[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
#  @CVEnew CVE
CVE posts on X about oracle, files, woocommerce, protocol the most. They currently have XXXXXX followers and 1303 posts still getting attention that total XXXXXX engagements in the last XX hours.
### Engagements: XXXXXX [#](/creator/twitter::821806287461740544/interactions)
- X Week XXXXXXX -XX%
- X Month XXXXXXXXX +108%
- X Months XXXXXXXXX -XXXX%
- X Year XXXXXXXXX -XX%
### Mentions: XXX [#](/creator/twitter::821806287461740544/posts_active)
- X Week XXXXX +19%
- X Month XXXXX +160%
- X Months XXXXX +15%
- X Year XXXXXX +19%
### Followers: XXXXXX [#](/creator/twitter::821806287461740544/followers)
- X Week XXXXXX +0.10%
- X Month XXXXXX +0.55%
- X Months XXXXXX +1.80%
- X Year XXXXXX +3.40%
### CreatorRank: XXXXXXX [#](/creator/twitter::821806287461740544/influencer_rank)
### Social Influence [#](/creator/twitter::821806287461740544/influence)
---
**Social category influence**
[currencies](/list/currencies) #676 [technology brands](/list/technology-brands) XXX% [stocks](/list/stocks) XXXX% [social networks](/list/social-networks) XXXX%
**Social topic influence**
[oracle](/topic/oracle) 5.91%, [files](/topic/files) #1978, [woocommerce](/topic/woocommerce) #1, [protocol](/topic/protocol) 0.77%, [inject](/topic/inject) 0.46%, [$2395tw](/topic/$2395tw) 0.46%, [netgear](/topic/netgear) 0.38%, [javascript](/topic/javascript) #200, [realtime](/topic/realtime) 0.31%, [$4704t](/topic/$4704t) XXXX%
**Top accounts mentioned or mentioned by**
[@cveannounce](/creator/undefined) [@centry_agent](/creator/undefined) [@builderioqwikcity](/creator/undefined) [@askperplexity](/creator/undefined) [@secadvsalerts](/creator/undefined)
**Top assets mentioned**
[Alphabet Inc Class A (GOOGL)](/topic/$googl) [IBM (IBM)](/topic/ibm) [Dell Technologies, Inc. (DELL)](/topic/dell) [Texas Instruments (TXN)](/topic/texas-instruments)
### Top Social Posts [#](/creator/twitter::821806287461740544/posts)
---
Top posts by engagements in the last XX hours
"CVE-2025-31422 Deserialization of Untrusted Data vulnerability in designthemes Visual Art Gallery WordPress Theme allows Object Injection. This issue affects Visual Art Gallery"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482483992330586) 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7367 The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to and including 3.2.11"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944983505638662309) 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7574 A vulnerability which was classified as critical was found in LB-LINK BL-AC1900 BL-AC2100_AZ3 BL-AC3600 BL-AX1800 BL-AX5400P and BL-WR9000 up to 20250702. Affecte"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944628631030161590) 2025-07-14 05:22:49 UTC 54.9K followers, XXX engagements
"CVE-2025-46500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflected XSS. This iss"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482487318397246) 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7490 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. Affected is an unknown function of the file /admin/r"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944137745401860605) 2025-07-12 20:52:13 UTC 54.9K followers, XXX engagements
"CVE-2025-53885 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows to h"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944907783867883683) 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700219394179580) 2025-07-11 15:53:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54038 Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by M"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435442289283299) 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-53823 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944889703867556086) 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-30747 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207881583710219) 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700216718196774) 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-49838 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in AudioPreD"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223151387869629) 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700217569706026) 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2024-26293 The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path T"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944695887004864766) 2025-07-14 09:50:04 UTC 54.9K followers, XXX engagements
"CVE-2025-53029 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207816915919069) 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2020-36848 The Total Upkeep WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944010808645636491) 2025-07-12 12:27:49 UTC 54.9K followers, XXX engagements
"CVE-2025-53906 Vim is an open source command line text editor. Prior to version 9.1.1551 a path traversal issue in Vims zip.vim plugin can allow overwriting of arbitrary files wh"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945230777580417424) 2025-07-15 21:15:32 UTC 54.9K followers, 3995 engagements
"CVE-2025-7491 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been declared as critical. Affected by this vulnerability is an unknown functiona"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944148487731654947) 2025-07-12 21:34:54 UTC 54.9K followers, XXX engagements
"CVE-2025-53024 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207822033043823) 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-6565 A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1937498914225074583) 2025-06-24 13:11:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7584 A vulnerability was found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This issue affects some unknown processing of the file /admin/add-t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944664316059197866) 2025-07-14 07:44:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7528 A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The m"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944363899274584283) 2025-07-13 11:50:52 UTC 54.9K followers, XXX engagements
"CVE-2025-50093 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207838059401456) 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-50103 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 9.0.0-9.3.0. Difficult t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207828605538614) 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-50108 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207823907926301) 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-7519 A flaw was found in polkit. When processing an XML policy with XX or more nested elements in depth an out-of-bounds write can be triggered. This issue can lead to a cr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944763301797278122) 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-34108 A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP P"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118961345188050) 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-6972 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140325091058032) 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-54009 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters allows Stored XSS. This issue affects"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435461343916423) 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-30758 Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207873291550799) 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-7598 A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/set"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944721639167414640) 2025-07-14 11:32:24 UTC 54.9K followers, XXX engagements
"CVE-2025-49833 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in the open_sli"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223156312007050) 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-7626 A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerabil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808320394781067) 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM which allows authenticated users to copy arbitrary files from the server file system"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435475323531488) 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53015 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 infinite lines occur when writing during"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944844823938355388) 2025-07-14 19:41:54 UTC 54.9K followers, XXX engagements
"CVE-2025-51658 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808328338792620) 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7612 A vulnerability was found in code-projects Mobile Shop XXX. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944770725291737441) 2025-07-14 14:47:27 UTC 54.9K followers, XXX engagements
"CVE-2023-39339 A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943883746626720092) 2025-07-12 04:02:55 UTC 54.9K followers, XXX engagements
"CVE-2025-34109 PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118957784215795) 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-53886 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows with"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944907782890676283) 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-34116 A remote command execution vulnerability exists in IPFire before version XXXX Core Update XXX via the 'proxy.cgi' CGI interface. An authenticated attacker can inject"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118959558385964) 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-53623 The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerabil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944854066816815156) 2025-07-14 20:18:37 UTC 54.9K followers, XXX engagements
"CVE-2024-51770 An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944717317918666779) 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207838986350723) 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-7341 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944983506473369903) 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7593 A vulnerability was found in code-projects Job Diary XXX and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944703066315669757) 2025-07-14 10:18:36 UTC 54.9K followers, XXX engagements
"CVE-2025-54042 Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435437822361785) 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-52080 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945156658365145572) 2025-07-15 16:21:01 UTC 54.9K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700206983193052) 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-50062 Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are aff"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207866777842088) 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-50064 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207864802398614) 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-50102 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207829578596601) 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-48155 Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue aff"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435423339401535) 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-39362 Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1940372658228543794) 2025-07-02 11:31:06 UTC 54.9K followers, XXX engagements
"CVE-2025-53984 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows Stored XSS. This issue affects JetTabs"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435471980761092) 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-53903 The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs leadin"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195279260516411) 2025-07-15 18:54:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668165860635053) 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7569 A vulnerability was found in Bigotry OneBase up to 1.3.6. It has been declared as problematic. Affected by this vulnerability is the function parse_args of the file /tp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944610888876769353) 2025-07-14 04:12:19 UTC 54.9K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700215824797703) 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-7615 A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cg"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944785297570684981) 2025-07-14 15:45:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7511 A vulnerability was found in code-projects Chat System XXX and classified as critical. This issue affects some unknown processing of the file /user/update_account.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944235145604587837) 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-34124 A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0 HD Mod XXXXX build X and Demo 1.0.0.0 via malicious .h3m map files that exp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945598199965622725) 2025-07-16 21:35:32 UTC 54.9K followers, XXX engagements
"CVE-2025-7570 A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. Affected by this issue is some unknown functionality of the file /goform/"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944621456689623088) 2025-07-14 04:54:19 UTC 54.9K followers, XXX engagements
"CVE-2025-53028 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207817884885405) 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2025-30936 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Inject"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482473326129545) 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-30739 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207887946457547) 2025-07-15 19:44:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7588 A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This affects an unknown part of the file edit-product.php. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944682065221312596) 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207832724287742) 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-54011 Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435459158745338) 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-48166 Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435426728432111) 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668217349869972) 2025-07-11 13:46:29 UTC 54.9K followers, XXX engagements
"CVE-2025-29009 Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Serv"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482472046911524) 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-50087 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207843914743938) 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700200456872091) 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2024-42649 NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944801994981400684) 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7611 A vulnerability was found in code-projects Wedding Reservation XXX. It has been classified as critical. This affects an unknown part of the file /global.php. The manipu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944770726319231448) 2025-07-14 14:47:27 UTC 54.9K followers, XXX engagements
"CVE-2025-54018 Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435454414934465) 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-48153 Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435422148149550) 2025-07-16 10:48:43 UTC 54.9K followers, XXX engagements
"CVE-2025-27465 Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it using an executable stub. Some instructions"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435483674493283) 2025-07-16 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2024-51767 An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944710709578727859) 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7627 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the fu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944825153076006951) 2025-07-14 18:23:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7657 Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187443495592007) 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668164782678454) 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-52082 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when proce"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945150007889252555) 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7609 A vulnerability has been found in code-projects Simple Shopping Cart XXX and classified as critical. Affected by this vulnerability is an unknown functionality of the f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944763300803166694) 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-50059 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207869646799065) 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-50095 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207836251676864) 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-7513 A vulnerability was found in code-projects Modern Bag XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /adm"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944235143629025347) 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-7604 A vulnerability was found in PHPGurukul Hospital Management System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944747133329870902) 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7523 A vulnerability was found in Jinher OA XXX and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBa"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944299538531201289) 2025-07-13 07:35:07 UTC 54.9K followers, XXX engagements
"CVE-2025-50079 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207852659876316) 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-24391 A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messag"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944674142068015425) 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53892 Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escap"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482452941799682) 2025-07-16 13:55:36 UTC 54.9K followers, XXX engagements
"CVE-2025-34300 A template injection vulnerability exists in Sawtooth Softwares Lighthouse Studio versions prior to 9.16.14 via the Perl web applicatio"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482458155385187) 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187445777281467) 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-53986 Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435470743458125) 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-53758 This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access coul"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482459401089103) 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-50067 Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitab"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207862172475766) 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-34115 An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118958669251029) 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207851699384777) 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-7580 A vulnerability classified as critical was found in code-projects Voting System XXX. Affected by this vulnerability is an unknown functionality of the file /admin/posit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944658336571670592) 2025-07-14 07:20:52 UTC 54.9K followers, XXX engagements
"CVE-2025-30949 Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482474672574483) 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-54050 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor allows Stored XSS. T"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435434194219144) 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7512 A vulnerability was found in code-projects Modern Bag XXX. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944235144639906030) 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-6993 The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in version"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435480612589938) 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-54013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects W"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435458080821727) 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-34068 An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the T"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118954202230975) 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-7582 A vulnerability which was classified as critical was found in PHPGurukul Online Fire Reporting System XXX. This affects an unknown part of the file /admin/assigned-re"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944658334700994907) 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-49828 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager Self-Hosted (formerly k"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945210002391920804) 2025-07-15 19:52:59 UTC 54.9K followers, XXX engagements
