362 Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375003919393065) 2025-07-21 19:15:56 UTC 55K followers, XXX engagements "CVE-2025-7787 A vulnerability which was classified as critical was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file srcmainjavacomxxlj"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946218955644842273) 2025-07-18 14:42:12 UTC 55K followers, XXX engagements "CVE-2025-6023 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. Th"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946116772358483974) 2025-07-18 07:56:10 UTC 55K followers, XXX engagements "CVE-2025-7834 A vulnerability which was classified as problematic was found in PHPGurukul Complaint Management System XXX. Affected is an unknown function. The manipulation leads t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946613331420201409) 2025-07-19 16:49:19 UTC 55K followers, XXX engagements "CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410011883262465) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements "CVE-2025-54121 Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit designed for building async web services in Python. In versions 0.47.1 and"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397528636227857) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements "CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410010859806838) 2025-07-21 21:35:02 UTC 55K followers, XXX engagements "CVE-2025-5800 The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto_play parameter in all versions up to and including 1.2.1 du"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085258279149595) 2025-07-18 05:50:56 UTC 55K followers, XXX engagements "CVE-2025-53528 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below the version parameter of the "/docs" endpo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397526736323068) 2025-07-21 20:45:25 UTC 55K followers, XXX engagements "CVE-2025-6197 An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946116771330883890) 2025-07-18 07:56:10 UTC 55K followers, XXX engagements "CVE-2025-6718 The plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to and including 2"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085265694728222) 2025-07-18 05:50:58 UTC 55K followers, XXX engagements "CVE-2025-7904 A vulnerability which was classified as critical was found in itsourcecode Insurance Management System XXX. This affects an unknown part of the file /insertNominee.ph"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946981991875830167) 2025-07-20 17:14:14 UTC 55K followers, XXX engagements "CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700197768396914) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements "CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390836163154338) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements "CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700208732287204) 2025-07-11 15:53:36 UTC 55K followers, XXX engagements "CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390823789961622) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements "CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390827996844227) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements "CVE-2025-7932 A vulnerability classified as critical has been found in D-Link DIR817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation l"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352505630748836) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements "CVE-2025-44651 In TRENDnet TPL-430AP FW1.0 the USERLIMIT_GLOBAL option is set to X in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are conn"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322221548171695) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements "CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405334324425099) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements "CVE-2025-6235 In ExtremeControl before 25.5.12 a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from impro"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300336873492704) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements "CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive inf"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390825442513121) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements "CVE-2025-52164 Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946268217380639049) 2025-07-18 17:57:57 UTC 55K followers, XXX engagements "CVE-2025-5811 The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085257318642171) 2025-07-18 05:50:56 UTC 55K followers, XXX engagements "CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700207855607885) 2025-07-11 15:53:36 UTC 55K followers, XXX engagements "CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700202369515829) 2025-07-11 15:53:35 UTC 55K followers, XXX engagements "CVE-2025-41676 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232873158791278) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements "CVE-2025-6719 The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 3.4.8 due to insuffici"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085261949235409) 2025-07-18 05:50:57 UTC 55K followers, XXX engagements "CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390820287713776) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements "CVE-2025-7876 A vulnerability classified as critical was found in Metasoft MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. Th"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946840387487969603) 2025-07-20 07:51:33 UTC 55K followers, XXX engagements "CVE-2025-7797 A vulnerability was found in GPAC up to XXX. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/medi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946268215421845742) 2025-07-18 17:57:57 UTC 55K followers, XXX engagements "CVE-2025-6222 The WooCommerce Refund And Exchange with RMA - Warranty Management Refund Policy Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085266701332647) 2025-07-18 05:50:58 UTC 55K followers, XXX engagements "CVE-2025-41675 A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of sp"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232874001756474) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements "CVE-2025-3740 The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 93.1.0 via the 'page' parame"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078250981044656) 2025-07-18 05:23:06 UTC 55K followers, XXX engagements "CVE-2025-45156 Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946258239575695581) 2025-07-18 17:18:18 UTC 55K followers, XXX engagements "CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409997580669078) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements "CVE-2025-7885 A vulnerability which was classified as problematic has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the comp"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946895320312336389) 2025-07-20 11:29:50 UTC 55K followers, XXX engagements "CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390837006209124) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements "CVE-2025-54317 An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template whi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947011958948999569) 2025-07-20 19:13:19 UTC 55K followers, XXX engagements "CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668163788612062) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements "CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409988109865224) 2025-07-21 21:34:56 UTC 55K followers, XXX engagements "CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397533270987129) 2025-07-21 20:45:27 UTC 55K followers, XXX engagements "CVE-2025-2301 Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947263601464492232) 2025-07-21 11:53:15 UTC 55K followers, XXX engagements "CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369700222242871) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements "CVE-2025-7792 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946252013349523828) 2025-07-18 16:53:34 UTC 55K followers, XXX engagements "CVE-2025-7398 Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945965813166743677) 2025-07-17 21:56:18 UTC 55K followers, XXX engagements "CVE-2025-6248 A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page w"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932460635857285) 2025-07-17 19:43:46 UTC 55K followers, XXX engagements "CVE-2025-7889 A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidMan"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946920304313356728) 2025-07-20 13:09:07 UTC 55K followers, XXX engagements "CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below the NodeJS version of HAX CMS uses an ins"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405329622569410) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements "CVE-2025-51398 A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTM"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375000144445590) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements "CVE-2025-53770 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946742250832355761) 2025-07-20 01:21:35 UTC 55K followers, XXX engagements "CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214067445874) 2025-07-11 15:53:37 UTC 55K followers, XXX engagements "CVE-2025-6227 Mattermost versions 10.5.x = 10.5.7 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and pass"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946174421971943892) 2025-07-18 11:45:15 UTC 55K followers, XXX engagements "CVE-2025-52168 Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitr"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265122655076798) 2025-07-18 17:45:39 UTC 55K followers, XXX engagements "CVE-2025-7602 A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736654750863670) 2025-07-14 12:32:04 UTC 55K followers, XXX engagements "CVE-2024-13175 Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946212633813946463) 2025-07-18 14:17:05 UTC 55K followers, XXX engagements "CVE-2025-51401 A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML vi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375002061287735) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements "CVE-2025-33014 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4uses a web link with untrusted references to an external"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946287548411552037) 2025-07-18 19:14:46 UTC 55K followers, XXX engagements "CVE-2025-7759 A vulnerability which was classified as critical was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/j"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945965812168479070) 2025-07-17 21:56:18 UTC 55K followers, XXX engagements "CVE-2025-7866 A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_defici"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946789190852616643) 2025-07-20 04:28:07 UTC 55K followers, XXX engagements "CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668167047524629) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements "CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390834552541310) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements "CVE-2025-49484 A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parame"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153079306375319) 2025-07-18 10:20:26 UTC 55K followers, XXX engagements "CVE-2025-51400 A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375001205653912) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements "CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below the HAX CMS NodeJS application crashes when an aut"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405326824952179) 2025-07-21 21:16:25 UTC 55K followers, XXX engagements "CVE-2025-6226 Mattermost versions 10.5.x = 10.5.6 10.8.x = 10.8.1 10.7.x = 10.7.3 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID w"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946138098988949989) 2025-07-18 09:20:54 UTC 55K followers, XXX engagements "CVE-2025-7343 The SFT developed by Digiwin has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read modify and delete d"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196005142683982) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements "CVE-2025-7840 A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System XXX. It has been classified as problematic. This affects an unknown part of the file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946643737737932907) 2025-07-19 18:50:08 UTC 55K followers, XXX engagements "CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390786620035389) 2025-07-21 20:18:38 UTC 55K followers, XXX engagements "CVE-2025-50582 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946310121203945665) 2025-07-18 20:44:28 UTC 55K followers, XXX engagements "CVE-2025-7875 A vulnerability classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946835637560136116) 2025-07-20 07:32:41 UTC 55K followers, XXX engagements "CVE-2015-10135 The WPshop X E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions befo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508124506181668) 2025-07-19 09:51:15 UTC 55K followers, XXX engagements "CVE-2025-54309 CrushFTP XX before 10.8.5 and XX before 11.3.4_23 when the DMZ proxy feature is not used mishandles AS2 validation and consequently allows remote attackers to obtai"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946274607306096959) 2025-07-18 18:23:21 UTC 55K followers, XXX engagements "CVE-2025-7862 A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772889945899281) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements "CVE-2025-7831 A vulnerability classified as critical has been found in code-projects Church Donation System XXX. This affects an unknown part of the file /members/Tithes.php. The man"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946594665693639109) 2025-07-19 15:35:08 UTC 55K followers, XXX engagements "CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390829624258828) 2025-07-21 20:18:49 UTC 55K followers, XXX engagements "CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700199567728738) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements "CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390827141206138) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements "CVE-2025-7814 A vulnerability classified as critical was found in code-projects Food Ordering Review System XXX. This vulnerability affects unknown code of the file /pages/signup_fun"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946327029932232735) 2025-07-18 21:51:39 UTC 55K followers, XXX engagements "CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410007068119481) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements "CVE-2025-7897 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/con"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952150153941071) 2025-07-20 15:15:39 UTC 55K followers, XXX engagements "CVE-2025-7878 A vulnerability which was classified as critical was found in Metasoft MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946854358341013882) 2025-07-20 08:47:04 UTC 55K followers, XXX engagements "CVE-2025-2425 Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitra"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946144707328745797) 2025-07-18 09:47:10 UTC 55K followers, XXX engagements "CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700211378913755) 2025-07-11 15:53:37 UTC 55K followers, XXX engagements "CVE-2025-53816 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in vers"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925394386788438) 2025-07-17 19:15:42 UTC 55K followers, XXX engagements "CVE-2025-54078 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946244022827098612) 2025-07-18 16:21:49 UTC 55K followers, XXX engagements "CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390797344870608) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements "CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426678931689634) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements "CVE-2025-54076 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946244024664301573) 2025-07-18 16:21:49 UTC 55K followers, XXX engagements "CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390791741280620) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements "CVE-2025-7931 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339047199760877) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements "CVE-2025-7934 A vulnerability which was classified as critical has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the