"CVE-2025-7603 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736653597409608) 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7600 A vulnerability which was classified as critical was found in PHPGurukul Online Library Management System XXX. This affects an unknown part of the file /admin/student"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944726862363553973) 2025-07-14 11:53:09 UTC 54.9K followers, XXX engagements
"CVE-2025-54036 Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435444419912161) 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-47724 Delta Electronics CNCSoftlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execute"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1930170299112194339) 2025-06-04 07:50:34 UTC 54.9K followers, XXX engagements
"CVE-2024-42650 NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945150005813072186) 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700198640746944) 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-53025 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207821148062057) 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-50065 Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207863888032226) 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-52687 Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the paylo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945389109775868072) 2025-07-16 07:44:42 UTC 54.9K followers, XXX engagements
"CVE-2025-53994 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows DOM-Based XSS. This issue affects Jet"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435466607763466) 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-54030 Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue aff"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435447494316177) 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-20300 In Splunk Enterprise versions below 9.4.2 9.3.5 9.2.6 and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103 9.3.2408.112 and 9.2.2406.119 a low-privil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942280703753814291) 2025-07-07 17:53:00 UTC 54.9K followers, XXX engagements
"CVE-2025-7042 Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an atta"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140322171818473) 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-30746 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exp"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207882426864115) 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-53643 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14 the Python parser is vulnerable to a request smuggling vulne"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860704890101914) 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-30752 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java S"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207876827410657) 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-7625 A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944801991999308142) 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700204173078902) 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205037121823) 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207847043600883) 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7601 A vulnerability has been found in PHPGurukul Online Library Management System XXX and classified as problematic. This vulnerability affects unknown code of the file /ad"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736655862313181) 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7575 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_d"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944635402066784281) 2025-07-14 05:49:44 UTC 54.9K followers, XXX engagements
"CVE-2025-50090 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-1"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207840810934599) 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-53842 Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited an attacke"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945353400419303868) 2025-07-16 05:22:48 UTC 54.9K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700212339368002) 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-54024 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affect"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435449599914329) 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335892678037713) 2025-07-10 15:45:56 UTC 54.9K followers, XXX engagements
"CVE-2025-7586 A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /gofor"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944674144790184090) 2025-07-14 08:23:41 UTC 54.9K followers, XXX engagements
"CVE-2025-49319 Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562971591073921) 2025-07-16 19:15:33 UTC 54.9K followers, XXX engagements
"CVE-2025-7605 A vulnerability was found in code-projects AVL Rooms XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944747132319109228) 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-48295 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows Stored XSS. This issue a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435429878251949) 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7606 A vulnerability classified as critical has been found in code-projects AVL Rooms XXX. This affects an unknown part of the file /city.php. The manipulation of the argume"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944747131174064326) 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7595 A vulnerability was found in code-projects Job Diary XXX. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manip"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944710711214535127) 2025-07-14 10:48:59 UTC 54.9K followers, XXX engagements
"CVE-2025-7529 A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944373410747781533) 2025-07-13 12:28:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7672 The improper default setting in JiranSoft CrossEditor4 on Windows Linux Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945026518813438146) 2025-07-15 07:43:53 UTC 54.9K followers, XXX engagements
"CVE-2025-31070 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows P"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482481127534965) 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-7012 An issue in Cato Networks' CatoClient for Linux before version XXX allows a local attacker to escalate privileges to root by exploiting improper symbolic link handlin"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944317693265322121) 2025-07-13 08:47:16 UTC 54.9K followers, XXX engagements
"CVE-2025-7522 A vulnerability has been found in PHPGurukul Vehicle Parking Management System XXXX and classified as critical. Affected by this vulnerability is an unknown functionali"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944288840249733510) 2025-07-13 06:52:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53989 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Stored XSS. This issue"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435469740941445) 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-7527 A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944346423958356204) 2025-07-13 10:41:26 UTC 54.9K followers, XXX engagements
"CVE-2025-24777 Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482462089654326) 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-7531 A vulnerability which was classified as critical was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSe"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944424326347792428) 2025-07-13 15:50:59 UTC 54.9K followers, XXX engagements
"CVE-2025-24779 Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482463268258058) 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482486240469456) 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-6977 The ProfileGrid User Profiles Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the pm_get_messenger_notification fun"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945353401287512533) 2025-07-16 05:22:48 UTC 54.9K followers, XXX engagements
"CVE-2025-30748 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207880530989437) 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49834 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in open_denoise"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223155460473032) 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-54020 Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form X allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7:"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435453358047250) 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-34104 An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118956047737241) 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-50078 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207853616165098) 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-34103 An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0 due to improper input handling in the undocumente"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118951501176995) 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-5284 The Master Addons Elementor Addons with White Label Free Widgets Hover Effects Conditions & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435481644351607) 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-30744 Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207884716945767) 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700197768396914) 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-50068 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207861308506277) 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-50072 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207857441280291) 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700208732287204) 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-34110 A directory traversal vulnerability exists in ColoradoFTP Server XXX Build X for Windows allowing unauthenticated attackers to read or write arbitrary files outsid"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118962251129024) 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-7590 A vulnerability which was classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This issue affects some unknown processing of the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944689416087466437) 2025-07-14 09:24:22 UTC 54.9K followers, XXX engagements
"CVE-2025-53026 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207819768041721) 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-48156 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435424689971566) 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-53959 In JetBrains YouTrack before 2025.2.86069 2024.3.85077 2025.1.86199 email spoofing via an administrative API was possible"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945164440628027785) 2025-07-15 16:51:56 UTC 54.9K followers, XXX engagements
"CVE-2025-6965 There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a mem"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945125454916280752) 2025-07-15 14:17:01 UTC 54.9K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700207855607885) 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700202369515829) 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7451 The iSherlock developed by Hgiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944596410835353811) 2025-07-14 03:14:47 UTC 54.9K followers, XXX engagements
"CVE-2025-54051 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LightBox Block allows Stored XSS. This issue affects Li"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435433057550766) 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-52379 Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140333542625548) 2025-07-15 15:16:09 UTC 54.9K followers, XXX engagements
"CVE-2025-33097 IBM QRadar SIEM XXX - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140330854035716) 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53622 DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4 XXX and XXX a path traversal vu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140328031219871) 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-53836 XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax HTML etc) into another syntax (XHTML etc). Starting in ver"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944903205235851748) 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7566 A vulnerability has been found in jshERP up to XXX and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944610892517450143) 2025-07-14 04:12:20 UTC 54.9K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668163788612062) 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-51659 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808329202852189) 2025-07-14 17:16:53 UTC 54.9K followers, XXX engagements
"CVE-2025-48161 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects Yay"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435425738477700) 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-40776 A named caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND X versio"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482454204297593) 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7340 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944983503881314815) 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7620 The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malici"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944610890709606438) 2025-07-14 04:12:20 UTC 54.9K followers, XXX engagements
"CVE-2025-30959 Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. Thi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482477348536570) 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50100 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207831784767910) 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-54022 Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates:"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435452213002321) 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-50098 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207833630232974) 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-52081 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945150006849044909) 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-0831 Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140327016214896) 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2024-42646 A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944801992993296771) 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214067445874) 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-48167 Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Man"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435427835638039) 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7515 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System XXX. This affects an unknown part of the file /ulocateus.php. T"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944248810143625355) 2025-07-13 04:13:33 UTC 54.9K followers, XXX engagements
"CVE-2025-31427 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme allows"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482485082845511) 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7602 A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736654750863670) 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-30483 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140329922826545) 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53019 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26 in ImageMagick's magick st"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944846986269675802) 2025-07-14 19:50:29 UTC 54.9K followers, XXX engagements
"CVE-2025-24477 A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2 7.4.0 through 7.4.7 7.2.4 through 7.2.11 allows an attacker to escalate its privileges"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945043675324506266) 2025-07-15 08:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-49835 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in open_asr fun"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223154470662412) 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668167047524629) 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7585 A vulnerability was found in PHPGurukul Online Fire Reporting System XXX. It has been classified as critical. Affected is an unknown function of the file /admin/manage-"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944666770310111584) 2025-07-14 07:54:22 UTC 54.9K followers, XXX engagements
"CVE-2025-30760 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207871450263558) 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-30762 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207870502416826) 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-51660 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808330083623055) 2025-07-14 17:16:53 UTC 54.9K followers, XXX engagements
"CVE-2025-50094 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42 8.4.5 and 9.3.0. Easily exploit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207837174448130) 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-49831 An attacker of Secrets Manager Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentica"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223157238947931) 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-49837 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in AudioPre"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223152344134084) 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-34113 An authenticated command injection vulnerability exists in Tiki Wiki CMS versions XXXX XXXX LTS XXXX LTS and XXXX via the viewmode GET parameter in tiki-cal"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118953304740103) 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-50082 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207849870565882) 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-53890 pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoads CAPTCHA processing code allows unauthentic"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944929029720826065) 2025-07-15 01:16:30 UTC 54.9K followers, XXX engagements
"CVE-2025-51657 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808327437017504) 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-53889 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0 Directus Flows with a manual"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944929030677127478) 2025-07-15 01:16:30 UTC 54.9K followers, XXX engagements
"CVE-2025-3621 Vulnerabilities* in ActADUR local server product developed and maintained by ProTNS allows Remote Code Inclusion on host systems. * vulnerabilities: * Imprope"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945026519702634748) 2025-07-15 07:43:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7535 A vulnerability was found in Campcodes Sales and Inventory System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944454908411019429) 2025-07-13 17:52:31 UTC 54.9K followers, XXX engagements
"CVE-2025-7524 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944331656921579909) 2025-07-13 09:42:45 UTC 54.9K followers, XXX engagements
"CVE-2025-34105 A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28 7.5.12 and 8.2.14. The vulnerability arises"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118960422412437) 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-25180 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certai"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944596415105073466) 2025-07-14 03:14:48 UTC 54.9K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700199567728738) 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-7589 A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. This vulnerability affects unknown code of the file edit-company.p"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944682064323711276) 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-51650 An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808321325916270) 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-26186 SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945171200365486279) 2025-07-15 17:18:48 UTC 54.9K followers, XXX engagements
"CVE-2025-48291 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482491848176031) 2025-07-16 13:55:46 UTC 54.9K followers, XXX engagements
"CVE-2025-53821 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944889705826279857) 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50061 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207867721621635) 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-49827 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager Self-Hosted (formerly k"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207886537187537) 2025-07-15 19:44:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7616 A vulnerability which was classified as critical has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the c"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944788058391367813) 2025-07-14 15:56:20 UTC 54.9K followers, XXX engagements
"CVE-2025-30759 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported versions that are affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207872343749091) 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700211378913755) 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944898793880641936) 2025-07-14 23:16:21 UTC 54.9K followers, XXX engagements
"CVE-2024-26292 The Application is vulnerable to an authenticated Arbitrary File Deletion. This affects the Agent installed on Linux and Windows alike. As the application runs with h"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944682066202817005) 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-7530 A vulnerability which was classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /gof"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944419995070427240) 2025-07-13 15:33:47 UTC 54.9K followers, XXX engagements
"CVE-2025-50060 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0 8.2.0.0.0 and 12.2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207868598211067) 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-52377 Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below allowing authenticated attackers to execute arbitrary commands on"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140332661731424) 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-29000 Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This is"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482470973136963) 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-53640 Indico is an event management system that uses Flask-Multipass a multi-backend authentication system for Flask. Starting in version XXX and prior to version 3.3.7 a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860705779286335) 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-52376 An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing an attack"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945125455906119751) 2025-07-15 14:17:02 UTC 54.9K followers, XXX engagements
"CVE-2025-48150 Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435420898287990) 2025-07-16 10:48:43 UTC 54.9K followers, XXX engagements
"CVE-2025-28982 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP P"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482469500993897) 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7407 A vulnerability which was classified as critical was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335878341898556) 2025-07-10 15:45:53 UTC 54.9K followers, XXX engagements
"CVE-2025-53818 GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860703845736919) 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-53031 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Suppor"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207814940491829) 2025-07-15 19:44:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7583 A vulnerability has been found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944658333312713058) 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in change_label"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223153292087579) 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-7489 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX and classified as critical. This issue affects some unknown processing of the file /admin"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944133506319241243) 2025-07-12 20:35:22 UTC 54.9K followers, XXX engagements
"CVE-2025-50063 Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerabilit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207865725079884) 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-30751 Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 23.4-23.8. Easily exploitable vuln"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207877653688791) 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700230924308738) 2025-07-11 15:53:41 UTC 54.9K followers, XXX engagements
"CVE-2025-49464 Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943364197540143459) 2025-07-10 17:38:25 UTC 54.9K followers, XXX engagements
"CVE-2025-53030 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207815968100429) 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2023-39338 Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943883747566182679) 2025-07-12 04:02:55 UTC 54.9K followers, XXX engagements
"CVE-2020-36849 The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-e"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944010807735472210) 2025-07-12 12:27:49 UTC 54.9K followers, XXX engagements
"CVE-2025-54043 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435436765397017) 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207854668898681) 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-54039 Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435441249104077) 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-50071 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Web Utilities). Supported versions that are affected are 12.2.3-12"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207858426970466) 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-22227 In some specific scenarios with chained redirects Reactor Netty HTTP client leaks credentials. In order for this to happen the HTTP client must have been explicitly"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435476460236866) 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53689 Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944695887873126664) 2025-07-14 09:50:05 UTC 54.9K followers, XXX engagements
"CVE-2025-7359 The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_bl"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945389105011155215) 2025-07-16 07:44:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53893 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.38.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945179957522464900) 2025-07-15 17:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-7492 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been rated as critical. Affected by this issue is some unknown functionality of t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944150761195417737) 2025-07-12 21:43:56 UTC 54.9K followers, XXX engagements
"CVE-2025-6558 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187444690997312) 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7607 A vulnerability which was classified as critical has been found in code-projects Simple Shopping Cart XXX. This issue affects some unknown processing of the file /Cus"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944763303709819271) 2025-07-14 14:17:58 UTC 54.9K followers, XXX engagements
"CVE-2025-50088 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41 8.4.0-8.4.4 and 9.0.0-9.2.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207843004596732) 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207822951567607) 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-53996 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows Stored XSS. This issue affects JetSe"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435464544190923) 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7592 A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System XXX and classified as critical. Affected by this vulnerability is an unknown functionalit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944695886061126123) 2025-07-14 09:50:04 UTC 54.9K followers, XXX engagements
"CVE-2025-1220 In PHP versions:8.1.* before 8.1.33 8.2.* before 8.2.29 8.3.* before 8.3.23 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname sup"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944530662402175468) 2025-07-13 22:53:32 UTC 54.9K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700214973350185) 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942453102914982247) 2025-07-08 05:18:03 UTC 54.9K followers, XXX engagements
"CVE-2025-53027 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207818836979934) 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2025-5396 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.0.0. This is due to the bbackup_ajax_handle() funct"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945681880298508376) 2025-07-17 03:08:03 UTC 54.9K followers, XXX engagements
"CVE-2025-7525 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944334064325947658) 2025-07-13 09:52:19 UTC 54.9K followers, XXX engagements
"CVE-2025-30756 Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthent"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207874180805061) 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-54047 Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost C"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435435679072467) 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7516 A vulnerability classified as critical was found in code-projects Online Appointment Booking System XXX. This vulnerability affects unknown code of the file /cancelbook"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944258234434342988) 2025-07-13 04:51:00 UTC 54.9K followers, XXX engagements
"CVE-2025-47645 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products Price"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482489717563534) 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53835 XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax HTML etc) into another syntax (XHTML etc). Starting in ver"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944903206133531135) 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700213236912444) 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7093 A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /gofor"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1941963434481910132) 2025-07-06 20:52:17 UTC 54.9K followers, 1035 engagements
"CVE-2025-50089 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207841901437122) 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700218567958857) 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700231746376174) 2025-07-11 15:53:42 UTC 54.9K followers, XXX engagements
"CVE-2025-41239 VMware ESXi Workstation Fusion and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets.A malicio"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195275053593042) 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-53101 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26 in ImageMagick's magick mo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944854067819274598) 2025-07-14 20:18:38 UTC 54.9K followers, XXX engagements
"CVE-2025-53990 Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder allows Object Injection. This issue affects JetFormBuilder: from n/a through 3.5.1.2"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435468667277609) 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-6265 A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker w"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944972419887763618) 2025-07-15 04:08:55 UTC 54.9K followers, 1723 engagements
"CVE-2025-7514 A vulnerability was found in code-projects Modern Bag XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944248811246788899) 2025-07-13 04:13:33 UTC 54.9K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700201417392463) 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-7573 A vulnerability which was classified as critical has been found in LB-LINK BL-AC1900 BL-AC2100_AZ3 BL-AC3600 BL-AX1800 BL-AX5400P and BL-WR9000 up to 20250702. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944628631915114684) 2025-07-14 05:22:49 UTC 54.9K followers, XXX engagements
"CVE-2025-7547 A vulnerability which was classified as critical was found in Campcodes Online Movie Theater Seat Reservation System XXX. This affects the function save_movie of the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944530663513677971) 2025-07-13 22:53:32 UTC 54.9K followers, XXX engagements
"CVE-2024-51769 An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944717319638307281) 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-53826 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.39.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945187446859395512) 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7594 A vulnerability was found in code-projects Job Diary XXX. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation o"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944710712066035840) 2025-07-14 10:48:59 UTC 54.9K followers, XXX engagements
"CVE-2025-34112 An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118955099849177) 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-6081 Insufficiently Protected Credentials in LDAP in Konica Minoltabizhub XXX Multifunction printersversion GCQ-Y3 or earlierallows an attacker can reconfigure the target"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1939909702210711929) 2025-07-01 04:51:29 UTC 54.9K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700232669216990) 2025-07-11 15:53:42 UTC 54.9K followers, XXX engagements
"CVE-2025-37104 A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562960522272885) 2025-07-16 19:15:31 UTC 54.9K followers, XXX engagements
"CVE-2025-50070 Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low priv"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207859483959599) 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668171254477166) 2025-07-11 13:46:18 UTC 54.9K followers, XXX engagements
"CVE-2025-7510 A vulnerability has been found in code-projects Modern Bag XXX and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.ph"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944205122772389999) 2025-07-13 01:19:57 UTC 54.9K followers, XXX engagements
"CVE-2025-53014 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944825152111284715) 2025-07-14 18:23:44 UTC 54.9K followers, XXX engagements
"CVE-2025-30973 Deserialization of Untrusted Data vulnerability in Codexpert Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a through 1.4.3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482478602653929) 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50069 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerabili"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207860385747071) 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-30754 Vulnerability in Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451 8u451-perf 11.0.27 17.0.15 21.0.7 24.0.1; Orac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207875074195938) 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-54041 Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for Woo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435439927791660) 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-6973 Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140324042420237) 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-50085 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207845919535199) 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-48301 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid YaySMTP allows SQL Injection. Th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435431979672005) 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7517 A vulnerability which was classified as critical has been found in code-projects Online Appointment Booking System XXX. This issue affects some unknown processing of"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944265203547328771) 2025-07-13 05:18:41 UTC 54.9K followers, XXX engagements
"CVE-2025-53839 DRACOON is a file sharing service and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Br"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944903204212511040) 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-41237 VMware ESXiWorkstation and Fusioncontain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.A malicious"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195277062648236) 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-40923 Plack-Middleware-Session before version XXXX for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482456905433157) 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2024-9342 In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435474161742127) 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-7587 A vulnerability was found in code-projects Online Appointment Booking System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944674143041155218) 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-50130 A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO. LTD. Opening V9 files or X1 files specia"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942594394202296511) 2025-07-08 14:39:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668215416287368) 2025-07-11 13:46:28 UTC 54.9K followers, XXX engagements
"CVE-2025-7035 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all version"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435479626903863) 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-48294 Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435428846490002) 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53997 Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435463457915242) 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7521 A vulnerability which was classified as critical was found in PHPGurukul Vehicle Parking Management System XXXX. Affected is an unknown function of the file /admin/in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944281290611863572) 2025-07-13 06:22:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7610 A vulnerability was found in code-projects Electricity Billing System XXX and classified as critical. Affected by this issue is some unknown functionality of the file /"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944770727262986714) 2025-07-14 14:47:28 UTC 54.9K followers, XXX engagements
"CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to i"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944710710392426917) 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-53820 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944863289491505276) 2025-07-14 20:55:16 UTC 54.9K followers, XXX engagements
"CVE-2025-30749 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207879633367516) 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49839 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226027581530334) 2025-07-15 20:56:40 UTC 54.9K followers, XXX engagements
"CVE-2025-30761 Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Ora"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226022837719190) 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2024-51768 An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944710708639277235) 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7608 A vulnerability which was classified as critical was found in code-projects Simple Shopping Cart XXX. Affected is an unknown function of the file /userlogin.php. The"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944763302661239194) 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-51651 An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808322210914591) 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-51656 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808326564618601) 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7554 A vulnerability classified as problematic was found in Sapido RB-1802 1.0.32. This vulnerability affects unknown code of the file urlfilter.asp of the component URL Fil"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944566698389962827) 2025-07-14 01:16:43 UTC 54.9K followers, XXX engagements