fu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947374996327723481) 2025-07-21 19:15:54 UTC 55K followers, XXX engagements "CVE-2025-49747 Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265119647781214) 2025-07-18 17:45:39 UTC 55K followers, XXX engagements "CVE-2025-7354 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202224637002077) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements "CVE-2025-54313 eslint-config-prettier 8.10.1 9.1.1 10.1.6 and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946613332506550506) 2025-07-19 16:49:19 UTC 55K followers, XXX engagements "CVE-2025-41677 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232872240214266) 2025-07-21 09:51:09 UTC 55K followers, XXX engagements "CVE-2025-6720 The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946448922945237297) 2025-07-19 05:56:01 UTC 55K followers, XXX engagements "CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390807100821543) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements "CVE-2025-47158 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265116065894813) 2025-07-18 17:45:38 UTC 55K followers, XXX engagements "CVE-2025-52575 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authent"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361904046870890) 2025-07-21 18:23:52 UTC 55K followers, XXX engagements "CVE-2025-53771 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947063357644636665) 2025-07-20 22:37:33 UTC 55K followers, XXX engagements "CVE-2025-44647 In TRENDnet TEW-WLC100P 2.03b03 the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file so that IKE Respon"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947325174266937572) 2025-07-21 15:57:55 UTC 55K followers, XXX engagements "CVE-2025-53945 apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5 critical files were inadv"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946233230719619542) 2025-07-18 15:38:56 UTC 55K followers, XXX engagements "CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700230924308738) 2025-07-11 15:53:41 UTC 55K followers, XXX engagements "CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409991012409733) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements "CVE-2025-7927 A vulnerability has been found in PHPGurukul Online Banquet Booking System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/vi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307941486264783) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements "CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390818542882843) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements "CVE-2025-7764 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System XXX. Affected is an unknown function of the file /admin/deleted"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945980558993162438) 2025-07-17 22:54:54 UTC 55K followers, XXX engagements "CVE-2025-7941 A vulnerability which was classified as problematic was found in PHPGurukul Time Table Generator System XXX. Affected is an unknown function of the file /admin/profil"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947426679921447165) 2025-07-21 22:41:16 UTC 55K followers, XXX engagements "CVE-2025-7916 WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary code on the ser"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947181807256166624) 2025-07-21 06:28:14 UTC 55K followers, XXX engagements "CVE-2025-7868 A vulnerability classified as problematic was found in Portabilis i-Educar 2.9.0. Affected by this vulnerability is an unknown functionality of the file /intranet/educa"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946797449261051959) 2025-07-20 05:00:56 UTC 55K followers, XXX engagements "CVE-2025-7715 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This iss"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339043185820009) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements "CVE-2025-6721 The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() fun"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946448924492886153) 2025-07-19 05:56:01 UTC 55K followers, XXX engagements "CVE-2025-7912 A vulnerability which was classified as critical has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the compon"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947073274812248126) 2025-07-20 23:16:58 UTC 55K followers, XXX engagements "CVE-2025-7917 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability allowing remote attackers with administrator privileges to upload and"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188863354458184) 2025-07-21 06:56:16 UTC 55K followers, XXX engagements "CVE-2025-54314 Thor before 1.4.0 can construct an unsafe shell command from library input"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772890801578251) 2025-07-20 03:23:21 UTC 55K followers, XXX engagements "CVE-2025-36845 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361904969601530) 2025-07-21 18:23:53 UTC 55K followers, XXX engagements "CVE-2025-7870 A vulnerability which was classified as problematic was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endp"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946809851146871173) 2025-07-20 05:50:13 UTC 55K followers, XXX engagements "CVE-2025-50058 A stored XSS vulnerability in the RSDirectory component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web sc"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153081164448211) 2025-07-18 10:20:26 UTC 55K followers, XXX engagements "CVE-2025-7753 A vulnerability was found in code-projects Online Appointment Booking System XXX. It has been classified as critical. This affects an unknown part of the file /admin/ad"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945934381207437467) 2025-07-17 19:51:24 UTC 55K followers, XXX engagements "CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System XXX. This vulnerability affects unknown code of the file /pages/settings_update"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947369701140795602) 2025-07-21 18:54:51 UTC 55K followers, XXX engagements "CVE-2024-32124 An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4 version 2.4.3 XXX all versions logging component may allow a remote authenticated"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946130911533105494) 2025-07-18 08:52:21 UTC 55K followers, XXX engagements "CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below the application returns a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405327848378772) 2025-07-21 21:16:25 UTC 55K followers, XXX engagements "CVE-2025-7930 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331043159069170) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements "CVE-2025-7393 Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339045115154565) 2025-07-21 16:53:02 UTC 55K followers, XXX engagements "CVE-2025-7344 The EAI developed by Digiwin has a Privilege Escalation vulnerability allowing remote attackers with regular privileges to elevate their privileges to administrator le"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196004056314230) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements "CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390805024641226) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements "CVE-2025-27210 An incomplete fix has been identified for CVE-2025-23084 in Node.js specifically affecting Windows device names like CON PRN and AUX. This vulnerability affect"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946348332030558471) 2025-07-18 23:16:18 UTC 55K followers, XXX engagements "CVE-2024-56220 Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notificatio"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1874036508862066721) 2024-12-31 10:14:56 UTC 55K followers, XXX engagements "CVE-2025-45157 Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946258240603394179) 2025-07-18 17:18:18 UTC 55K followers, XXX engagements "CVE-2024-42209 HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to which is ca"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932457599193438) 2025-07-17 19:43:46 UTC 55K followers, XXX engagements "CVE-2025-49746 Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265118494315003) 2025-07-18 17:45:38 UTC 55K followers, XXX engagements "CVE-2025-54310 qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946294372267680016) 2025-07-18 19:41:53 UTC 55K followers, XXX engagements "CVE-2025-7908 A vulnerability was found in D-Link DI-8100 XXX. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.aspopt=add"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947042588445307013) 2025-07-20 21:15:02 UTC 55K followers, XXX engagements "CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207822951567607) 2025-07-15 19:44:19 UTC 55K followers, XXX engagements "CVE-2024-13973 A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR1 (21.0.1) can potentially lead to administrators achieving arbitrar"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300340086251916) 2025-07-21 14:19:14 UTC 55K followers, XXX engagements "CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214973350185) 2025-07-11 15:53:38 UTC 55K followers, XXX engagements "CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942453102914982247) 2025-07-08 05:18:03 UTC 55K followers, XXX engagements "CVE-2025-53832 Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which e"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397525733814564) 2025-07-21 20:45:25 UTC 55K followers, XXX engagements "CVE-2025-7789 A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/x"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946233233638895739) 2025-07-18 15:38:56 UTC 55K followers, XXX engagements "CVE-2025-6185 Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability allowing an attacker to craft a malicious payload in URL paramet"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945990793526976778) 2025-07-17 23:35:34 UTC 55K followers, XXX engagements "CVE-2025-7793 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946252012464603345) 2025-07-18 16:53:34 UTC 55K followers, XXX engagements "CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700213236912444) 2025-07-11 15:53:37 UTC 55K followers, XXX engagements "CVE-2025-7803 A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function vali"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946291507071479949) 2025-07-18 19:30:30 UTC 55K followers, XXX engagements "CVE-2025-46116 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where an authenti"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307942568509498) 2025-07-21 14:49:27 UTC 55K followers, XXX engagements "CVE-2025-7717 Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0 from 2.0.0 before 2.0.1"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339041105383439) 2025-07-21 16:53:01 UTC 55K followers, XXX engagements "CVE-2025-5816 The Plugin Pengiriman WooCommerce Kurir Reguler Instan Kargo Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078249206866331) 2025-07-18 05:23:05 UTC 55K followers, XXX engagements "CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700218567958857) 2025-07-11 15:53:38 UTC 55K followers, XXX engagements "CVE-2025-44650 In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2 the USERLIMIT_GLOBAL option is set to X in the bftpd.conf configuration file. This can cause DoS attacks"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322220612857926) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements "CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700231746376174) 2025-07-11 15:53:42 UTC 55K followers, XXX engagements "CVE-2012-10019 The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508122836844807) 2025-07-19 09:51:15 UTC 55K followers, XXX engagements "CVE-2025-46382 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946337016029440) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements "CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700201417392463) 2025-07-11 15:53:34 UTC 55K followers, XXX engagements "CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390835361972679) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements "CVE-2025-6231 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932462494032229) 2025-07-17 19:43:47 UTC 55K followers, XXX engagements "CVE-2025-7397 A vulnerability in the ascgshell of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command histor"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945970853868453942) 2025-07-17 22:16:20 UTC 55K followers, XXX engagements "CVE-2025-7874 A vulnerability was found in Metasoft MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946831270157434969) 2025-07-20 07:15:19 UTC 55K followers, XXX engagements "CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700232669216990) 2025-07-11 15:53:42 UTC 55K followers, XXX engagements "CVE-2025-6391 Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implica"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945970854916968630) 2025-07-17 22:16:20 UTC 55K followers, XXX engagements "CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390821994750457) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements "CVE-2025-7765 A vulnerability classified as critical was found in code-projects Online Appointment Booking System XXX. Affected by this vulnerability is an unknown functionality of t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945986179624554728) 2025-07-17 23:17:14 UTC 55K followers, XXX engagements "CVE-2025-26855 A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946116773344137679) 2025-07-18 07:56:10 UTC 55K followers, XXX engagements "CVE-2025-7832 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/offering.php"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946594664573743603) 2025-07-19 15:35:08 UTC 55K followers, XXX engagements "CVE-2025-7796 A vulnerability which was classified as critical was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The mani"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946268216424378679) 2025-07-18 17:57:57 UTC 55K followers, XXX engagements "CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668171254477166) 2025-07-11 13:46:18 UTC 55K followers, XXX engagements "CVE-2025-7510 A vulnerability has been found in code-projects Modern Bag XXX and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.ph"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944205122772389999) 2025-07-13 01:19:57 UTC 55K followers, XXX engagements "CVE-2015-10139 The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946535700112793703) 2025-07-19 11:40:50 UTC 55K followers, XXX engagements "CVE-2025-32744 Dell AppSync version(s) 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could poten"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339048214827474) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements "CVE-2025-46122 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the authenticated diagnostics API endpoint /admin/_cmdstat.j"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315102878929377) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements "CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409991842816163) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements "CVE-2025-7833 A vulnerability which was classified as critical has been found in code-projects Church Donation System XXX. This issue affects some unknown processing of the file /m"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946599474391863693) 2025-07-19 15:54:15 UTC 55K followers, XXX engagements "CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390793645494344) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements "CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410003343675854) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements "CVE-2025-7853 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946658951438676399) 2025-07-19 19:50:35 UTC 55K followers, XXX engagements "CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390817724993944) 2025-07-21 20:18:46 UTC 55K followers, XXX engagements "CVE-2025-52372 An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331045050700205) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements "CVE-2025-4685 The Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of mu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202226482483607) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements "CVE-2025-50240 nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925397159215392) 2025-07-17 19:15:42 UTC 55K followers, XXX engagements "CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390794622767179) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements "CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390837832487359) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements "CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668215416287368) 2025-07-11 13:46:28 UTC 55K followers, XXX engagements "CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409994820813282) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements "CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390801522397650) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements "CVE-2025-7754 A vulnerability was found in code-projects Patient Record Management System XXX. It has been declared as critical. This vulnerability affects unknown code of the file /"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945947833871601983) 2025-07-17 20:44:52 UTC 55K followers, XXX engagements "CVE-2025-46121 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the functions stamgr_cfg_adpt_addStaFavourite and stamgr_c"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947315101910081994) 2025-07-21 15:17:54 UTC 55K followers, XXX engagements "CVE-2025-41459 Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attacke"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258494412894464) 2025-07-21 11:32:58 UTC 55K followers, XXX engagements "CVE-2025-7940 A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functional"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409987182932239) 2025-07-21 21:34:56 UTC 55K followers, XXX engagements "CVE-2025-7924 A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. Affected by this vulnerability is an unknown functionality of the f"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947258493481750909) 2025-07-21 11:32:57 UTC 55K followers, XXX engagements "CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390800696103028) 2025-07-21 20:18:42 UTC 55K followers, XXX engagements "CVE-2025-6997 The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to and including 2.35.1.1 due to insuffi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946492184217203156) 2025-07-19 08:47:55 UTC 55K followers, XXX engagements "CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR2 (21.0.2)can lead to adjacent attackers achieving pre-auth code execution"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300343366164659) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements "CVE-2025-7816 A vulnerability which was classified as problematic was found in PHPGurukul Apartment Visitors Management System XXX. Affected is an unknown function of the file /vis"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946524166599106960) 2025-07-19 10:55:00 UTC 55K followers, XXX engagements "CVE-2025-41681 A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232867609682299) 2025-07-21 09:51:08 UTC 55K followers, XXX engagements "CVE-2024-6107 Due to insufficient verification an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947226365981298913) 2025-07-21 09:25:18 UTC 55K followers, XXX engagements "CVE-2025-7830 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946583950887190585) 2025-07-19 14:52:34 UTC 55K followers, XXX engagements "CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390821118185976) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements "CVE-2025-52162 agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265121640120563) 2025-07-18 17:45:39 UTC 55K followers, XXX engagements "CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390840344875198) 2025-07-21 20:18:51 UTC 55K followers, XXX engagements "CVE-2025-5752 The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width parameter in all versions up to and inclu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085259189330337) 2025-07-18 05:50:56 UTC 55K followers, XXX engagements "CVE-2025-23269 NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predict"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945947832940413044) 2025-07-17 20:44:51 UTC 55K followers, XXX engagements "CVE-2025-7872 A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. T"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946825291311308834) 2025-07-20 06:51:34 UTC 55K followers, XXX engagements "CVE-2025-7444 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to and including 5.0.1. This is due to insufficient verification on"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946130910656495945) 2025-07-18 08:52:21 UTC 55K followers, XXX engagements "CVE-2025-7860 A vulnerability which was classified as critical has been found in code-projects Church Donation System XXX. This issue affects some unknown processing of the file /m"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946742252749115672) 2025-07-20 01:21:36 UTC 55K followers, XXX engagements "CVE-2025-7758 A vulnerability which was classified as critical has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945960300223631517) 2025-07-17 21:34:24 UTC 55K followers, XXX engagements "CVE-2025-7800 A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946282039218524584) 2025-07-18 18:52:52 UTC 55K followers, XXX engagements "CVE-2025-44649 In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03 the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase X exposes i"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339051100434898) 2025-07-21 16:53:04 UTC 55K followers, XXX engagements "CVE-2024-13974 A business logic vulnerability in the Up2Date component of Sophos Firewall older than version XXXX MR1 (20.0.1) can lead to attackers controlling the firewalls DNS e"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947300341172621341) 2025-07-21 14:19:15 UTC 55K followers, XXX engagements "CVE-2025-7838 A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System XXX and classified as critical. This vulnerability affects unknown code of the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946625235073065294) 2025-07-19 17:36:37 UTC 55K followers, XXX engagements "CVE-2025-7903 A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Imag"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946981992903364726) 2025-07-20 17:14:14 UTC 55K followers, XXX engagements "CVE-2025-52163 A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiat"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946282040984252442) 2025-07-18 18:52:53 UTC 55K followers, XXX engagements "CVE-2025-53888 RIOT-OS an operating system that supports Internet of Things devices has an ineffective size check implemented with assert() can lead to buffer overflow in versio"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946233231713702329) 2025-07-18 15:38:56 UTC 55K followers, XXX engagements "CVE-2015-10138 The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946535699055808923) 2025-07-19 11:40:50 UTC 55K followers, XXX engagements "CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668199788343741) 2025-07-11 13:46:25 UTC 55K followers, XXX engagements "CVE-2025-7294 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410008892678431) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements "CVE-2025-0886 An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local authenticated user to escalate privileges"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932467296436371) 2025-07-17 19:43:48 UTC 55K followers, XXX engagements "CVE-2025-7907 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/re"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947034683717669114) 2025-07-20 20:43:37 UTC 55K followers, XXX engagements "CVE-2025-46001 An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946207143675277757) 2025-07-18 13:55:16 UTC 55K followers, XXX engagements "CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390811643252974) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements "CVE-2025-7815 A vulnerability which was classified as problematic has been found in PHPGurukul Apartment Visitors Management System XXX. This issue affects some unknown processing"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508121003950438) 2025-07-19 09:51:15 UTC 55K followers, XXX engagements "CVE-2025-36603 Dell AppSync version(s) 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could p"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339050118947233) 2025-07-21 16:53:04 UTC 55K followers, XXX engagements "CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668169098621434) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements "CVE-2025-50057 A DOS vulnerability in RSFiles component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the sea"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946153082087207384) 2025-07-18 10:20:27 UTC 55K followers, XXX engagements "CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195275993141461) 2025-07-15 18:54:28 UTC 55K followers, 1189 engagements "CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410008037106060) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements "CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409989175214258) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements "CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390841976393745) 2025-07-21 20:18:52 UTC 55K followers, XXX engagements "CVE-2025-6233 Mattermost versions 10.8.x = 10.8.1 10.7.x = 10.7.3 10.5.x = 10.5.7 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL fi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946144708511584714) 2025-07-18 09:47:10 UTC 55K followers, XXX engagements "CVE-2025-7883 A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file AiStoneServiceMyControlCen"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946891353821970898) 2025-07-20 11:14:04 UTC 55K followers, XXX engagements "CVE-2025-1469 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947218895603204259) 2025-07-21 08:55:36 UTC 55K followers, XXX engagements "CVE-2025-6781 The Copymatic AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946078245637574877) 2025-07-18 05:23:04 UTC 55K followers, XXX engagements "CVE-2025-7910 A vulnerability classified as critical has been found in D-Link DIR-513 XXXX. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947063358793916923) 2025-07-20 22:37:34 UTC 55K followers, XXX engagements "CVE-2025-7858 A vulnerability classified as problematic has been found in PHPGurukul Apartment Visitors Management System XXX. This affects an unknown part of the file /admin-profile"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946720288684519459) 2025-07-19 23:54:19 UTC 55K followers, XXX engagements "CVE-2025-46384 CWE-434 Unrestricted Upload of File with Dangerous Type"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946946334507794839) 2025-07-20 14:52:33 UTC 55K followers, XXX engagements "CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390792664027228) 2025-07-21 20:18:40 UTC 55K followers, XXX engagements "CVE-2025-7805 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The man"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946296666245480879) 2025-07-18 19:51:00 UTC 55K followers, XXX engagements "CVE-2024-39835 A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool affecting ROS distributions Noetic Ninjemys and"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932472396734929) 2025-07-17 19:43:49 UTC 55K followers, XXX engagements "CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390806198989045) 2025-07-21 20:18:43 UTC 55K followers, XXX engagements "CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409990177759462) 2025-07-21 21:34:57 UTC 55K followers, XXX engagements "CVE-2025-54077 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946244023745650736) 2025-07-18 16:21:49 UTC 55K followers, XXX engagements "CVE-2025-6249 An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932459381862739) 2025-07-17 19:43:46 UTC 55K followers, XXX engagements "CVE-2025-7861 A vulnerability which was classified as critical was found in code-projects Church Donation System XXX. Affected is an unknown function of the file /members/search.ph"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946742251805380695) 2025-07-20 01:21:36 UTC 55K followers, XXX engagements "CVE-2025-50708 An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946296667218530399) 2025-07-18 19:51:00 UTC 55K followers, XXX engagements "CVE-2025-7898 A vulnerability was found in Codecanyon iDentSoft XXX. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of th"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946957070663848023) 2025-07-20 15:35:13 UTC 55K followers, XXX engagements "CVE-2025-7643 The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all ve"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946085263970844903) 2025-07-18 05:50:58 UTC 55K followers, XXX engagements "CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335891855880316) 2025-07-10 15:45:56 UTC 55K followers, XXX engagements "CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX and classified as critical. This issue affects the function updateGoods of the file GoodsController"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409992899850389) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements "CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390813308334271) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements "CVE-2025-4569 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947211149180633108) 2025-07-21 08:24:50 UTC 55K followers, XXX engagements "CVE-2025-24938 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administra"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188857650253990) 2025-07-21 06:56:15 UTC 55K followers, XXX engagements "CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668161687269421) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements "CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users ar"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947232871296422306) 2025-07-21 09:51:09 UTC 55K followers, 1451 engagements "CVE-2025-23267 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook where an attacker could cause a link following by using a specially cr"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932455351095544) 2025-07-17 19:43:45 UTC 55K followers, XXX engagements "CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the componen"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946870662640906377) 2025-07-20 09:51:51 UTC 55K followers, XXX engagements "CVE-2025-7884 A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the componen"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946895321188934119) 2025-07-20 11:29:50 UTC 55K followers, XXX engagements "CVE-2024-39289 A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool affecting ROS distributions Noetic Ninjemys and earlier. The v"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932473344630936) 2025-07-17 19:43:49 UTC 55K followers, XXX engagements "CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410002378969113) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements "CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410006061576382) 2025-07-21 21:35:01 UTC 55K followers, XXX engagements "CVE-2024-41921 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool affecting ROS distributions Noetic Ninjemys and e"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932470144410098) 2025-07-17 19:43:49 UTC 55K followers, XXX engagements "CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668216406110601) 2025-07-11 13:46:29 UTC 55K followers, XXX engagements "CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668170222719111) 2025-07-11 13:46:18 UTC 55K followers, XXX engagements "CVE-2025-53825 Dokploy is a free self-hostable Platform as a Service (PaaS). Prior to version 0.24.3 an unauthenticated preview deployment vulnerability in Dokploy allows any user"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944893507996672506) 2025-07-14 22:55:21 UTC 55K followers, 1420 engagements "CVE-2025-7879 A vulnerability has been found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file m"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946862937643094255) 2025-07-20 09:21:09 UTC 55K followers, XXX engagements "CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390824607846746) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements "CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390798187954221) 2025-07-21 20:18:41 UTC 55K followers, XXX engagements "CVE-2025-53964 GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any ter"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932474259046681) 2025-07-17 19:43:50 UTC 55K followers, XXX engagements "CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947435532180472288) 2025-07-21 23:16:27 UTC 55K followers, XXX engagements "CVE-2025-48965 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than ze"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946998843507179528) 2025-07-20 