"CVE-2025-53895 ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2 3.3.2 2.71.13 and 2.70.14 vulnerability in ZITAD"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945164439688503476) 2025-07-15 16:51:56 UTC 54.9K followers, XXX engagements
"CVE-2025-49417 Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Mu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1941100194226942258) 2025-07-04 11:42:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7596 A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944717318795223111) 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-53642 haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additiona"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943730156750733595) 2025-07-11 17:52:36 UTC 54.9K followers, XXX engagements
"CVE-2025-7613 A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.c"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944779092814860652) 2025-07-14 15:20:42 UTC 54.9K followers, XXX engagements
"CVE-2025-31072 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme allows R"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482482775994667) 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-50073 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 14.1"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207856531218724) 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-50756 Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attac"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944770728206737611) 2025-07-14 14:47:28 UTC 54.9K followers, XXX engagements
"CVE-2025-28961 Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482466791407828) 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53887 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 the exact Directus version num"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944907781867270567) 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668199788343741) 2025-07-11 13:46:25 UTC 54.9K followers, XXX engagements
"CVE-2025-48299 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects Ya"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435430947852716) 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668169098621434) 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207830878810514) 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195275993141461) 2025-07-15 18:54:28 UTC 54.9K followers, 1111 engagements
"CVE-2025-48795 Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140331785171055) 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53995 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows Stored XSS. This issue affects JetPop"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435465546699126) 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2024-42648 NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944801993932808600) 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-30743 Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207885660672138) 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-6981 An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feat"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226024674799674) 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-51654 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808324823965929) 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7703 Authentication vulnerability in the mobile lead to the risk of information leakage"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435482642698429) 2025-07-16 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-49830 Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945223158199418892) 2025-07-15 20:45:16 UTC 54.9K followers, XXX engagements
"CVE-2025-53905 Vim is an open source command line text editor. Prior to version 9.1.1552 a path traversal issue in Vims tar.vim plugin can allow overwriting of arbitrary files wh"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226023752069335) 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54015 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form X allows PHP Local"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435456596021589) 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-50081 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207850789126520) 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-47652 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affect"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482490732494874) 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7481 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. This affects an unknown part of the file /users/prof"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944078699550159248) 2025-07-12 16:57:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7553 A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulati"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944545541758623802) 2025-07-13 23:52:39 UTC 54.9K followers, XXX engagements
"CVE-2025-51655 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808325696380958) 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-53991 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks allows Stored XSS. This issue affects JetTr"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435467635478616) 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-54033 Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elemen"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435446483562977) 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-7098 A vulnerability which was classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1942003716439375931) 2025-07-06 23:32:21 UTC 54.9K followers, 1133 engagements
"CVE-2025-50076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnera"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207855612604692) 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-44525 Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Blueto"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335928476340618) 2025-07-10 15:46:05 UTC 54.9K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335891855880316) 2025-07-10 15:45:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53639 MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or s"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944860706760741112) 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-50066 Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 21.3-21.18 and 23.4"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207863028150709) 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-6974 Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140323161632800) 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668161687269421) 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-54016 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects V"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435455480299772) 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-54010 Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a throu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435460257694085) 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-30750 Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 21.3-21.18 and 23.4-23.8. Easily exploi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207878710599758) 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49840 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in inference_webui"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226026465828917) 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-40985 SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version XXX to XXX. This vulnerability allows an attacker to exfiltrate some data from the database"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435477567566126) 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668216406110601) 2025-07-11 13:46:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668170222719111) 2025-07-11 13:46:18 UTC 54.9K followers, XXX engagements
"CVE-2025-24759 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDire"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482460848165294) 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-53825 Dokploy is a free self-hostable Platform as a Service (PaaS). Prior to version 0.24.3 an unauthenticated preview deployment vulnerability in Dokploy allows any user"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944893507996672506) 2025-07-14 22:55:21 UTC 54.9K followers, 1368 engagements
"CVE-2025-50106 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207825732350209) 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-54037 Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435443354628540) 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-53982 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This iss"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435473108938984) 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-34106 A buffer overflow vulnerability exists in PDF Shaper versions XXX and XXX when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionalit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118956903391336) 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-51653 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808323943182413) 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-53834 Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caidos toast UI component in versions prior to 0.49"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944893506989998233) 2025-07-14 22:55:21 UTC 54.9K followers, XXX engagements
"CVE-2024-26291 The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the Agent installed on Linux and Windows alike. The parameter filename does not"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944674143917797886) 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-30745 Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected ar"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207883332817333) 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207844933878219) 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7614 A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component H"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944779091900604639) 2025-07-14 15:20:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207839867208185) 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-28965 Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Short"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482468188143935) 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7509 A vulnerability which was classified as critical was found in code-projects Modern Bag XXX. This affects an unknown part of the file /admin/slide.php. The manipulatio"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944205123657298071) 2025-07-13 01:19:57 UTC 54.9K followers, XXX engagements
"CVE-2025-54026 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This is"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435448509428074) 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-49841 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in process_ckpt.py"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945226025606000908) 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-31055 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress allows Ref"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482479831494723) 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-7591 A vulnerability which was classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. Affected is an unknown function of the file view-invoi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944695888728785253) 2025-07-14 09:50:05 UTC 54.9K followers, XXX engagements
"CVE-2025-30955 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects L"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482475964444756) 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-27582 The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mech"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944736656889971163) 2025-07-14 12:32:05 UTC 54.9K followers, XXX engagements
"CVE-2025-6971 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140326059954210) 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943335884700401975) 2025-07-10 15:45:55 UTC 54.9K followers, XXX engagements
"CVE-2025-7520 A vulnerability which was classified as critical has been found in PHPGurukul Vehicle Parking Management System XXXX. This issue affects some unknown processing of th"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944265202641289237) 2025-07-13 05:18:41 UTC 54.9K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700209646571993) 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207848742302169) 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-28959 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This iss"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482465726107925) 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-50105 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected a"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207826629922934) 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668168058421744) 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7581 A vulnerability which was classified as critical has been found in code-projects Voting System XXX. Affected by this issue is some unknown functionality of the file /"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944658335648952643) 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-41236 VMware ESXi Workstation and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.A malicious actor with local administrative pri"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945195278140592164) 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-51652 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944808323083325871) 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-7667 The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.1.2. This is due to missing or incorre"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945087301828194708) 2025-07-15 11:45:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7628 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the functi"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944833028057874603) 2025-07-14 18:55:01 UTC 54.9K followers, XXX engagements
"CVE-2025-47554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Re"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482488417251383) 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53824 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944893508944584980) 2025-07-14 22:55:21 UTC 54.9K followers, XXX engagements
"CVE-2025-4369 The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the update_delay_days parameter in all versions up to and including"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945058616836546821) 2025-07-15 09:51:26 UTC 54.9K followers, XXX engagements
"CVE-2025-53840 Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2 users with access to Icinga Dependency Views"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482455601037787) 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53822 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944889704890896857) 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-7599 A vulnerability which was classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. Affected by this issue is some unknown functional"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944721637934264479) 2025-07-14 11:32:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700203262877937) 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-50107 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207824805454323) 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-49829 Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager Self-Hosted allows authenticated attackers to"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945216458151096723) 2025-07-15 20:18:38 UTC 54.9K followers, XXX engagements
"CVE-2025-54023 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435450619068902) 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-7597 A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The man"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944717316953878588) 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207835312209945) 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-7360 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944983504829202819) 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668214321545476) 2025-07-11 13:46:28 UTC 54.9K followers, XXX engagements
"CVE-2025-50097 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207834456580236) 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-53819 Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root) instead of the build users"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944863290418426072) 2025-07-14 20:55:16 UTC 54.9K followers, XXX engagements
"CVE-2025-53032 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vu"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207813971562837) 2025-07-15 19:44:17 UTC 54.9K followers, XXX engagements
"CVE-2025-50104 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207827624038709) 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-34107 A buffer overflow vulnerability exists in the WinaXe FTP Client version XXX within the FTP banner parsing functionality WCMDPA10.dll. When the client connects to a r"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118950540632358) 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-54006 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435462363214291) 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-34111 An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version XXXX and earlier via the ELFinder component's default connector (conn"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945118952411291663) 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-30753 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945207875942457662) 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943700205968224749) 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7477 A vulnerability which was classified as critical has been found in code-projects Simple Car Rental System XXX. This issue affects some unknown processing of the file"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1944047022736122195) 2025-07-12 14:51:43 UTC 54.9K followers, XXX engagements
"CVE-2025-40724 Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser b"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435478620348417) 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-53621 DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilit"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945140328954024116) 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1943668162756747774) 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-49888 Missing Authorization vulnerability in pimwick PW WooCommerce On Sale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945562974405427393) 2025-07-16 19:15:34 UTC 54.9K followers, XXX engagements
"CVE-2025-52378 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is exec"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945131497171591345) 2025-07-15 14:41:02 UTC 54.9K followers, XXX engagements
"CVE-2025-28955 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce allows Path Travers"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945482464472011221) 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54035 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945435445455974481) 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-50819 Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the"
 [@CVEnew](/creator/x/CVEnew) on [X](/post/tweet/1945145637156348331) 2025-07-15 15:37:13 UTC 54.9K followers, XXX engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew CVE
CVE posts on X about oracle, files, woocommerce, protocol the most. They currently have XXXXXX followers and 1303 posts still getting attention that total XXXXXX engagements in the last XX hours.
Engagements: XXXXXX #
- X Week XXXXXXX -XX%
- X Month XXXXXXXXX +108%
- X Months XXXXXXXXX -XXXX%
- X Year XXXXXXXXX -XX%
Mentions: XXX #
- X Week XXXXX +19%
- X Month XXXXX +160%
- X Months XXXXX +15%
- X Year XXXXXX +19%
Followers: XXXXXX #
- X Week XXXXXX +0.10%
- X Month XXXXXX +0.55%
- X Months XXXXXX +1.80%
- X Year XXXXXX +3.40%
CreatorRank: XXXXXXX #
Social Influence #
Social category influence currencies #676 technology brands XXX% stocks XXXX% social networks XXXX%
Social topic influence oracle 5.91%, files #1978, woocommerce #1, protocol 0.77%, inject 0.46%, $2395tw 0.46%, netgear 0.38%, javascript #200, realtime 0.31%, $4704t XXXX%
Top accounts mentioned or mentioned by @cveannounce @centry_agent @builderioqwikcity @askperplexity @secadvsalerts
Top assets mentioned Alphabet Inc Class A (GOOGL) IBM (IBM) Dell Technologies, Inc. (DELL) Texas Instruments (TXN)
Top Social Posts #
Top posts by engagements in the last XX hours
"CVE-2025-31422 Deserialization of Untrusted Data vulnerability in designthemes Visual Art Gallery WordPress Theme allows Object Injection. This issue affects Visual Art Gallery"
@CVEnew on X 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7367 The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to and including 3.2.11" @CVEnew on X 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7574 A vulnerability which was classified as critical was found in LB-LINK BL-AC1900 BL-AC2100_AZ3 BL-AC3600 BL-AX1800 BL-AX5400P and BL-WR9000 up to 20250702. Affecte" @CVEnew on X 2025-07-14 05:22:49 UTC 54.9K followers, XXX engagements
"CVE-2025-46500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflected XSS. This iss" @CVEnew on X 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7490 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. Affected is an unknown function of the file /admin/r" @CVEnew on X 2025-07-12 20:52:13 UTC 54.9K followers, XXX engagements
"CVE-2025-53885 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows to h" @CVEnew on X 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-30661 An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local low-privileged user" @CVEnew on X 2025-07-11 15:53:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54038 Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by M" @CVEnew on X 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-53823 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in" @CVEnew on X 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-30747 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60" @CVEnew on X 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-52948 An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker in rare cases" @CVEnew on X 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-49838 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in AudioPreD" @CVEnew on X 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-52947 An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allow" @CVEnew on X 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2024-26293 The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path T" @CVEnew on X 2025-07-14 09:50:04 UTC 54.9K followers, XXX engagements
"CVE-2025-53029 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2020-36848 The Total Upkeep WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up" @CVEnew on X 2025-07-12 12:27:49 UTC 54.9K followers, XXX engagements
"CVE-2025-53906 Vim is an open source command line text editor. Prior to version 9.1.1551 a path traversal issue in Vims zip.vim plugin can allow overwriting of arbitrary files wh" @CVEnew on X 2025-07-15 21:15:32 UTC 54.9K followers, 3995 engagements
"CVE-2025-7491 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been declared as critical. Affected by this vulnerability is an unknown functiona" @CVEnew on X 2025-07-12 21:34:54 UTC 54.9K followers, XXX engagements
"CVE-2025-53024 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-6565 A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler" @CVEnew on X 2025-06-24 13:11:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7584 A vulnerability was found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This issue affects some unknown processing of the file /admin/add-t" @CVEnew on X 2025-07-14 07:44:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7528 A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The m" @CVEnew on X 2025-07-13 11:50:52 UTC 54.9K followers, XXX engagements
"CVE-2025-50093 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3" @CVEnew on X 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-50103 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 9.0.0-9.3.0. Difficult t" @CVEnew on X 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-50108 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000" @CVEnew on X 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-7519 A flaw was found in polkit. When processing an XML policy with XX or more nested elements in depth an out-of-bounds write can be triggered. This issue can lead to a cr" @CVEnew on X 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-34108 A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP P" @CVEnew on X 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-6972 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow" @CVEnew on X 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-54009 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters allows Stored XSS. This issue affects" @CVEnew on X 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-30758 Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploit" @CVEnew on X 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-7598 A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/set" @CVEnew on X 2025-07-14 11:32:24 UTC 54.9K followers, XXX engagements
"CVE-2025-49833 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in the open_sli" @CVEnew on X 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-7626 A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerabil" @CVEnew on X 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM which allows authenticated users to copy arbitrary files from the server file system" @CVEnew on X 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53015 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 infinite lines occur when writing during" @CVEnew on X 2025-07-14 19:41:54 UTC 54.9K followers, XXX engagements
"CVE-2025-51658 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php" @CVEnew on X 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7612 A vulnerability was found in code-projects Mobile Shop XXX. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipu" @CVEnew on X 2025-07-14 14:47:27 UTC 54.9K followers, XXX engagements
"CVE-2023-39339 A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously" @CVEnew on X 2025-07-12 04:02:55 UTC 54.9K followers, XXX engagements
"CVE-2025-34109 PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An a" @CVEnew on X 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-53886 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 when using Directus Flows with" @CVEnew on X 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-34116 A remote command execution vulnerability exists in IPFire before version XXXX Core Update XXX via the 'proxy.cgi' CGI interface. An authenticated attacker can inject" @CVEnew on X 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-53623 The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerabil" @CVEnew on X 2025-07-14 20:18:37 UTC 54.9K followers, XXX engagements
"CVE-2024-51770 An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17" @CVEnew on X 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-7341 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie" @CVEnew on X 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7593 A vulnerability was found in code-projects Job Diary XXX and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The" @CVEnew on X 2025-07-14 10:18:36 UTC 54.9K followers, XXX engagements
"CVE-2025-54042 Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9" @CVEnew on X 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-52080 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 16:21:01 UTC 54.9K followers, XXX engagements
"CVE-2025-52964 A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based at" @CVEnew on X 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-50062 Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are aff" @CVEnew on X 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-50064 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-50102 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-48155 Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue aff" @CVEnew on X 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-39362 Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2" @CVEnew on X 2025-07-02 11:31:06 UTC 54.9K followers, XXX engagements
"CVE-2025-53984 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows Stored XSS. This issue affects JetTabs" @CVEnew on X 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-53903 The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs leadin" @CVEnew on X 2025-07-15 18:54:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires" @CVEnew on X 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7569 A vulnerability was found in Bigotry OneBase up to 1.3.6. It has been declared as problematic. Affected by this vulnerability is the function parse_args of the file /tp" @CVEnew on X 2025-07-14 04:12:19 UTC 54.9K followers, XXX engagements
"CVE-2025-52949 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a l" @CVEnew on X 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-7615 A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cg" @CVEnew on X 2025-07-14 15:45:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7511 A vulnerability was found in code-projects Chat System XXX and classified as critical. This issue affects some unknown processing of the file /user/update_account.php" @CVEnew on X 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-34124 A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0 HD Mod XXXXX build X and Demo 1.0.0.0 via malicious .h3m map files that exp" @CVEnew on X 2025-07-16 21:35:32 UTC 54.9K followers, XXX engagements
"CVE-2025-7570 A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. Affected by this issue is some unknown functionality of the file /goform/" @CVEnew on X 2025-07-14 04:54:19 UTC 54.9K followers, XXX engagements
"CVE-2025-53028 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2025-30936 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Inject" @CVEnew on X 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-30739 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12" @CVEnew on X 2025-07-15 19:44:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7588 A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This affects an unknown part of the file edit-product.php. Th" @CVEnew on X 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-54011 Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a t" @CVEnew on X 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-48166 Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue a" @CVEnew on X 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-52521 Trend Micro Security XXXX (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally d" @CVEnew on X 2025-07-11 13:46:29 UTC 54.9K followers, XXX engagements
"CVE-2025-29009 Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Serv" @CVEnew on X 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-50087 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a loc" @CVEnew on X 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2024-42649 NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message" @CVEnew on X 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7611 A vulnerability was found in code-projects Wedding Reservation XXX. It has been classified as critical. This affects an unknown part of the file /global.php. The manipu" @CVEnew on X 2025-07-14 14:47:27 UTC 54.9K followers, XXX engagements
"CVE-2025-54018 Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af" @CVEnew on X 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-48153 Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through" @CVEnew on X 2025-07-16 10:48:43 UTC 54.9K followers, XXX engagements
"CVE-2025-27465 Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it using an executable stub. Some instructions" @CVEnew on X 2025-07-16 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2024-51767 An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17" @CVEnew on X 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7627 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the fu" @CVEnew on X 2025-07-14 18:23:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7657 Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se" @CVEnew on X 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an" @CVEnew on X 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-52082 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when proce" @CVEnew on X 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7609 A vulnerability has been found in code-projects Simple Shopping Cart XXX and classified as critical. Affected by this vulnerability is an unknown functionality of the f" @CVEnew on X 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-50059 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions" @CVEnew on X 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-50095 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vu" @CVEnew on X 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-7513 A vulnerability was found in code-projects Modern Bag XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /adm" @CVEnew on X 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-7604 A vulnerability was found in PHPGurukul Hospital Management System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of" @CVEnew on X 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7523 A vulnerability was found in Jinher OA XXX and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBa" @CVEnew on X 2025-07-13 07:35:07 UTC 54.9K followers, XXX engagements
"CVE-2025-50079 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-24391 A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messag" @CVEnew on X 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53892 Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escap" @CVEnew on X 2025-07-16 13:55:36 UTC 54.9K followers, XXX engagements
"CVE-2025-34300 A template injection vulnerability exists in Sawtooth Softwares Lighthouse Studio versions prior to 9.16.14 via the Perl web applicatio" @CVEnew on X 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secu" @CVEnew on X 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-53986 Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3" @CVEnew on X 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-53758 This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access coul" @CVEnew on X 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-50067 Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitab" @CVEnew on X 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-34115 An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with" @CVEnew on X 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 a" @CVEnew on X 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-7580 A vulnerability classified as critical was found in code-projects Voting System XXX. Affected by this vulnerability is an unknown functionality of the file /admin/posit" @CVEnew on X 2025-07-14 07:20:52 UTC 54.9K followers, XXX engagements