18:21:12 UTC 55K followers, XXX engagements "CVE-2025-54071 RomM (ROM Manager) allows users to scan enrich browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below an"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397527667449987) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements "CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390807973237030) 2025-07-21 20:18:44 UTC 55K followers, XXX engagements "CVE-2024-55040 Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET re"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322217806893427) 2025-07-21 15:46:10 UTC 55K followers, XXX engagements "CVE-2025-46732 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6 an IDOR vulnerability in the GrapQL Noti"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946227742246096970) 2025-07-18 15:17:07 UTC 55K followers, XXX engagements "CVE-2015-10133 The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to and including 2.1.2 via the Path to header value. This allows authen"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508121960317071) 2025-07-19 09:51:15 UTC 55K followers, XXX engagements "CVE-2025-7817 A vulnerability has been found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functi"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946538138010046845) 2025-07-19 11:50:31 UTC 55K followers, XXX engagements "CVE-2015-10136 The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before XXX via the 'fileid' parameter. This allows unauthenticated attacker"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946508125517091305) 2025-07-19 09:51:16 UTC 55K followers, XXX engagements "CVE-2025-24936 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network st"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947188859843797430) 2025-07-21 06:56:15 UTC 55K followers, XXX engagements "CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390833696866499) 2025-07-21 20:18:50 UTC 55K followers, XXX engagements "CVE-2025-0664 A locally authenticated privileged user can craft a malicious OpenSSL configuration file potentially leading the agent to load an arbitrary local library. This may im"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947202227455594598) 2025-07-21 07:49:22 UTC 55K followers, XXX engagements "CVE-2025-7864 A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/m"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772888268194245) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements "CVE-2025-7886 A vulnerability which was classified as critical was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the fu"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946900513301082485) 2025-07-20 11:50:28 UTC 55K followers, XXX engagements "CVE-2025-7756 A vulnerability classified as problematic has been found in code-projects E-Commerce Site XXX. Affected is an unknown function. The manipulation leads to cross-site req"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945955599826468894) 2025-07-17 21:15:43 UTC 55K followers, XXX engagements "CVE-2025-7784 A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-u"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946207141456429530) 2025-07-18 13:55:15 UTC 55K followers, XXX engagements "CVE-2025-44657 In Linksys EA6350 V2.1.2 the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to sy"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947322222479339546) 2025-07-21 15:46:11 UTC 55K followers, XXX engagements "CVE-2025-44652 In Netgear RAX30 V1.0.10.94_3 the USERLIMIT_GLOBAL option is set to X in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352506608058445) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements "CVE-2025-7887 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file The"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946900512420298755) 2025-07-20 11:50:28 UTC 55K followers, XXX engagements "CVE-2025-7301 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947410004182536577) 2025-07-21 21:35:00 UTC 55K followers, XXX engagements "CVE-2025-7472 A local privilege escalation vulnerability in the Intercept X for Windows installer prior version XXXX can lead to a local user gaining system level privileges if the"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945925390729396265) 2025-07-17 19:15:41 UTC 55K followers, XXX engagements "CVE-2025-2818 A vulnerability was reported in version XXX of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nea"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932464490438660) 2025-07-17 19:43:47 UTC 55K followers, XXX engagements "CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335884700401975) 2025-07-10 15:45:55 UTC 55K followers, XXX engagements "CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700209646571993) 2025-07-11 15:53:36 UTC 55K followers, XXX engagements "CVE-2025-7921 Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability allowing unauthenticated remote attackers to control the program's execution fl"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947196006073774462) 2025-07-21 07:24:39 UTC 55K followers, XXX engagements "CVE-2025-53762 Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946265115004682344) 2025-07-18 17:45:37 UTC 55K followers, XXX engagements "CVE-2025-30477 Dell PowerScale OneFS versions prior to 9.11.0.0 contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote a"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339046063071692) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements "CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405333170971118) 2025-07-21 21:16:27 UTC 55K followers, XXX engagements "CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668168058421744) 2025-07-11 13:46:17 UTC 55K followers, XXX engagements "CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947397529613504520) 2025-07-21 20:45:26 UTC 55K followers, XXX engagements "CVE-2025-44653 In H3C GR2200 MiniGR1A0V100R016 the USERLIMIT_GLOBAL option is set to X in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352507522416840) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements "CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390822833648101) 2025-07-21 20:18:47 UTC 55K followers, XXX engagements "CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409999522672859) 2025-07-21 21:34:59 UTC 55K followers, XXX engagements "CVE-2025-7819 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been classified as problematic. This affects an unknown part of the file /creat"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946557592227942601) 2025-07-19 13:07:49 UTC 55K followers, XXX engagements "CVE-2025-46119 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304 where an authenticated request to the management endpoint /admin/_cmdstat.jsp disclo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307946477588505) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements "CVE-2025-52373 Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailSer"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947331045927309436) 2025-07-21 16:21:15 UTC 55K followers, XXX engagements "CVE-2025-7865 A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946772887395877161) 2025-07-20 03:23:20 UTC 55K followers, XXX engagements "CVE-2025-7905 A vulnerability has been found in itsourcecode Insurance Management System XXX and classified as critical. This vulnerability affects unknown code of the file /insertPa"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947015675957964801) 2025-07-20 19:28:05 UTC 55K followers, XXX engagements "CVE-2025-44654 In Linksys E2500 3.0.04.002 the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files privile"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947352508386390416) 2025-07-21 17:46:32 UTC 55K followers, XXX engagements "CVE-2025-6230 A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permis"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945932463487979922) 2025-07-17 19:43:47 UTC 55K followers, XXX engagements "CVE-2025-7801 A vulnerability has been found in BossSoft CRM XXX and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBa"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946282038182498580) 2025-07-18 18:52:52 UTC 55K followers, XXX engagements "CVE-2025-36846 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vuln"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947361905862959435) 2025-07-21 18:23:53 UTC 55K followers, XXX engagements "CVE-2025-7902 A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/syste"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946975397326840247) 2025-07-20 16:48:02 UTC 55K followers, XXX engagements "CVE-2025-7896 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/dele"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946952151353414003) 2025-07-20 15:15:40 UTC 55K followers, XXX engagements "CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947405332290097206) 2025-07-21 21:16:26 UTC 55K followers, XXX engagements "CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700203262877937) 2025-07-11 15:53:35 UTC 55K followers, XXX engagements "CVE-2025-54079 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prio"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946244021887656404) 2025-07-18 16:21:48 UTC 55K followers, XXX engagements "CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947409996536287596) 2025-07-21 21:34:58 UTC 55K followers, XXX engagements "CVE-2025-54059 melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5 SBOM files generated by melange in apk"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946237811473908029) 2025-07-18 15:57:08 UTC 55K followers, XXX engagements "CVE-2025-54082 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0 a vulnerability was discovered in the marshmallow-packages/no"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947339049179513334) 2025-07-21 16:53:03 UTC 55K followers, XXX engagements "CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390815040639279) 2025-07-21 20:18:45 UTC 55K followers, XXX engagements "CVE-2025-46120 An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector where a path-traversal flaw in the web interface lets the se"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947307947555455400) 2025-07-21 14:49:28 UTC 55K followers, XXX engagements "CVE-2025-7882 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the componen"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946883518480449849) 2025-07-20 10:42:56 UTC 55K followers, XXX engagements "CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947390826331705367) 2025-07-21 20:18:48 UTC 55K followers, XXX engagements "CVE-2025-26854 A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946116774271000737) 2025-07-18 07:56:10 UTC 55K followers, XXX engagements "CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668214321545476) 2025-07-11 13:46:28 UTC 55K followers, XXX engagements "CVE-2025-7396 In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementati"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946343153939718233) 2025-07-18 22:55:43 UTC 55K followers, XXX engagements "CVE-2025-7785 A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946176886478143597) 2025-07-18 11:55:02 UTC 55K followers, XXX engagements "CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205968224749) 2025-07-11 15:53:35 UTC 55K followers, XXX engagements "CVE-2025-7894 A vulnerability which was classified as critical has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/age"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946936863006089296) 2025-07-20 14:14:55 UTC 55K followers, XXX engagements "CVE-2025-52169 agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1946282041873432854) 2025-07-18 18:52:53 UTC 55K followers, XXX engagements "CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668162756747774) 2025-07-11 13:46:16 UTC 55K followers, XXX engagements "CVE-2025-49888 Missing Authorization vulnerability in pimwick PW WooCommerce On Sale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562974405427393) 2025-07-16 19:15:34 UTC 55K followers, XXX engagements "CVE-2025-51403 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web s"  [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1947375002992402540) 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew
"CVE-2025-6232 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions" @CVEnew on X 2025-07-17 19:43:47 UTC 55K followers, XXX engagements
"CVE-2025-6717 The plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to and including 2.2.56 due to insufficient escaping on the us" @CVEnew on X 2025-07-18 05:50:57 UTC 55K followers, XXX engagements
"CVE-2025-46385 CWE-918 Server-Side Request Forgery (SSRF)" @CVEnew on X 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS)" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7867 A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component" @CVEnew on X 2025-07-20 04:28:07 UTC 55K followers, XXX engagements
"CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user" @CVEnew on X 2025-07-11 15:53:39 UTC 55K followers, XXX engagements
"CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-47995 Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network" @CVEnew on X 2025-07-18 17:45:38 UTC 55K followers, XXX engagements
"CVE-2025-7962 In Jakarta Mail XXX it is possible to preform a SMTP Injection by utilizing ther and n UTF-8 characters to separate different messages" @CVEnew on X 2025-07-21 17:46:31 UTC 55K followers, XXX engagements
"CVE-2025-52374 Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.conf" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases" @CVEnew on X 2025-07-11 15:53:38 UTC 55K followers, XXX engagements
"CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-51396 A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow" @CVEnew on X 2025-07-11 15:53:38 UTC 55K followers, XXX engagements
"CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-7869 A vulnerability which was classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intr" @CVEnew on X 2025-07-20 05:29:33 UTC 55K followers, XXX engagements
"CVE-2025-7222 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte" @CVEnew on X 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-6726 The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_" @CVEnew on X 2025-07-18 05:50:57 UTC 55K followers, XXX engagements
"CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-50583 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module" @CVEnew on X 2025-07-18 20:44:28 UTC 55K followers, XXX engagements
"CVE-2025-1700 A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges" @CVEnew on X 2025-07-17 19:43:48 UTC 55K followers, XXX engagements
"CVE-2025-53901 Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4 33.0.2 and 34.0.2 a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead" @CVEnew on X 2025-07-18 17:45:37 UTC 55K followers, XXX engagements
"CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7757 A vulnerability classified as critical was found in PHPGurukul Land Record System XXX. Affected by this vulnerability is an unknown functionality of the file /edit-prop" @CVEnew on X 2025-07-17 21:34:24 UTC 55K followers, XXX engagements
"CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-7767 A vulnerability which was classified as problematic has been found in PHPGurukul Art Gallery Management System XXX. Affected by this issue is some unknown functionali" @CVEnew on X 2025-07-18 03:09:55 UTC 55K followers, XXX engagements
"CVE-2025-7638 The Forminator Forms Contact Form Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in a" @CVEnew on X 2025-07-18 05:23:05 UTC 55K followers, XXX engagements
"CVE-2025-7749 A vulnerability which was classified as critical has been found in code-projects Online Appointment Booking System XXX. This issue affects some unknown processing of" @CVEnew on X 2025-07-17 19:15:42 UTC 55K followers, XXX engagements
"CVE-2025-7926 A vulnerability which was classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. This affects an unknown part of the file /admin/booking" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-52166 Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensit" @CVEnew on X 2025-07-18 18:23:20 UTC 55K followers, XXX engagements
"CVE-2025-54122 Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy hand" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4130 Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7877 A vulnerability which was classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile" @CVEnew on X 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-7925 A vulnerability which was classified as problematic has been found in PHPGurukul Online Banquet Booking System XXX. Affected by this issue is some unknown functionali" @CVEnew on X 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-50126 A stored XSS vulnerability in the RSBlog component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or" @CVEnew on X 2025-07-18 10:20:26 UTC 55K followers, XXX engagements