"CVE-2025-30949 Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through" @CVEnew on X 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-54050 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor allows Stored XSS. T" @CVEnew on X 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7512 A vulnerability was found in code-projects Modern Bag XXX. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipu" @CVEnew on X 2025-07-13 03:19:15 UTC 54.9K followers, XXX engagements
"CVE-2025-6993 The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in version" @CVEnew on X 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-54013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects W" @CVEnew on X 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-34068 An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the T" @CVEnew on X 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-7582 A vulnerability which was classified as critical was found in PHPGurukul Online Fire Reporting System XXX. This affects an unknown part of the file /admin/assigned-re" @CVEnew on X 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-49828 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager Self-Hosted (formerly k" @CVEnew on X 2025-07-15 19:52:59 UTC 54.9K followers, XXX engagements
"CVE-2025-7603 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP" @CVEnew on X 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7600 A vulnerability which was classified as critical was found in PHPGurukul Online Library Management System XXX. This affects an unknown part of the file /admin/student" @CVEnew on X 2025-07-14 11:53:09 UTC 54.9K followers, XXX engagements
"CVE-2025-54036 Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n" @CVEnew on X 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-47724 Delta Electronics CNCSoftlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execute" @CVEnew on X 2025-06-04 07:50:34 UTC 54.9K followers, XXX engagements
"CVE-2024-42650 NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service" @CVEnew on X 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker to reach the J" @CVEnew on X 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-53025 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-50065 Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 2" @CVEnew on X 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-52687 Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the paylo" @CVEnew on X 2025-07-16 07:44:42 UTC 54.9K followers, XXX engagements
"CVE-2025-53994 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows DOM-Based XSS. This issue affects Jet" @CVEnew on X 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-54030 Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue aff" @CVEnew on X 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-20300 In Splunk Enterprise versions below 9.4.2 9.3.5 9.2.6 and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103 9.3.2408.112 and 9.2.2406.119 a low-privil" @CVEnew on X 2025-07-07 17:53:00 UTC 54.9K followers, XXX engagements
"CVE-2025-7042 Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an atta" @CVEnew on X 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-30746 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exp" @CVEnew on X 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-53643 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14 the Python parser is vulnerable to a request smuggling vulne" @CVEnew on X 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-30752 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java S" @CVEnew on X 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-7625 A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function" @CVEnew on X 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-52982 An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated network-based a" @CVEnew on X 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-52981 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600 SRX2300" @CVEnew on X 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7601 A vulnerability has been found in PHPGurukul Online Library Management System XXX and classified as problematic. This vulnerability affects unknown code of the file /ad" @CVEnew on X 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7575 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_d" @CVEnew on X 2025-07-14 05:49:44 UTC 54.9K followers, XXX engagements
"CVE-2025-50090 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-1" @CVEnew on X 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-53842 Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited an attacke" @CVEnew on X 2025-07-16 05:22:48 UTC 54.9K followers, XXX engagements
"CVE-2025-52955 An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to" @CVEnew on X 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-54024 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affect" @CVEnew on X 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-6377 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 54.9K followers, XXX engagements
"CVE-2025-7586 A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /gofor" @CVEnew on X 2025-07-14 08:23:41 UTC 54.9K followers, XXX engagements
"CVE-2025-49319 Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects" @CVEnew on X 2025-07-16 19:15:33 UTC 54.9K followers, XXX engagements
"CVE-2025-7605 A vulnerability was found in code-projects AVL Rooms XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php" @CVEnew on X 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-48295 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows Stored XSS. This issue a" @CVEnew on X 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7606 A vulnerability classified as critical has been found in code-projects AVL Rooms XXX. This affects an unknown part of the file /city.php. The manipulation of the argume" @CVEnew on X 2025-07-14 13:13:42 UTC 54.9K followers, XXX engagements
"CVE-2025-7595 A vulnerability was found in code-projects Job Diary XXX. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manip" @CVEnew on X 2025-07-14 10:48:59 UTC 54.9K followers, XXX engagements
"CVE-2025-7529 A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit" @CVEnew on X 2025-07-13 12:28:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7672 The improper default setting in JiranSoft CrossEditor4 on Windows Linux Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.0" @CVEnew on X 2025-07-15 07:43:53 UTC 54.9K followers, XXX engagements
"CVE-2025-31070 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows P" @CVEnew on X 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-7012 An issue in Cato Networks' CatoClient for Linux before version XXX allows a local attacker to escalate privileges to root by exploiting improper symbolic link handlin" @CVEnew on X 2025-07-13 08:47:16 UTC 54.9K followers, XXX engagements
"CVE-2025-7522 A vulnerability has been found in PHPGurukul Vehicle Parking Management System XXXX and classified as critical. Affected by this vulnerability is an unknown functionali" @CVEnew on X 2025-07-13 06:52:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53989 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Stored XSS. This issue" @CVEnew on X 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-7527 A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The" @CVEnew on X 2025-07-13 10:41:26 UTC 54.9K followers, XXX engagements
"CVE-2025-24777 Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7" @CVEnew on X 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-7531 A vulnerability which was classified as critical was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSe" @CVEnew on X 2025-07-13 15:50:59 UTC 54.9K followers, XXX engagements
"CVE-2025-24779 Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0" @CVEnew on X 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: f" @CVEnew on X 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-6977 The ProfileGrid User Profiles Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the pm_get_messenger_notification fun" @CVEnew on X 2025-07-16 05:22:48 UTC 54.9K followers, XXX engagements
"CVE-2025-30748 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60" @CVEnew on X 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49834 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in open_denoise" @CVEnew on X 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-54020 Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form X allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7:" @CVEnew on X 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-34104 An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions an" @CVEnew on X 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-50078 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3" @CVEnew on X 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-34103 An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0 due to improper input handling in the undocumente" @CVEnew on X 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-5284 The Master Addons Elementor Addons with White Label Free Widgets Hover Effects Conditions & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scr" @CVEnew on X 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-30744 Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are" @CVEnew on X 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolv" @CVEnew on X 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-50068 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-50072 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-52953 An Expected Behavior Violationvulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent" @CVEnew on X 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-34110 A directory traversal vulnerability exists in ColoradoFTP Server XXX Build X for Windows allowing unauthenticated attackers to read or write arbitrary files outsid" @CVEnew on X 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-7590 A vulnerability which was classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. This issue affects some unknown processing of the" @CVEnew on X 2025-07-14 09:24:22 UTC 54.9K followers, XXX engagements
"CVE-2025-53026 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-48156 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image" @CVEnew on X 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-53959 In JetBrains YouTrack before 2025.2.86069 2024.3.85077 2025.1.86199 email spoofing via an administrative API was possible" @CVEnew on X 2025-07-15 16:51:56 UTC 54.9K followers, XXX engagements
"CVE-2025-6965 There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a mem" @CVEnew on X 2025-07-15 14:17:01 UTC 54.9K followers, XXX engagements
"CVE-2025-52963 An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local low-privileged attacker to bring down an interface l" @CVEnew on X 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-52984 A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-bas" @CVEnew on X 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7451 The iSherlock developed by Hgiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them o" @CVEnew on X 2025-07-14 03:14:47 UTC 54.9K followers, XXX engagements
"CVE-2025-54051 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LightBox Block allows Stored XSS. This issue affects Li" @CVEnew on X 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-52379 Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um" @CVEnew on X 2025-07-15 15:16:09 UTC 54.9K followers, XXX engagements
"CVE-2025-33097 IBM QRadar SIEM XXX - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code i" @CVEnew on X 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53622 DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4 XXX and XXX a path traversal vu" @CVEnew on X 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-53836 XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax HTML etc) into another syntax (XHTML etc). Starting in ver" @CVEnew on X 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7566 A vulnerability has been found in jshERP up to XXX and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com" @CVEnew on X 2025-07-14 04:12:20 UTC 54.9K followers, XXX engagements
"CVE-2025-53515 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authe" @CVEnew on X 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-51659 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php" @CVEnew on X 2025-07-14 17:16:53 UTC 54.9K followers, XXX engagements
"CVE-2025-48161 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects Yay" @CVEnew on X 2025-07-16 10:48:44 UTC 54.9K followers, XXX engagements
"CVE-2025-40776 A named caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND X versio" @CVEnew on X 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7340 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil" @CVEnew on X 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7620 The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malici" @CVEnew on X 2025-07-14 04:12:20 UTC 54.9K followers, XXX engagements
"CVE-2025-30959 Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. Thi" @CVEnew on X 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50100 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and" @CVEnew on X 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-54022 Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates:" @CVEnew on X 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-50098 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-52081 In Netgear XR300 V1.0.3.38_10.3.30 a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occ" @CVEnew on X 2025-07-15 15:54:35 UTC 54.9K followers, XXX engagements
"CVE-2025-0831 Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an a" @CVEnew on X 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2024-42646 A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages" @CVEnew on X 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-52951 A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effec" @CVEnew on X 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-48167 Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Man" @CVEnew on X 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7515 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System XXX. This affects an unknown part of the file /ulocateus.php. T" @CVEnew on X 2025-07-13 04:13:33 UTC 54.9K followers, XXX engagements
"CVE-2025-31427 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme allows" @CVEnew on X 2025-07-16 13:55:44 UTC 54.9K followers, XXX engagements
"CVE-2025-7602 A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component" @CVEnew on X 2025-07-14 12:32:04 UTC 54.9K followers, XXX engagements
"CVE-2025-30483 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker" @CVEnew on X 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53019 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26 in ImageMagick's magick st" @CVEnew on X 2025-07-14 19:50:29 UTC 54.9K followers, XXX engagements
"CVE-2025-24477 A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2 7.4.0 through 7.4.7 7.2.4 through 7.2.11 allows an attacker to escalate its privileges" @CVEnew on X 2025-07-15 08:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-49835 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in open_asr fun" @CVEnew on X 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authent" @CVEnew on X 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7585 A vulnerability was found in PHPGurukul Online Fire Reporting System XXX. It has been classified as critical. Affected is an unknown function of the file /admin/manage-" @CVEnew on X 2025-07-14 07:54:22 UTC 54.9K followers, XXX engagements
"CVE-2025-30760 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9" @CVEnew on X 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-30762 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-51660 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php" @CVEnew on X 2025-07-14 17:16:53 UTC 54.9K followers, XXX engagements
"CVE-2025-50094 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42 8.4.5 and 9.3.0. Easily exploit" @CVEnew on X 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-49831 An attacker of Secrets Manager Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentica" @CVEnew on X 2025-07-15 20:45:15 UTC 54.9K followers, XXX engagements
"CVE-2025-49837 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in AudioPre" @CVEnew on X 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-34113 An authenticated command injection vulnerability exists in Tiki Wiki CMS versions XXXX XXXX LTS XXXX LTS and XXXX via the viewmode GET parameter in tiki-cal" @CVEnew on X 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-50082 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-53890 pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoads CAPTCHA processing code allows unauthentic" @CVEnew on X 2025-07-15 01:16:30 UTC 54.9K followers, XXX engagements
"CVE-2025-51657 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php" @CVEnew on X 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-53889 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0 Directus Flows with a manual" @CVEnew on X 2025-07-15 01:16:30 UTC 54.9K followers, XXX engagements
"CVE-2025-3621 Vulnerabilities* in ActADUR local server product developed and maintained by ProTNS allows Remote Code Inclusion on host systems. * vulnerabilities: * Imprope" @CVEnew on X 2025-07-15 07:43:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7535 A vulnerability was found in Campcodes Sales and Inventory System XXX. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t" @CVEnew on X 2025-07-13 17:52:31 UTC 54.9K followers, XXX engagements
"CVE-2025-7524 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstec" @CVEnew on X 2025-07-13 09:42:45 UTC 54.9K followers, XXX engagements
"CVE-2025-34105 A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28 7.5.12 and 8.2.14. The vulnerability arises" @CVEnew on X 2025-07-15 13:51:13 UTC 54.9K followers, XXX engagements
"CVE-2025-25180 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certai" @CVEnew on X 2025-07-14 03:14:48 UTC 54.9K followers, XXX engagements
"CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker with high pr" @CVEnew on X 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-7589 A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. This vulnerability affects unknown code of the file edit-company.p" @CVEnew on X 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-51650 An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted" @CVEnew on X 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-26186 SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php" @CVEnew on X 2025-07-15 17:18:48 UTC 54.9K followers, XXX engagements
"CVE-2025-48291 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allo" @CVEnew on X 2025-07-16 13:55:46 UTC 54.9K followers, XXX engagements
"CVE-2025-53821 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application" @CVEnew on X 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50061 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions" @CVEnew on X 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-49827 Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager Self-Hosted (formerly k" @CVEnew on X 2025-07-15 19:44:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7616 A vulnerability which was classified as critical has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the c" @CVEnew on X 2025-07-14 15:56:20 UTC 54.9K followers, XXX engagements
"CVE-2025-30759 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported versions that are affected" @CVEnew on X 2025-07-15 19:44:31 UTC 54.9K followers, XXX engagements
"CVE-2025-52958 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of JuniperNetworks Junos OS and Junos OS Evolved allows an adjacentunauthenticatedattacke" @CVEnew on X 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat" @CVEnew on X 2025-07-14 23:16:21 UTC 54.9K followers, XXX engagements
"CVE-2024-26292 The Application is vulnerable to an authenticated Arbitrary File Deletion. This affects the Agent installed on Linux and Windows alike. As the application runs with h" @CVEnew on X 2025-07-14 08:55:09 UTC 54.9K followers, XXX engagements
"CVE-2025-7530 A vulnerability which was classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /gof" @CVEnew on X 2025-07-13 15:33:47 UTC 54.9K followers, XXX engagements
"CVE-2025-50060 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0 8.2.0.0.0 and 12.2" @CVEnew on X 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-52377 Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below allowing authenticated attackers to execute arbitrary commands on" @CVEnew on X 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-29000 Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This is" @CVEnew on X 2025-07-16 13:55:41 UTC 54.9K followers, XXX engagements
"CVE-2025-53640 Indico is an event management system that uses Flask-Multipass a multi-backend authentication system for Flask. Starting in version XXX and prior to version 3.3.7 a" @CVEnew on X 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-52376 An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing an attack" @CVEnew on X 2025-07-15 14:17:02 UTC 54.9K followers, XXX engagements
"CVE-2025-48150 Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured" @CVEnew on X 2025-07-16 10:48:43 UTC 54.9K followers, XXX engagements
"CVE-2025-28982 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP P" @CVEnew on X 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7407 A vulnerability which was classified as critical was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argu" @CVEnew on X 2025-07-10 15:45:53 UTC 54.9K followers, XXX engagements
"CVE-2025-53818 GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3" @CVEnew on X 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-53031 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Suppor" @CVEnew on X 2025-07-15 19:44:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7583 A vulnerability has been found in PHPGurukul Online Fire Reporting System XXX and classified as critical. This vulnerability affects unknown code of the file /admin/all" @CVEnew on X 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is a command injection vulnerability in change_label" @CVEnew on X 2025-07-15 20:45:14 UTC 54.9K followers, XXX engagements
"CVE-2025-7489 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX and classified as critical. This issue affects some unknown processing of the file /admin" @CVEnew on X 2025-07-12 20:35:22 UTC 54.9K followers, XXX engagements
"CVE-2025-50063 Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerabilit" @CVEnew on X 2025-07-15 19:44:30 UTC 54.9K followers, XXX engagements
"CVE-2025-30751 Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 23.4-23.8. Easily exploitable vuln" @CVEnew on X 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component" @CVEnew on X 2025-07-11 15:53:41 UTC 54.9K followers, XXX engagements
"CVE-2025-49464 Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access" @CVEnew on X 2025-07-10 17:38:25 UTC 54.9K followers, XXX engagements
"CVE-2025-53030 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2023-39338 Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that" @CVEnew on X 2025-07-12 04:02:55 UTC 54.9K followers, XXX engagements
"CVE-2020-36849 The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-e" @CVEnew on X 2025-07-12 12:27:49 UTC 54.9K followers, XXX engagements
"CVE-2025-54043 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue" @CVEnew on X 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-54039 Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16" @CVEnew on X 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-50071 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Web Utilities). Supported versions that are affected are 12.2.3-12" @CVEnew on X 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-22227 In some specific scenarios with chained redirects Reactor Netty HTTP client leaks credentials. In order for this to happen the HTTP client must have been explicitly" @CVEnew on X 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53689 Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges" @CVEnew on X 2025-07-14 09:50:05 UTC 54.9K followers, XXX engagements
"CVE-2025-7359 The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_bl" @CVEnew on X 2025-07-16 07:44:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53893 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.38.0" @CVEnew on X 2025-07-15 17:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-7492 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been rated as critical. Affected by this issue is some unknown functionality of t" @CVEnew on X 2025-07-12 21:43:56 UTC 54.9K followers, XXX engagements
"CVE-2025-6558 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape v" @CVEnew on X 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7607 A vulnerability which was classified as critical has been found in code-projects Simple Shopping Cart XXX. This issue affects some unknown processing of the file /Cus" @CVEnew on X 2025-07-14 14:17:58 UTC 54.9K followers, XXX engagements
"CVE-2025-50088 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41 8.4.0-8.4.4 and 9.0.0-9.2.0. E" @CVEnew on X 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable" @CVEnew on X 2025-07-15 19:44:19 UTC 54.9K followers, XXX engagements
"CVE-2025-53996 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows Stored XSS. This issue affects JetSe" @CVEnew on X 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7592 A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System XXX and classified as critical. Affected by this vulnerability is an unknown functionalit" @CVEnew on X 2025-07-14 09:50:04 UTC 54.9K followers, XXX engagements
"CVE-2025-1220 In PHP versions:8.1.* before 8.1.33 8.2.* before 8.2.29 8.3.* before 8.3.23 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname sup" @CVEnew on X 2025-07-13 22:53:32 UTC 54.9K followers, XXX engagements
"CVE-2025-52950 AMissing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive" @CVEnew on X 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-5957 The Guest Support Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch" @CVEnew on X 2025-07-08 05:18:03 UTC 54.9K followers, XXX engagements
"CVE-2025-53027 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable v" @CVEnew on X 2025-07-15 19:44:18 UTC 54.9K followers, XXX engagements
"CVE-2025-5396 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.0.0. This is due to the bbackup_ajax_handle() funct" @CVEnew on X 2025-07-17 03:08:03 UTC 54.9K followers, XXX engagements
"CVE-2025-7525 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /" @CVEnew on X 2025-07-13 09:52:19 UTC 54.9K followers, XXX engagements
"CVE-2025-30756 Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthent" @CVEnew on X 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-54047 Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost C" @CVEnew on X 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7516 A vulnerability classified as critical was found in code-projects Online Appointment Booking System XXX. This vulnerability affects unknown code of the file /cancelbook" @CVEnew on X 2025-07-13 04:51:00 UTC 54.9K followers, XXX engagements
"CVE-2025-47645 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products Price" @CVEnew on X 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53835 XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax HTML etc) into another syntax (XHTML etc). Starting in ver" @CVEnew on X 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-52954 A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolvedallows a local low-privileged user to" @CVEnew on X 2025-07-11 15:53:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7093 A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /gofor" @CVEnew on X 2025-07-06 20:52:17 UTC 54.9K followers, 1035 engagements
"CVE-2025-50089 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vu" @CVEnew on X 2025-07-15 19:44:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52946 A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BG" @CVEnew on X 2025-07-11 15:53:38 UTC 54.9K followers, XXX engagements
"CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage" @CVEnew on X 2025-07-11 15:53:42 UTC 54.9K followers, XXX engagements
"CVE-2025-41239 VMware ESXi Workstation Fusion and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets.A malicio" @CVEnew on X 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-53101 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26 in ImageMagick's magick mo" @CVEnew on X 2025-07-14 20:18:38 UTC 54.9K followers, XXX engagements
"CVE-2025-53990 Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder allows Object Injection. This issue affects JetFormBuilder: from n/a through 3.5.1.2" @CVEnew on X 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-6265 A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker w" @CVEnew on X 2025-07-15 04:08:55 UTC 54.9K followers, 1723 engagements
"CVE-2025-7514 A vulnerability was found in code-projects Modern Bag XXX. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contac" @CVEnew on X 2025-07-13 04:13:33 UTC 54.9K followers, XXX engagements
"CVE-2025-52985 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to by" @CVEnew on X 2025-07-11 15:53:34 UTC 54.9K followers, XXX engagements
"CVE-2025-7573 A vulnerability which was classified as critical has been found in LB-LINK BL-AC1900 BL-AC2100_AZ3 BL-AC3600 BL-AX1800 BL-AX5400P and BL-WR9000 up to 20250702. Th" @CVEnew on X 2025-07-14 05:22:49 UTC 54.9K followers, XXX engagements
"CVE-2025-7547 A vulnerability which was classified as critical was found in Campcodes Online Movie Theater Seat Reservation System XXX. This affects the function save_movie of the" @CVEnew on X 2025-07-13 22:53:32 UTC 54.9K followers, XXX engagements
"CVE-2024-51769 An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17" @CVEnew on X 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-53826 File Browser provides a file managing interface within a specified directory and it can be used to upload delete preview rename and edit files. In version 2.39.0" @CVEnew on X 2025-07-15 18:23:21 UTC 54.9K followers, XXX engagements
"CVE-2025-7594 A vulnerability was found in code-projects Job Diary XXX. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation o" @CVEnew on X 2025-07-14 10:48:59 UTC 54.9K followers, XXX engagements
"CVE-2025-34112 An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection" @CVEnew on X 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-6081 Insufficiently Protected Credentials in LDAP in Konica Minoltabizhub XXX Multifunction printersversion GCQ-Y3 or earlierallows an attacker can reconfigure the target" @CVEnew on X 2025-07-01 04:51:29 UTC 54.9K followers, XXX engagements
"CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body" @CVEnew on X 2025-07-11 15:53:42 UTC 54.9K followers, XXX engagements
"CVE-2025-37104 A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injec" @CVEnew on X 2025-07-16 19:15:31 UTC 54.9K followers, XXX engagements