"CVE-2025-7911 A vulnerability classified as critical was found in D-Link DI-8100 XXX. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhtt" @CVEnew on X 2025-07-20 22:53:44 UTC 55K followers, XXX engagements
"CVE-2025-7802 A vulnerability was found in PHPGurukul Complaint Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file" @CVEnew on X 2025-07-18 19:30:30 UTC 55K followers, XXX engagements
"CVE-2025-51397 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2024-13972 A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privile" @CVEnew on X 2025-07-17 19:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7859 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/update_passwo" @CVEnew on X 2025-07-20 01:21:36 UTC 55K followers, XXX engagements
"CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-6053 The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.0. This is due to missing or inco" @CVEnew on X 2025-07-18 05:23:05 UTC 55K followers, XXX engagements
"CVE-2025-49486 A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items" @CVEnew on X 2025-07-18 10:20:27 UTC 55K followers, XXX engagements
"CVE-2025-6813 The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions XXX t" @CVEnew on X 2025-07-18 05:23:05 UTC 55K followers, XXX engagements
"CVE-2025-4657 A buffer overflow vulnerability was reported in the Lenovo Protection Driver prior to version 5.1.1110.4231 used in Lenovo PC Manager Lenovo Browser and Lenovo App" @CVEnew on X 2025-07-17 19:43:46 UTC 55K followers, XXX engagements
"CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below the NodeJS version of HAX CMS has a disabled Conte" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-4570 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se" @CVEnew on X 2025-07-21 08:24:49 UTC 55K followers, XXX engagements
"CVE-2025-43977 The application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction b" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-7790 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP" @CVEnew on X 2025-07-18 15:38:56 UTC 55K followers, XXX engagements
"CVE-2025-4129 Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.0" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7486 The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to and including XXXXXX due to insufficient" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7854 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation o" @CVEnew on X 2025-07-19 20:55:08 UTC 55K followers, XXX engagements
"CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at" @CVEnew on X 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-44655 In TOTOLink A7100RU V7.4 A950RG V5.9 and T10 V5.9 the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system file" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7395 A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client" @CVEnew on X 2025-07-18 22:39:28 UTC 55K followers, XXX engagements
"CVE-2025-7920 WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability allowing unauthenticated remote attackers to execute arbitrar" @CVEnew on X 2025-07-21 07:49:23 UTC 55K followers, XXX engagements
"CVE-2025-7928 A vulnerability was found in code-projects Church Donation System XXX and classified as critical. This issue affects some unknown processing of the file /members/edit_u" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-54075 MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2 a remote script-inclusion / stored cross-" @CVEnew on X 2025-07-18 15:57:07 UTC 55K followers, XXX engagements
"CVE-2025-41678 A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX. It has been classified as critical. Affected is the function addGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-7919 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-50581 MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do" @CVEnew on X 2025-07-18 20:44:28 UTC 55K followers, XXX engagements
"CVE-2025-7772 The Malcure Malware Scanner #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1" @CVEnew on X 2025-07-18 06:56:46 UTC 55K followers, XXX engagements
"CVE-2025-54073 mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and" @CVEnew on X 2025-07-18 15:57:07 UTC 55K followers, XXX engagements
"CVE-2025-38351 In the Linux kernel the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hy" @CVEnew on X 2025-07-19 12:29:04 UTC 55K followers, XXX engagements
"CVE-2025-3753 A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool affecting ROS distributions Noetic Ninjemys and earlier. The vulne" @CVEnew on X 2025-07-17 19:43:48 UTC 55K followers, XXX engagements
"CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-27209 The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an a" @CVEnew on X 2025-07-18 23:16:18 UTC 55K followers, XXX engagements
"CVE-2025-7888 A vulnerability was found in TDuckCloud tduck-platform XXX and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/" @CVEnew on X 2025-07-20 13:09:07 UTC 55K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l" @CVEnew on X 2025-07-11 15:53:38 UTC 55K followers, XXX engagements
"CVE-2025-5767 The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width parameter in all versions up to and including 3.1.1" @CVEnew on X 2025-07-18 05:50:57 UTC 55K followers, XXX engagements
"CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7807 A vulnerability which was classified as critical has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlF" @CVEnew on X 2025-07-18 20:55:36 UTC 55K followers, XXX engagements
"CVE-2024-27779 An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below version 4.2.6 and below XXX all versions XXX all ve" @CVEnew on X 2025-07-18 08:52:21 UTC 55K followers, XXX engagements
"CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-7369 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 7.4.2. This is due" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-50586 StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF)" @CVEnew on X 2025-07-18 17:45:39 UTC 55K followers, XXX engagements
"CVE-2023-52672 In the Linux kernel the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notificatio" @CVEnew on X 2024-05-17 19:51:18 UTC 55K followers, XXX engagements
"CVE-2016-15043 The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to and incl" @CVEnew on X 2025-07-19 09:51:15 UTC 55K followers, XXX engagements
"CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-4040 Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic St" @CVEnew on X 2025-07-21 13:28:30 UTC 55K followers, XXX engagements
"CVE-2025-49087 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4 a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mod" @CVEnew on X 2025-07-20 18:50:37 UTC 55K followers, XXX engagements
"CVE-2025-7895 A vulnerability which was classified as critical was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/contro" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-54319 An issue was discovered in Westermo WeOS X (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging" @CVEnew on X 2025-07-20 20:54:14 UTC 55K followers, XXX engagements
"CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7433 A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution" @CVEnew on X 2025-07-17 19:15:40 UTC 55K followers, XXX engagements
"CVE-2025-46123 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where the authent" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also v" @CVEnew on X 2025-07-16 19:15:30 UTC 55K followers, XXX engagements
"CVE-2025-50056 A reflected XSS vulnerability in RSMail component 1.19.20 - 1.22.26 XX Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTM" @CVEnew on X 2025-07-18 10:20:27 UTC 55K followers, XXX engagements
"CVE-2025-46002 An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint" @CVEnew on X 2025-07-18 14:42:12 UTC 55K followers, XXX engagements
"CVE-2025-44658 In Netgear RAX30 V1.0.10.94 a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker m" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d" @CVEnew on X 2025-07-11 13:46:29 UTC 55K followers, XXX engagements
"CVE-2015-10134 The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to and including 2.7.10. via the download_backup_file function. This" @CVEnew on X 2025-07-19 09:51:16 UTC 55K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-46000 An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary cod" @CVEnew on X 2025-07-18 15:17:08 UTC 55K followers, XXX engagements
"CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container where an attacker could execute arbitrary code wit" @CVEnew on X 2025-07-17 19:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7794 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStat" @CVEnew on X 2025-07-18 17:18:18 UTC 55K followers, XXX engagements
"CVE-2025-50585 StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl" @CVEnew on X 2025-07-18 18:52:53 UTC 55K followers, XXX engagements
"CVE-2025-54068 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3 a vulnerability allows unauthenticated attackers to achieve remote command" @CVEnew on X 2025-07-17 19:15:41 UTC 55K followers, XXX engagements
"CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46383 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-50151 File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users ar" @CVEnew on X 2025-07-21 09:51:07 UTC 55K followers, XXX engagements
"CVE-2025-7655 The Live Stream Badger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livestream' shortcode in all versions up to and including 1" @CVEnew on X 2025-07-19 03:55:51 UTC 55K followers, XXX engagements
"CVE-2025-7818 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of" @CVEnew on X 2025-07-19 13:07:50 UTC 55K followers, XXX engagements
"CVE-2025-7786 A vulnerability which was classified as problematic has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popi" @CVEnew on X 2025-07-18 13:55:16 UTC 55K followers, XXX engagements
"CVE-2025-7913 A vulnerability which was classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service" @CVEnew on X 2025-07-20 23:52:52 UTC 55K followers, XXX engagements
"CVE-2025-7906 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/jav" @CVEnew on X 2025-07-20 19:50:37 UTC 55K followers, XXX engagements
"CVE-2025-7855 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. T" @CVEnew on X 2025-07-19 21:15:14 UTC 55K followers, XXX engagements
"CVE-2025-7893 A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xm" @CVEnew on X 2025-07-20 13:55:57 UTC 55K followers, XXX engagements
"CVE-2025-24937 File contents could be read from the local file system by an attacker. Additionally malicious code could be inserted in the file leading to a full compromise of the" @CVEnew on X 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-43976 The application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-7438 The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' funct" @CVEnew on X 2025-07-18 06:56:46 UTC 55K followers, XXX engagements
"CVE-2025-7936 A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is" @CVEnew on X 2025-07-21 19:50:43 UTC 55K followers, XXX engagements
"CVE-2025-7788 A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file s" @CVEnew on X 2025-07-18 15:17:07 UTC 55K followers, XXX engagements
"CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-7783 Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data" @CVEnew on X 2025-07-18 16:53:33 UTC 55K followers, XXX engagements
"CVE-2025-6982 Use of Hard-coded Credentials in TP-Link Archer C50 V3( = 180703)/V4( = 250117 )/V5( = 200407 )allows attackers to decrypt the config.xml files" @CVEnew on X 2025-07-16 20:45:03 UTC 55K followers, 1035 engagements
"CVE-2025-43720 Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role revealing the" @CVEnew on X 2025-07-21 17:17:42 UTC 55K followers, XXX engagements
"CVE-2025-7806 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilt" @CVEnew on X 2025-07-18 20:44:27 UTC 55K followers, XXX engagements
"CVE-2025-7871 A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulat" @CVEnew on X 2025-07-20 06:51:34 UTC 55K followers, XXX engagements
"CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-50584 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module" @CVEnew on X 2025-07-18 19:41:53 UTC 55K followers, XXX engagements
"CVE-2025-7755 A vulnerability was found in code-projects Online Ordering System XXX. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit" @CVEnew on X 2025-07-17 20:56:50 UTC 55K followers, XXX engagements
"CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-7909 A vulnerability was found in D-Link DIR-513 XXX. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSet" @CVEnew on X 2025-07-20 21:51:51 UTC 55K followers, XXX engagements
"CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7856 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been declared as problematic. Affected by this vulnerability is an unknown func" @CVEnew on X 2025-07-19 21:51:06 UTC 55K followers, XXX engagements
"CVE-2025-7863 A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/c" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7660 The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to and includin" @CVEnew on X 2025-07-18 05:23:05 UTC 55K followers, XXX engagements
"CVE-2025-7836 A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /h" @CVEnew on X 2025-07-19 17:15:25 UTC 55K followers, XXX engagements
"CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2020-26799 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7857 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been rated as problematic. Affected by this issue is some unknown functionality" @CVEnew on X 2025-07-19 23:17:42 UTC 55K followers, XXX engagements
"CVE-2025-41679 An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2025-7795 A vulnerability which was classified as critical has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P" @CVEnew on X 2025-07-18 17:45:37 UTC 55K followers, XXX engagements
"CVE-2025-7648 The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to and incl" @CVEnew on X 2025-07-18 05:23:06 UTC 55K followers, XXX engagements
"CVE-2025-41674 A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-7762 A vulnerability which was classified as critical has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.as" @CVEnew on X 2025-07-17 22:16:21 UTC 55K followers, XXX engagements
"CVE-2025-46118 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where hard-coded c" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-4049 Use of hard-coded the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.T" @CVEnew on X 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-7901 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index" @CVEnew on X 2025-07-20 15:35:12 UTC 55K followers, XXX engagements
"CVE-2025-54316 An issue was discovered in Logpoint before 7.6.0. When creating reports attackers can create custom Jinja templates that chained built-in filter functions to generat" @CVEnew on X 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-49828 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager Self-Hosted (formerly k" @CVEnew on X 2025-07-15 19:52:59 UTC 55K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-49485 A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter" @CVEnew on X 2025-07-18 10:20:27 UTC 55K followers, XXX engagements
"CVE-2025-7837 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT" @CVEnew on X 2025-07-19 17:15:24 UTC 55K followers, XXX engagements
"CVE-2025-38349 In the Linux kernel the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out tha" @CVEnew on X 2025-07-18 08:22:20 UTC 55K followers, XXX engagements
"CVE-2025-7829 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t" @CVEnew on X 2025-07-19 13:55:22 UTC 55K followers, XXX engagements
"CVE-2025-7873 A vulnerability was found in Metasoft MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file" @CVEnew on X 2025-07-20 07:15:20 UTC 55K followers, XXX engagements
"CVE-2025-41673 A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements us" @CVEnew on X 2025-07-21 09:51:10 UTC 55K followers, XXX engagements
"CVE-2025-7431 The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to and including 2.3.1 due to insu" @CVEnew on X 2025-07-18 03:09:55 UTC 55K followers, XXX engagements
"CVE-2025-41458 Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the apps filesyste" @CVEnew on X 2025-07-21 11:32:58 UTC 55K followers, XXX engagements
"CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-51868 Insecure Direct Object Reference (IDOR) vulnerability in Dippy v2 allows attackers to gain sensitive information via the conversation_id parameter to" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-7750 A vulnerability which was classified as critical was found in code-projects Online Appointment Booking System XXX. Affected is an unknown function of the file /admin/" @CVEnew on X 2025-07-17 19:15:41 UTC 55K followers, XXX engagements
"CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:39 UTC 55K followers, XXX engagements
"CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a" @CVEnew on X 2025-07-11 15:53:35 UTC 55K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300" @CVEnew on X 2025-07-11 15:53:35 UTC 55K followers, XXX engagements
"CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7798 A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to XXX. This affects an unk" @CVEnew on X 2025-07-18 18:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7918 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-7392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7914 A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component" @CVEnew on X 2025-07-21 03:21:44 UTC 55K followers, XXX engagements
"CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-7915 A vulnerability was found in Chanjet CRM XXX and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the" @CVEnew on X 2025-07-21 03:21:43 UTC 55K followers, XXX engagements
"CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to" @CVEnew on X 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-46102 Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remot" @CVEnew on X 2025-07-17 19:15:42 UTC 55K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3 7.4.0" @CVEnew on X 2025-07-17 15:45:51 UTC 55K followers, XXX engagements
"CVE-2025-7935 A vulnerability which was classified as critical was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLo" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7880 A vulnerability was found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/co" @CVEnew on X 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-7394 In the OpenSSL compatibility layer implementation the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned fr" @CVEnew on X 2025-07-18 22:55:44 UTC 55K followers, XXX engagements
"CVE-2025-7791 A vulnerability was found in PHPGurukul Online Security Guards Hiring System XXX. It has been declared as problematic. This vulnerability affects unknown code of the fi" @CVEnew on X 2025-07-18 15:57:08 UTC 55K followers, XXX engagements
"CVE-2025-7929 A vulnerability was found in code-projects Church Donation System XXX. It has been classified as critical. Affected is an unknown function of the file /members/edit_Mem" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede" @CVEnew on X 2025-07-21 18:54:50 UTC 55K followers, XXX engagements
"CVE-2025-7751 A vulnerability has been found in code-projects Online Appointment Booking System XXX and classified as critical. Affected by this vulnerability is an unknown functiona" @CVEnew on X 2025-07-17 19:43:48 UTC 55K followers, XXX engagements
"CVE-2025-5754 The Useful Tab Block Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in all versions up to" @CVEnew on X 2025-07-18 05:50:58 UTC 55K followers, XXX engagements
"CVE-2025-47917 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509" @CVEnew on X 2025-07-20 19:13:18 UTC 55K followers, XXX engagements
"CVE-2025-23270 NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode where an unprivileged local attacker may cause exposure of sensitive information via a side chan" @CVEnew on X 2025-07-17 20:18:21 UTC 55K followers, XXX engagements
"CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7752 A vulnerability was found in code-projects Online Appointment Booking System XXX and classified as critical. Affected by this issue is some unknown functionality of the" @CVEnew on X 2025-07-17 19:43:45 UTC 55K followers, XXX engagements
"CVE-2025-51869 Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id thread_id and mes" @CVEnew on X 2025-07-21 19:32:41 UTC 55K followers, XXX engagements
"CVE-2025-46117 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where a hidden de" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-1729 A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that under certain conditions could allow a local attacker to escalate privileges" @CVEnew on X 2025-07-17 19:43:48 UTC 55K followers, XXX engagements
"CVE-2025-7763 A vulnerability which was classified as problematic was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO" @CVEnew on X 2025-07-17 22:40:30 UTC 55K followers, XXX engagements
"CVE-2025-5681 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23" @CVEnew on X 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-52362 Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl" @CVEnew on X 2025-07-21 19:15:56 UTC 55K followers, XXX engagements
"CVE-2025-7787 A vulnerability which was classified as critical was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file srcmainjavacomxxlj" @CVEnew on X 2025-07-18 14:42:12 UTC 55K followers, XXX engagements
"CVE-2025-6023 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. Th" @CVEnew on X 2025-07-18 07:56:10 UTC 55K followers, XXX engagements
"CVE-2025-7834 A vulnerability which was classified as problematic was found in PHPGurukul Complaint Management System XXX. Affected is an unknown function. The manipulation leads t" @CVEnew on X 2025-07-19 16:49:19 UTC 55K followers, XXX engagements
"CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-54121 Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit designed for building async web services in Python. In versions 0.47.1 and" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:02 UTC 55K followers, XXX engagements
"CVE-2025-5800 The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto_play parameter in all versions up to and including 1.2.1 du" @CVEnew on X 2025-07-18 05:50:56 UTC 55K followers, XXX engagements
"CVE-2025-53528 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below the version parameter of the "/docs" endpo" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-6197 An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must" @CVEnew on X 2025-07-18 07:56:10 UTC 55K followers, XXX engagements
"CVE-2025-6718 The plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to and including 2" @CVEnew on X 2025-07-18 05:50:58 UTC 55K followers, XXX engagements
"CVE-2025-7904 A vulnerability which was classified as critical was found in itsourcecode Insurance Management System XXX. This affects an unknown part of the file /insertNominee.ph" @CVEnew on X 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent" @CVEnew on X 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7932 A vulnerability classified as critical has been found in D-Link DIR817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation l" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-44651 In TRENDnet TPL-430AP FW1.0 the USERLIMIT_GLOBAL option is set to X in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are conn" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-6235 In ExtremeControl before 25.5.12 a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from impro" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive inf" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-52164 Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext" @CVEnew on X 2025-07-18 17:57:57 UTC 55K followers, XXX engagements
"CVE-2025-5811 The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in" @CVEnew on X 2025-07-18 05:50:56 UTC 55K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l" @CVEnew on X 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas" @CVEnew on X 2025-07-11 15:53:35 UTC 55K followers, XXX engagements
"CVE-2025-41676 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-6719 The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 3.4.8 due to insuffici" @CVEnew on X 2025-07-18 05:50:57 UTC 55K followers, XXX engagements
"CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7876 A vulnerability classified as critical was found in Metasoft MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. Th" @CVEnew on X 2025-07-20 07:51:33 UTC 55K followers, XXX engagements
"CVE-2025-7797 A vulnerability was found in GPAC up to XXX. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/medi" @CVEnew on X 2025-07-18 17:57:57 UTC 55K followers, XXX engagements
"CVE-2025-6222 The WooCommerce Refund And Exchange with RMA - Warranty Management Refund Policy Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to" @CVEnew on X 2025-07-18 05:50:58 UTC 55K followers, XXX engagements
"CVE-2025-41675 A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of sp" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-3740 The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 93.1.0 via the 'page' parame" @CVEnew on X 2025-07-18 05:23:06 UTC 55K followers, XXX engagements
"CVE-2025-45156 Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users" @CVEnew on X 2025-07-18 17:18:18 UTC 55K followers, XXX engagements
"CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7885 A vulnerability which was classified as problematic has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the comp" @CVEnew on X 2025-07-20 11:29:50 UTC 55K followers, XXX engagements
"CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-54317 An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template whi" @CVEnew on X 2025-07-20 19:13:19 UTC 55K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:45:27 UTC 55K followers, XXX engagements
"CVE-2025-2301 Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects" @CVEnew on X 2025-07-21 11:53:15 UTC 55K followers, XXX engagements
"CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2025-7792 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter" @CVEnew on X 2025-07-18 16:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7398 Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036" @CVEnew on X 2025-07-17 21:56:18 UTC 55K followers, XXX engagements
"CVE-2025-6248 A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page w" @CVEnew on X 2025-07-17 19:43:46 UTC 55K followers, XXX engagements
"CVE-2025-7889 A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidMan" @CVEnew on X 2025-07-20 13:09:07 UTC 55K followers, XXX engagements
"CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below the NodeJS version of HAX CMS uses an ins" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-51398 A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTM" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-53770 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that a" @CVEnew on X 2025-07-20 01:21:35 UTC 55K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec" @CVEnew on X 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-6227 Mattermost versions 10.5.x = 10.5.7 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and pass" @CVEnew on X 2025-07-18 11:45:15 UTC 55K followers, XXX engagements
"CVE-2025-52168 Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitr" @CVEnew on X 2025-07-18 17:45:39 UTC 55K followers, XXX engagements
"CVE-2025-7602 A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component" @CVEnew on X 2025-07-14 12:32:04 UTC 55K followers, XXX engagements
"CVE-2024-13175 Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0" @CVEnew on X 2025-07-18 14:17:05 UTC 55K followers, XXX engagements
"CVE-2025-51401 A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML vi" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-33014 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4uses a web link with untrusted references to an external" @CVEnew on X 2025-07-18 19:14:46 UTC 55K followers, XXX engagements
"CVE-2025-7759 A vulnerability which was classified as critical was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/j" @CVEnew on X 2025-07-17 21:56:18 UTC 55K followers, XXX engagements
"CVE-2025-7866 A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_defici" @CVEnew on X 2025-07-20 04:28:07 UTC 55K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-49484 A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parame" @CVEnew on X 2025-07-18 10:20:26 UTC 55K followers, XXX engagements
"CVE-2025-51400 A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
"CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below the HAX CMS NodeJS application crashes when an aut" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-6226 Mattermost versions 10.5.x = 10.5.6 10.8.x = 10.8.1 10.7.x = 10.7.3 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID w" @CVEnew on X 2025-07-18 09:20:54 UTC 55K followers, XXX engagements
"CVE-2025-7343 The SFT developed by Digiwin has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read modify and delete d" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-7840 A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System XXX. It has been classified as problematic. This affects an unknown part of the file" @CVEnew on X 2025-07-19 18:50:08 UTC 55K followers, XXX engagements
"CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:38 UTC 55K followers, XXX engagements
"CVE-2025-50582 StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module" @CVEnew on X 2025-07-18 20:44:28 UTC 55K followers, XXX engagements
"CVE-2025-7875 A vulnerability classified as critical has been found in Metasoft MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads" @CVEnew on X 2025-07-20 07:32:41 UTC 55K followers, XXX engagements
"CVE-2015-10135 The WPshop X E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions befo" @CVEnew on X 2025-07-19 09:51:15 UTC 55K followers, XXX engagements
"CVE-2025-54309 CrushFTP XX before 10.8.5 and XX before 11.3.4_23 when the DMZ proxy feature is not used mishandles AS2 validation and consequently allows remote attackers to obtai" @CVEnew on X 2025-07-18 18:23:21 UTC 55K followers, XXX engagements
"CVE-2025-7862 A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7831 A vulnerability classified as critical has been found in code-projects Church Donation System XXX. This affects an unknown part of the file /members/Tithes.php. The man" @CVEnew on X 2025-07-19 15:35:08 UTC 55K followers, XXX engagements
"CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:49 UTC 55K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7814 A vulnerability classified as critical was found in code-projects Food Ordering Review System XXX. This vulnerability affects unknown code of the file /pages/signup_fun" @CVEnew on X 2025-07-18 21:51:39 UTC 55K followers, XXX engagements
"CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-7897 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/con" @CVEnew on X 2025-07-20 15:15:39 UTC 55K followers, XXX engagements
"CVE-2025-7878 A vulnerability which was classified as critical was found in Metasoft MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp" @CVEnew on X 2025-07-20 08:47:04 UTC 55K followers, XXX engagements
"CVE-2025-2425 Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitra" @CVEnew on X 2025-07-18 09:47:10 UTC 55K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke" @CVEnew on X 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-53816 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in vers" @CVEnew on X 2025-07-17 19:15:42 UTC 55K followers, XXX engagements
"CVE-2025-54078 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-18 16:21:49 UTC 55K followers, XXX engagements
"CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functionality" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-54076 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-18 16:21:49 UTC 55K followers, XXX engagements
"CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7931 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7934 A vulnerability which was classified as critical has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the fu" @CVEnew on X 2025-07-21 19:15:54 UTC 55K followers, XXX engagements
"CVE-2025-49747 Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network" @CVEnew on X 2025-07-18 17:45:39 UTC 55K followers, XXX engagements
"CVE-2025-7354 The WP Shortcodes Plugin Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-54313 eslint-config-prettier 8.10.1 9.1.1 10.1.6 and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install" @CVEnew on X 2025-07-19 16:49:19 UTC 55K followers, XXX engagements
"CVE-2025-41677 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, XXX engagements
"CVE-2025-6720 The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to" @CVEnew on X 2025-07-19 05:56:01 UTC 55K followers, XXX engagements
"CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-47158 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network" @CVEnew on X 2025-07-18 17:45:38 UTC 55K followers, XXX engagements
"CVE-2025-52575 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authent" @CVEnew on X 2025-07-21 18:23:52 UTC 55K followers, XXX engagements
"CVE-2025-53771 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a" @CVEnew on X 2025-07-20 22:37:33 UTC 55K followers, XXX engagements
"CVE-2025-44647 In TRENDnet TEW-WLC100P 2.03b03 the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file so that IKE Respon" @CVEnew on X 2025-07-21 15:57:55 UTC 55K followers, XXX engagements
"CVE-2025-53945 apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5 critical files were inadv" @CVEnew on X 2025-07-18 15:38:56 UTC 55K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component" @CVEnew on X 2025-07-11 15:53:41 UTC 55K followers, XXX engagements
"CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7927 A vulnerability has been found in PHPGurukul Online Banquet Booking System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/vi" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-7764 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System XXX. Affected is an unknown function of the file /admin/deleted" @CVEnew on X 2025-07-17 22:54:54 UTC 55K followers, XXX engagements
"CVE-2025-7941 A vulnerability which was classified as problematic was found in PHPGurukul Time Table Generator System XXX. Affected is an unknown function of the file /admin/profil" @CVEnew on X 2025-07-21 22:41:16 UTC 55K followers, XXX engagements
"CVE-2025-7916 WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary code on the ser" @CVEnew on X 2025-07-21 06:28:14 UTC 55K followers, XXX engagements
"CVE-2025-7868 A vulnerability classified as problematic was found in Portabilis i-Educar 2.9.0. Affected by this vulnerability is an unknown functionality of the file /intranet/educa" @CVEnew on X 2025-07-20 05:00:56 UTC 55K followers, XXX engagements
"CVE-2025-7715 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This iss" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-6721 The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() fun" @CVEnew on X 2025-07-19 05:56:01 UTC 55K followers, XXX engagements
"CVE-2025-7912 A vulnerability which was classified as critical has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the compon" @CVEnew on X 2025-07-20 23:16:58 UTC 55K followers, XXX engagements
"CVE-2025-7917 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability allowing remote attackers with administrator privileges to upload and" @CVEnew on X 2025-07-21 06:56:16 UTC 55K followers, XXX engagements
"CVE-2025-54314 Thor before 1.4.0 can construct an unsafe shell command from library input" @CVEnew on X 2025-07-20 03:23:21 UTC 55K followers, XXX engagements
"CVE-2025-36845 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-7870 A vulnerability which was classified as problematic was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endp" @CVEnew on X 2025-07-20 05:50:13 UTC 55K followers, XXX engagements
"CVE-2025-50058 A stored XSS vulnerability in the RSDirectory component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web sc" @CVEnew on X 2025-07-18 10:20:26 UTC 55K followers, XXX engagements
"CVE-2025-7753 A vulnerability was found in code-projects Online Appointment Booking System XXX. It has been classified as critical. This affects an unknown part of the file /admin/ad" @CVEnew on X 2025-07-17 19:51:24 UTC 55K followers, XXX engagements
"CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System XXX. This vulnerability affects unknown code of the file /pages/settings_update" @CVEnew on X 2025-07-21 18:54:51 UTC 55K followers, XXX engagements
"CVE-2024-32124 An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4 version 2.4.3 XXX all versions logging component may allow a remote authenticated" @CVEnew on X 2025-07-18 08:52:21 UTC 55K followers, XXX engagements
"CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below the application returns a" @CVEnew on X 2025-07-21 21:16:25 UTC 55K followers, XXX engagements
"CVE-2025-7930 A vulnerability was found in code-projects Church Donation System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7393 Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0" @CVEnew on X 2025-07-21 16:53:02 UTC 55K followers, XXX engagements
"CVE-2025-7344 The EAI developed by Digiwin has a Privilege Escalation vulnerability allowing remote attackers with regular privileges to elevate their privileges to administrator le" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-27210 An incomplete fix has been identified for CVE-2025-23084 in Node.js specifically affecting Windows device names like CON PRN and AUX. This vulnerability affect" @CVEnew on X 2025-07-18 23:16:18 UTC 55K followers, XXX engagements
"CVE-2024-56220 Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notificatio" @CVEnew on X 2024-12-31 10:14:56 UTC 55K followers, XXX engagements
"CVE-2025-45157 Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users" @CVEnew on X 2025-07-18 17:18:18 UTC 55K followers, XXX engagements
"CVE-2024-42209 HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to which is ca" @CVEnew on X 2025-07-17 19:43:46 UTC 55K followers, XXX engagements
"CVE-2025-49746 Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network" @CVEnew on X 2025-07-18 17:45:38 UTC 55K followers, XXX engagements
"CVE-2025-54310 qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp" @CVEnew on X 2025-07-18 19:41:53 UTC 55K followers, XXX engagements
"CVE-2025-7908 A vulnerability was found in D-Link DI-8100 XXX. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.aspopt=add" @CVEnew on X 2025-07-20 21:15:02 UTC 55K followers, XXX engagements
"CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable" @CVEnew on X 2025-07-15 19:44:19 UTC 55K followers, XXX engagements
"CVE-2024-13973 A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR1 (21.0.1) can potentially lead to administrators achieving arbitrar" @CVEnew on X 2025-07-21 14:19:14 UTC 55K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive" @CVEnew on X 2025-07-11 15:53:38 UTC 55K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch" @CVEnew on X 2025-07-08 05:18:03 UTC 55K followers, XXX engagements
"CVE-2025-53832 Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which e" @CVEnew on X 2025-07-21 20:45:25 UTC 55K followers, XXX engagements
"CVE-2025-7789 A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/x" @CVEnew on X 2025-07-18 15:38:56 UTC 55K followers, XXX engagements
"CVE-2025-6185 Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability allowing an attacker to craft a malicious payload in URL paramet" @CVEnew on X 2025-07-17 23:35:34 UTC 55K followers, XXX engagements
"CVE-2025-7793 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipu" @CVEnew on X 2025-07-18 16:53:34 UTC 55K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to" @CVEnew on X 2025-07-11 15:53:37 UTC 55K followers, XXX engagements
"CVE-2025-7803 A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function vali" @CVEnew on X 2025-07-18 19:30:30 UTC 55K followers, XXX engagements
"CVE-2025-46116 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where an authenti" @CVEnew on X 2025-07-21 14:49:27 UTC 55K followers, XXX engagements
"CVE-2025-7717 Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0 from 2.0.0 before 2.0.1" @CVEnew on X 2025-07-21 16:53:01 UTC 55K followers, XXX engagements
"CVE-2025-5816 The Plugin Pengiriman WooCommerce Kurir Reguler Instan Kargo Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to" @CVEnew on X 2025-07-18 05:23:05 UTC 55K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG" @CVEnew on X 2025-07-11 15:53:38 UTC 55K followers, XXX engagements
"CVE-2025-44650 In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2 the USERLIMIT_GLOBAL option is set to X in the bftpd.conf configuration file. This can cause DoS attacks" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage" @CVEnew on X 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2012-10019 The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3" @CVEnew on X 2025-07-19 09:51:15 UTC 55K followers, XXX engagements
"CVE-2025-46382 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by" @CVEnew on X 2025-07-11 15:53:34 UTC 55K followers, XXX engagements
"CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-6231 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions" @CVEnew on X 2025-07-17 19:43:47 UTC 55K followers, XXX engagements
"CVE-2025-7397 A vulnerability in the ascgshell of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command histor" @CVEnew on X 2025-07-17 22:16:20 UTC 55K followers, XXX engagements
"CVE-2025-7874 A vulnerability was found in Metasoft MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env" @CVEnew on X 2025-07-20 07:15:19 UTC 55K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body" @CVEnew on X 2025-07-11 15:53:42 UTC 55K followers, XXX engagements
"CVE-2025-6391 Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implica" @CVEnew on X 2025-07-17 22:16:20 UTC 55K followers, XXX engagements
"CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7765 A vulnerability classified as critical was found in code-projects Online Appointment Booking System XXX. Affected by this vulnerability is an unknown functionality of t" @CVEnew on X 2025-07-17 23:17:14 UTC 55K followers, XXX engagements
"CVE-2025-26855 A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands" @CVEnew on X 2025-07-18 07:56:10 UTC 55K followers, XXX engagements
"CVE-2025-7832 A vulnerability classified as critical was found in code-projects Church Donation System XXX. This vulnerability affects unknown code of the file /members/offering.php" @CVEnew on X 2025-07-19 15:35:08 UTC 55K followers, XXX engagements
"CVE-2025-7796 A vulnerability which was classified as critical was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The mani" @CVEnew on X 2025-07-18 17:57:57 UTC 55K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f" @CVEnew on X 2025-07-11 13:46:18 UTC 55K followers, XXX engagements
"CVE-2025-7510 A vulnerability has been found in code-projects Modern Bag XXX and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.ph" @CVEnew on X 2025-07-13 01:19:57 UTC 55K followers, XXX engagements
"CVE-2015-10139 The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for" @CVEnew on X 2025-07-19 11:40:50 UTC 55K followers, XXX engagements
"CVE-2025-32744 Dell AppSync version(s) 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could poten" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-46122 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the authenticated diagnostics API endpoint /admin/_cmdstat.j" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7833 A vulnerability which was classified as critical has been found in code-projects Church Donation System XXX. This issue affects some unknown processing of the file /m" @CVEnew on X 2025-07-19 15:54:15 UTC 55K followers, XXX engagements
"CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7853 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipu" @CVEnew on X 2025-07-19 19:50:35 UTC 55K followers, XXX engagements
"CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:46 UTC 55K followers, XXX engagements
"CVE-2025-52372 An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-4685 The Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of mu" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-50240 nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin" @CVEnew on X 2025-07-17 19:15:42 UTC 55K followers, XXX engagements
"CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affec" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t" @CVEnew on X 2025-07-11 13:46:28 UTC 55K followers, XXX engagements
"CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-7754 A vulnerability was found in code-projects Patient Record Management System XXX. It has been declared as critical. This vulnerability affects unknown code of the file /" @CVEnew on X 2025-07-17 20:44:52 UTC 55K followers, XXX engagements
"CVE-2025-46121 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 where the functions stamgr_cfg_adpt_addStaFavourite and stamgr_c" @CVEnew on X 2025-07-21 15:17:54 UTC 55K followers, XXX engagements
"CVE-2025-41459 Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attacke" @CVEnew on X 2025-07-21 11:32:58 UTC 55K followers, XXX engagements
"CVE-2025-7940 A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functional" @CVEnew on X 2025-07-21 21:34:56 UTC 55K followers, XXX engagements
"CVE-2025-7924 A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System XXX. Affected by this vulnerability is an unknown functionality of the f" @CVEnew on X 2025-07-21 11:32:57 UTC 55K followers, XXX engagements
"CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:42 UTC 55K followers, XXX engagements
"CVE-2025-6997 The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to and including 2.35.1.1 due to insuffi" @CVEnew on X 2025-07-19 08:47:55 UTC 55K followers, XXX engagements
"CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than XXXX MR2 (21.0.2)can lead to adjacent attackers achieving pre-auth code execution" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7816 A vulnerability which was classified as problematic was found in PHPGurukul Apartment Visitors Management System XXX. Affected is an unknown function of the file /vis" @CVEnew on X 2025-07-19 10:55:00 UTC 55K followers, XXX engagements
"CVE-2025-41681 A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content" @CVEnew on X 2025-07-21 09:51:08 UTC 55K followers, XXX engagements
"CVE-2024-6107 Due to insufficient verification an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in" @CVEnew on X 2025-07-21 09:25:18 UTC 55K followers, XXX engagements
"CVE-2025-7830 A vulnerability was found in code-projects Church Donation System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-19 14:52:34 UTC 55K followers, XXX engagements
"CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-52162 agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows" @CVEnew on X 2025-07-18 17:45:39 UTC 55K followers, XXX engagements
"CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:51 UTC 55K followers, XXX engagements
"CVE-2025-5752 The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width parameter in all versions up to and inclu" @CVEnew on X 2025-07-18 05:50:56 UTC 55K followers, XXX engagements
"CVE-2025-23269 NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predict" @CVEnew on X 2025-07-17 20:44:51 UTC 55K followers, XXX engagements
"CVE-2025-7872 A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. T" @CVEnew on X 2025-07-20 06:51:34 UTC 55K followers, XXX engagements
"CVE-2025-7444 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to and including 5.0.1. This is due to insufficient verification on" @CVEnew on X 2025-07-18 08:52:21 UTC 55K followers, XXX engagements
"CVE-2025-7860 A vulnerability which was classified as critical has been found in code-projects Church Donation System XXX. This issue affects some unknown processing of the file /m" @CVEnew on X 2025-07-20 01:21:36 UTC 55K followers, XXX engagements
"CVE-2025-7758 A vulnerability which was classified as critical has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of" @CVEnew on X 2025-07-17 21:34:24 UTC 55K followers, XXX engagements
"CVE-2025-7800 A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the" @CVEnew on X 2025-07-18 18:52:52 UTC 55K followers, XXX engagements
"CVE-2025-44649 In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03 the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase X exposes i" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2024-13974 A business logic vulnerability in the Up2Date component of Sophos Firewall older than version XXXX MR1 (20.0.1) can lead to attackers controlling the firewalls DNS e" @CVEnew on X 2025-07-21 14:19:15 UTC 55K followers, XXX engagements
"CVE-2025-7838 A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System XXX and classified as critical. This vulnerability affects unknown code of the" @CVEnew on X 2025-07-19 17:36:37 UTC 55K followers, XXX engagements
"CVE-2025-7903 A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Imag" @CVEnew on X 2025-07-20 17:14:14 UTC 55K followers, XXX engagements
"CVE-2025-52163 A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiat" @CVEnew on X 2025-07-18 18:52:53 UTC 55K followers, XXX engagements
"CVE-2025-53888 RIOT-OS an operating system that supports Internet of Things devices has an ineffective size check implemented with assert() can lead to buffer overflow in versio" @CVEnew on X 2025-07-18 15:38:56 UTC 55K followers, XXX engagements
"CVE-2015-10138 The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server" @CVEnew on X 2025-07-19 11:40:50 UTC 55K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu" @CVEnew on X 2025-07-11 13:46:25 UTC 55K followers, XXX engagements
"CVE-2025-7294 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-0886 An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local authenticated user to escalate privileges" @CVEnew on X 2025-07-17 19:43:48 UTC 55K followers, XXX engagements
"CVE-2025-7907 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/re" @CVEnew on X 2025-07-20 20:43:37 UTC 55K followers, XXX engagements
"CVE-2025-46001 An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted" @CVEnew on X 2025-07-18 13:55:16 UTC 55K followers, XXX engagements
"CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2025-7815 A vulnerability which was classified as problematic has been found in PHPGurukul Apartment Visitors Management System XXX. This issue affects some unknown processing" @CVEnew on X 2025-07-19 09:51:15 UTC 55K followers, XXX engagements
"CVE-2025-36603 Dell AppSync version(s) 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could p" @CVEnew on X 2025-07-21 16:53:04 UTC 55K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-50057 A DOS vulnerability in RSFiles component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the sea" @CVEnew on X 2025-07-18 10:20:27 UTC 55K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal" @CVEnew on X 2025-07-15 18:54:28 UTC 55K followers, 1189 engagements
"CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected" @CVEnew on X 2025-07-21 20:18:52 UTC 55K followers, XXX engagements
"CVE-2025-6233 Mattermost versions 10.8.x = 10.8.1 10.7.x = 10.7.3 10.5.x = 10.5.7 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL fi" @CVEnew on X 2025-07-18 09:47:10 UTC 55K followers, XXX engagements
"CVE-2025-7883 A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file AiStoneServiceMyControlCen" @CVEnew on X 2025-07-20 11:14:04 UTC 55K followers, XXX engagements
"CVE-2025-1469 Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11" @CVEnew on X 2025-07-21 08:55:36 UTC 55K followers, XXX engagements
"CVE-2025-6781 The Copymatic AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to" @CVEnew on X 2025-07-18 05:23:04 UTC 55K followers, XXX engagements
"CVE-2025-7910 A vulnerability classified as critical has been found in D-Link DIR-513 XXXX. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component" @CVEnew on X 2025-07-20 22:37:34 UTC 55K followers, XXX engagements
"CVE-2025-7858 A vulnerability classified as problematic has been found in PHPGurukul Apartment Visitors Management System XXX. This affects an unknown part of the file /admin-profile" @CVEnew on X 2025-07-19 23:54:19 UTC 55K followers, XXX engagements
"CVE-2025-46384 CWE-434 Unrestricted Upload of File with Dangerous Type" @CVEnew on X 2025-07-20 14:52:33 UTC 55K followers, XXX engagements
"CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:40 UTC 55K followers, XXX engagements
"CVE-2025-7805 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The man" @CVEnew on X 2025-07-18 19:51:00 UTC 55K followers, XXX engagements
"CVE-2024-39835 A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool affecting ROS distributions Noetic Ninjemys and" @CVEnew on X 2025-07-17 19:43:49 UTC 55K followers, XXX engagements
"CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:43 UTC 55K followers, XXX engagements
"CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:57 UTC 55K followers, XXX engagements
"CVE-2025-54077 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-18 16:21:49 UTC 55K followers, XXX engagements
"CVE-2025-6249 An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data" @CVEnew on X 2025-07-17 19:43:46 UTC 55K followers, XXX engagements
"CVE-2025-7861 A vulnerability which was classified as critical was found in code-projects Church Donation System XXX. Affected is an unknown function of the file /members/search.ph" @CVEnew on X 2025-07-20 01:21:36 UTC 55K followers, XXX engagements
"CVE-2025-50708 An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL" @CVEnew on X 2025-07-18 19:51:00 UTC 55K followers, XXX engagements
"CVE-2025-7898 A vulnerability was found in Codecanyon iDentSoft XXX. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of th" @CVEnew on X 2025-07-20 15:35:13 UTC 55K followers, XXX engagements
"CVE-2025-7643 The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all ve" @CVEnew on X 2025-07-18 05:50:58 UTC 55K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 55K followers, XXX engagements
"CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop JPA XXX and classified as critical. This issue affects the function updateGoods of the file GoodsController" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-4569 An insecure sensitive key storage issue was found in MyASUS.potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain se" @CVEnew on X 2025-07-21 08:24:50 UTC 55K followers, XXX engagements
"CVE-2025-24938 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administra" @CVEnew on X 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users ar" @CVEnew on X 2025-07-21 09:51:09 UTC 55K followers, 1451 engagements
"CVE-2025-23267 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook where an attacker could cause a link following by using a specially cr" @CVEnew on X 2025-07-17 19:43:45 UTC 55K followers, XXX engagements
"CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the componen" @CVEnew on X 2025-07-20 09:51:51 UTC 55K followers, XXX engagements
"CVE-2025-7884 A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the componen" @CVEnew on X 2025-07-20 11:29:50 UTC 55K followers, XXX engagements
"CVE-2024-39289 A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool affecting ROS distributions Noetic Ninjemys and earlier. The v" @CVEnew on X 2025-07-17 19:43:49 UTC 55K followers, XXX engagements
"CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:01 UTC 55K followers, XXX engagements
"CVE-2024-41921 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool affecting ROS distributions Noetic Ninjemys and e" @CVEnew on X 2025-07-17 19:43:49 UTC 55K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker" @CVEnew on X 2025-07-11 13:46:29 UTC 55K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec" @CVEnew on X 2025-07-11 13:46:18 UTC 55K followers, XXX engagements
"CVE-2025-53825 Dokploy is a free self-hostable Platform as a Service (PaaS). Prior to version 0.24.3 an unauthenticated preview deployment vulnerability in Dokploy allows any user" @CVEnew on X 2025-07-14 22:55:21 UTC 55K followers, 1420 engagements
"CVE-2025-7879 A vulnerability has been found in Metasoft MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file m" @CVEnew on X 2025-07-20 09:21:09 UTC 55K followers, XXX engagements
"CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:41 UTC 55K followers, XXX engagements
"CVE-2025-53964 GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any ter" @CVEnew on X 2025-07-17 19:43:50 UTC 55K followers, XXX engagements
"CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System XXX and classified as problematic. Affected by this issue is some unknown functionality of the file" @CVEnew on X 2025-07-21 23:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48965 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than ze" @CVEnew on X 2025-07-20 18:21:12 UTC 55K followers, XXX engagements
"CVE-2025-54071 RomM (ROM Manager) allows users to scan enrich browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below an" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:44 UTC 55K followers, XXX engagements
"CVE-2024-55040 Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET re" @CVEnew on X 2025-07-21 15:46:10 UTC 55K followers, XXX engagements
"CVE-2025-46732 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6 an IDOR vulnerability in the GrapQL Noti" @CVEnew on X 2025-07-18 15:17:07 UTC 55K followers, XXX engagements
"CVE-2015-10133 The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to and including 2.1.2 via the Path to header value. This allows authen" @CVEnew on X 2025-07-19 09:51:15 UTC 55K followers, XXX engagements
"CVE-2025-7817 A vulnerability has been found in PHPGurukul Apartment Visitors Management System XXX and classified as problematic. Affected by this vulnerability is an unknown functi" @CVEnew on X 2025-07-19 11:50:31 UTC 55K followers, XXX engagements
"CVE-2015-10136 The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before XXX via the 'fileid' parameter. This allows unauthenticated attacker" @CVEnew on X 2025-07-19 09:51:16 UTC 55K followers, XXX engagements
"CVE-2025-24936 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network st" @CVEnew on X 2025-07-21 06:56:15 UTC 55K followers, XXX engagements
"CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code" @CVEnew on X 2025-07-21 20:18:50 UTC 55K followers, XXX engagements
"CVE-2025-0664 A locally authenticated privileged user can craft a malicious OpenSSL configuration file potentially leading the agent to load an arbitrary local library. This may im" @CVEnew on X 2025-07-21 07:49:22 UTC 55K followers, XXX engagements
"CVE-2025-7864 A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/m" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7886 A vulnerability which was classified as critical was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the fu" @CVEnew on X 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-7756 A vulnerability classified as problematic has been found in code-projects E-Commerce Site XXX. Affected is an unknown function. The manipulation leads to cross-site req" @CVEnew on X 2025-07-17 21:15:43 UTC 55K followers, XXX engagements
"CVE-2025-7784 A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-u" @CVEnew on X 2025-07-18 13:55:15 UTC 55K followers, XXX engagements
"CVE-2025-44657 In Linksys EA6350 V2.1.2 the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to sy" @CVEnew on X 2025-07-21 15:46:11 UTC 55K followers, XXX engagements
"CVE-2025-44652 In Netgear RAX30 V1.0.10.94_3 the USERLIMIT_GLOBAL option is set to X in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7887 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file The" @CVEnew on X 2025-07-20 11:50:28 UTC 55K followers, XXX engagements
"CVE-2025-7301 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:35:00 UTC 55K followers, XXX engagements
"CVE-2025-7472 A local privilege escalation vulnerability in the Intercept X for Windows installer prior version XXXX can lead to a local user gaining system level privileges if the" @CVEnew on X 2025-07-17 19:15:41 UTC 55K followers, XXX engagements
"CVE-2025-2818 A vulnerability was reported in version XXX of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nea" @CVEnew on X 2025-07-17 19:43:47 UTC 55K followers, XXX engagements
"CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process" @CVEnew on X 2025-07-10 15:45:55 UTC 55K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l" @CVEnew on X 2025-07-11 15:53:36 UTC 55K followers, XXX engagements
"CVE-2025-7921 Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability allowing unauthenticated remote attackers to control the program's execution fl" @CVEnew on X 2025-07-21 07:24:39 UTC 55K followers, XXX engagements
"CVE-2025-53762 Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network" @CVEnew on X 2025-07-18 17:45:37 UTC 55K followers, XXX engagements
"CVE-2025-30477 Dell PowerScale OneFS versions prior to 9.11.0.0 contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote a" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:27 UTC 55K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by" @CVEnew on X 2025-07-11 13:46:17 UTC 55K followers, XXX engagements
"CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:45:26 UTC 55K followers, XXX engagements
"CVE-2025-44653 In H3C GR2200 MiniGR1A0V100R016 the USERLIMIT_GLOBAL option is set to X in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:47 UTC 55K followers, XXX engagements
"CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:59 UTC 55K followers, XXX engagements
"CVE-2025-7819 A vulnerability was found in PHPGurukul Apartment Visitors Management System XXX. It has been classified as problematic. This affects an unknown part of the file /creat" @CVEnew on X 2025-07-19 13:07:49 UTC 55K followers, XXX engagements
"CVE-2025-46119 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304 where an authenticated request to the management endpoint /admin/_cmdstat.jsp disclo" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-52373 Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailSer" @CVEnew on X 2025-07-21 16:21:15 UTC 55K followers, XXX engagements
"CVE-2025-7865 A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/" @CVEnew on X 2025-07-20 03:23:20 UTC 55K followers, XXX engagements
"CVE-2025-7905 A vulnerability has been found in itsourcecode Insurance Management System XXX and classified as critical. This vulnerability affects unknown code of the file /insertPa" @CVEnew on X 2025-07-20 19:28:05 UTC 55K followers, XXX engagements
"CVE-2025-44654 In Linksys E2500 3.0.04.002 the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files privile" @CVEnew on X 2025-07-21 17:46:32 UTC 55K followers, XXX engagements
"CVE-2025-6230 A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permis" @CVEnew on X 2025-07-17 19:43:47 UTC 55K followers, XXX engagements
"CVE-2025-7801 A vulnerability has been found in BossSoft CRM XXX and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBa" @CVEnew on X 2025-07-18 18:52:52 UTC 55K followers, XXX engagements
"CVE-2025-36846 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vuln" @CVEnew on X 2025-07-21 18:23:53 UTC 55K followers, XXX engagements
"CVE-2025-7902 A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/syste" @CVEnew on X 2025-07-20 16:48:02 UTC 55K followers, XXX engagements
"CVE-2025-7896 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/dele" @CVEnew on X 2025-07-20 15:15:40 UTC 55K followers, XXX engagements
"CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:16:26 UTC 55K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc" @CVEnew on X 2025-07-11 15:53:35 UTC 55K followers, XXX engagements
"CVE-2025-54079 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prio" @CVEnew on X 2025-07-18 16:21:48 UTC 55K followers, XXX engagements
"CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 21:34:58 UTC 55K followers, XXX engagements
"CVE-2025-54059 melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5 SBOM files generated by melange in apk" @CVEnew on X 2025-07-18 15:57:08 UTC 55K followers, XXX engagements
"CVE-2025-54082 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0 a vulnerability was discovered in the marshmallow-packages/no" @CVEnew on X 2025-07-21 16:53:03 UTC 55K followers, XXX engagements
"CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:45 UTC 55K followers, XXX engagements
"CVE-2025-46120 An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector where a path-traversal flaw in the web interface lets the se" @CVEnew on X 2025-07-21 14:49:28 UTC 55K followers, XXX engagements
"CVE-2025-7882 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the componen" @CVEnew on X 2025-07-20 10:42:56 UTC 55K followers, XXX engagements
"CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o" @CVEnew on X 2025-07-21 20:18:48 UTC 55K followers, XXX engagements
"CVE-2025-26854 A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands" @CVEnew on X 2025-07-18 07:56:10 UTC 55K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f" @CVEnew on X 2025-07-11 13:46:28 UTC 55K followers, XXX engagements
"CVE-2025-7396 In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementati" @CVEnew on X 2025-07-18 22:55:43 UTC 55K followers, XXX engagements
"CVE-2025-7785 A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/" @CVEnew on X 2025-07-18 11:55:02 UTC 55K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo" @CVEnew on X 2025-07-11 15:53:35 UTC 55K followers, XXX engagements
"CVE-2025-7894 A vulnerability which was classified as critical has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/age" @CVEnew on X 2025-07-20 14:14:55 UTC 55K followers, XXX engagements
"CVE-2025-52169 agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability" @CVEnew on X 2025-07-18 18:52:53 UTC 55K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with" @CVEnew on X 2025-07-11 13:46:16 UTC 55K followers, XXX engagements
"CVE-2025-49888 Missing Authorization vulnerability in pimwick PW WooCommerce On Sale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW" @CVEnew on X 2025-07-16 19:15:34 UTC 55K followers, XXX engagements
"CVE-2025-51403 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web s" @CVEnew on X 2025-07-21 19:15:55 UTC 55K followers, XXX engagements
/creator/twitter::821806287461740544/posts