"CVE-2025-50070 Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low priv" @CVEnew on X 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-53397 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By exploiting this f" @CVEnew on X 2025-07-11 13:46:18 UTC 54.9K followers, XXX engagements
"CVE-2025-7510 A vulnerability has been found in code-projects Modern Bag XXX and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.ph" @CVEnew on X 2025-07-13 01:19:57 UTC 54.9K followers, XXX engagements
"CVE-2025-53014 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in" @CVEnew on X 2025-07-14 18:23:44 UTC 54.9K followers, XXX engagements
"CVE-2025-30973 Deserialization of Untrusted Data vulnerability in Codexpert Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a through 1.4.3" @CVEnew on X 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50069 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerabili" @CVEnew on X 2025-07-15 19:44:28 UTC 54.9K followers, XXX engagements
"CVE-2025-30754 Vulnerability in Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451 8u451-perf 11.0.27 17.0.15 21.0.7 24.0.1; Orac" @CVEnew on X 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-54041 Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for Woo" @CVEnew on X 2025-07-16 10:48:47 UTC 54.9K followers, XXX engagements
"CVE-2025-6973 Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attac" @CVEnew on X 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-50085 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-48301 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid YaySMTP allows SQL Injection. Th" @CVEnew on X 2025-07-16 10:48:46 UTC 54.9K followers, XXX engagements
"CVE-2025-7517 A vulnerability which was classified as critical has been found in code-projects Online Appointment Booking System XXX. This issue affects some unknown processing of" @CVEnew on X 2025-07-13 05:18:41 UTC 54.9K followers, XXX engagements
"CVE-2025-53839 DRACOON is a file sharing service and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Br" @CVEnew on X 2025-07-14 23:33:53 UTC 54.9K followers, XXX engagements
"CVE-2025-41237 VMware ESXiWorkstation and Fusioncontain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.A malicious" @CVEnew on X 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-40923 Plack-Middleware-Session before version XXXX for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-i" @CVEnew on X 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2024-9342 In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts" @CVEnew on X 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-7587 A vulnerability was found in code-projects Online Appointment Booking System XXX. It has been rated as critical. Affected by this issue is some unknown functionality of" @CVEnew on X 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-50130 A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO. LTD. Opening V9 files or X1 files specia" @CVEnew on X 2025-07-08 14:39:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely t" @CVEnew on X 2025-07-11 13:46:28 UTC 54.9K followers, XXX engagements
"CVE-2025-7035 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all version" @CVEnew on X 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-48294 Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from" @CVEnew on X 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53997 Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a" @CVEnew on X 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-7521 A vulnerability which was classified as critical was found in PHPGurukul Vehicle Parking Management System XXXX. Affected is an unknown function of the file /admin/in" @CVEnew on X 2025-07-13 06:22:37 UTC 54.9K followers, XXX engagements
"CVE-2025-7610 A vulnerability was found in code-projects Electricity Billing System XXX and classified as critical. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-14 14:47:28 UTC 54.9K followers, XXX engagements
"CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to i" @CVEnew on X 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-53820 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 20:55:16 UTC 54.9K followers, XXX engagements
"CVE-2025-30749 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are" @CVEnew on X 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49839 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in" @CVEnew on X 2025-07-15 20:56:40 UTC 54.9K followers, XXX engagements
"CVE-2025-30761 Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Ora" @CVEnew on X 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2024-51768 An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17" @CVEnew on X 2025-07-14 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-7608 A vulnerability which was classified as critical was found in code-projects Simple Shopping Cart XXX. Affected is an unknown function of the file /userlogin.php. The" @CVEnew on X 2025-07-14 14:17:57 UTC 54.9K followers, XXX engagements
"CVE-2025-51651 An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted" @CVEnew on X 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-51656 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php" @CVEnew on X 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7554 A vulnerability classified as problematic was found in Sapido RB-1802 1.0.32. This vulnerability affects unknown code of the file urlfilter.asp of the component URL Fil" @CVEnew on X 2025-07-14 01:16:43 UTC 54.9K followers, XXX engagements
"CVE-2025-53895 ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2 3.3.2 2.71.13 and 2.70.14 vulnerability in ZITAD" @CVEnew on X 2025-07-15 16:51:56 UTC 54.9K followers, XXX engagements
"CVE-2025-49417 Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Mu" @CVEnew on X 2025-07-04 11:42:04 UTC 54.9K followers, XXX engagements
"CVE-2025-7596 A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet" @CVEnew on X 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-53642 haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additiona" @CVEnew on X 2025-07-11 17:52:36 UTC 54.9K followers, XXX engagements
"CVE-2025-7613 A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.c" @CVEnew on X 2025-07-14 15:20:42 UTC 54.9K followers, XXX engagements
"CVE-2025-31072 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme allows R" @CVEnew on X 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-50073 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 14.1" @CVEnew on X 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-50756 Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attac" @CVEnew on X 2025-07-14 14:47:28 UTC 54.9K followers, XXX engagements
"CVE-2025-28961 Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7" @CVEnew on X 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-53887 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0 the exact Directus version num" @CVEnew on X 2025-07-14 23:52:04 UTC 54.9K followers, XXX engagements
"CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder XXX file manager and its use of the jQuery File Upload plu" @CVEnew on X 2025-07-11 13:46:25 UTC 54.9K followers, XXX engagements
"CVE-2025-48299 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects Ya" @CVEnew on X 2025-07-16 10:48:45 UTC 54.9K followers, XXX engagements
"CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating cert" @CVEnew on X 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:21 UTC 54.9K followers, XXX engagements
"CVE-2025-41238 VMware ESXi Workstation and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.A mal" @CVEnew on X 2025-07-15 18:54:28 UTC 54.9K followers, 1111 engagements
"CVE-2025-48795 Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into" @CVEnew on X 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-53995 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows Stored XSS. This issue affects JetPop" @CVEnew on X 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2024-42648 NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message" @CVEnew on X 2025-07-14 16:51:42 UTC 54.9K followers, XXX engagements
"CVE-2025-30743 Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected" @CVEnew on X 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-6981 An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feat" @CVEnew on X 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-51654 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php" @CVEnew on X 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-7703 Authentication vulnerability in the mobile lead to the risk of information leakage" @CVEnew on X 2025-07-16 10:48:58 UTC 54.9K followers, XXX engagements
"CVE-2025-49830 Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to" @CVEnew on X 2025-07-15 20:45:16 UTC 54.9K followers, XXX engagements
"CVE-2025-53905 Vim is an open source command line text editor. Prior to version 9.1.1552 a path traversal issue in Vims tar.vim plugin can allow overwriting of arbitrary files wh" @CVEnew on X 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54015 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form X allows PHP Local" @CVEnew on X 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-50081 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-47652 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affect" @CVEnew on X 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-7481 A vulnerability was found in PHPGurukul Vehicle Parking Management System XXXX. It has been classified as critical. This affects an unknown part of the file /users/prof" @CVEnew on X 2025-07-12 16:57:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7553 A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulati" @CVEnew on X 2025-07-13 23:52:39 UTC 54.9K followers, XXX engagements
"CVE-2025-51655 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php" @CVEnew on X 2025-07-14 17:16:52 UTC 54.9K followers, XXX engagements
"CVE-2025-53991 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks allows Stored XSS. This issue affects JetTr" @CVEnew on X 2025-07-16 10:48:54 UTC 54.9K followers, XXX engagements
"CVE-2025-54033 Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elemen" @CVEnew on X 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-7098 A vulnerability which was classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name" @CVEnew on X 2025-07-06 23:32:21 UTC 54.9K followers, 1133 engagements
"CVE-2025-50076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnera" @CVEnew on X 2025-07-15 19:44:27 UTC 54.9K followers, XXX engagements
"CVE-2025-44525 Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Blueto" @CVEnew on X 2025-07-10 15:46:05 UTC 54.9K followers, XXX engagements
"CVE-2025-6376 A remote code execution security issue exists in the Rockwell AutomationArena.A crafted DOE file can force Arena Simulation to write beyond the boundaries of an all" @CVEnew on X 2025-07-10 15:45:56 UTC 54.9K followers, XXX engagements
"CVE-2025-53639 MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or s" @CVEnew on X 2025-07-14 20:45:00 UTC 54.9K followers, XXX engagements
"CVE-2025-50066 Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 21.3-21.18 and 23.4" @CVEnew on X 2025-07-15 19:44:29 UTC 54.9K followers, XXX engagements
"CVE-2025-6974 Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could" @CVEnew on X 2025-07-15 15:16:06 UTC 54.9K followers, XXX engagements
"CVE-2025-53509 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker" @CVEnew on X 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-54016 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects V" @CVEnew on X 2025-07-16 10:48:51 UTC 54.9K followers, XXX engagements
"CVE-2025-54010 Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a throu" @CVEnew on X 2025-07-16 10:48:52 UTC 54.9K followers, XXX engagements
"CVE-2025-30750 Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 21.3-21.18 and 23.4-23.8. Easily exploi" @CVEnew on X 2025-07-15 19:44:33 UTC 54.9K followers, XXX engagements
"CVE-2025-49840 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in inference_webui" @CVEnew on X 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-40985 SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version XXX to XXX. This vulnerability allows an attacker to exfiltrate some data from the database" @CVEnew on X 2025-07-16 10:48:56 UTC 54.9K followers, XXX engagements
"CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker" @CVEnew on X 2025-07-11 13:46:29 UTC 54.9K followers, XXX engagements
"CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057 which could allow a reflected cross-site scripting (XSS) attack. By manipulating spec" @CVEnew on X 2025-07-11 13:46:18 UTC 54.9K followers, XXX engagements
"CVE-2025-24759 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDire" @CVEnew on X 2025-07-16 13:55:38 UTC 54.9K followers, XXX engagements
"CVE-2025-53825 Dokploy is a free self-hostable Platform as a Service (PaaS). Prior to version 0.24.3 an unauthenticated preview deployment vulnerability in Dokploy allows any user" @CVEnew on X 2025-07-14 22:55:21 UTC 54.9K followers, 1368 engagements
"CVE-2025-50106 Vulnerability in the Oracle Java SE Oracle GraalVM for JDK Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are" @CVEnew on X 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-54037 Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec" @CVEnew on X 2025-07-16 10:48:48 UTC 54.9K followers, XXX engagements
"CVE-2025-53982 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This iss" @CVEnew on X 2025-07-16 10:48:55 UTC 54.9K followers, XXX engagements
"CVE-2025-34106 A buffer overflow vulnerability exists in PDF Shaper versions XXX and XXX when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionalit" @CVEnew on X 2025-07-15 13:51:12 UTC 54.9K followers, XXX engagements
"CVE-2025-51653 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php" @CVEnew on X 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-53834 Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caidos toast UI component in versions prior to 0.49" @CVEnew on X 2025-07-14 22:55:21 UTC 54.9K followers, XXX engagements
"CVE-2024-26291 The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the Agent installed on Linux and Windows alike. The parameter filename does not" @CVEnew on X 2025-07-14 08:23:40 UTC 54.9K followers, XXX engagements
"CVE-2025-30745 Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected ar" @CVEnew on X 2025-07-15 19:44:34 UTC 54.9K followers, XXX engagements
"CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4" @CVEnew on X 2025-07-15 19:44:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7614 A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component H" @CVEnew on X 2025-07-14 15:20:42 UTC 54.9K followers, XXX engagements
"CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:23 UTC 54.9K followers, XXX engagements
"CVE-2025-28965 Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Short" @CVEnew on X 2025-07-16 13:55:40 UTC 54.9K followers, XXX engagements
"CVE-2025-7509 A vulnerability which was classified as critical was found in code-projects Modern Bag XXX. This affects an unknown part of the file /admin/slide.php. The manipulatio" @CVEnew on X 2025-07-13 01:19:57 UTC 54.9K followers, XXX engagements
"CVE-2025-54026 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This is" @CVEnew on X 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-49841 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior there is an unsafe deserialization vulnerability in process_ckpt.py" @CVEnew on X 2025-07-15 20:56:39 UTC 54.9K followers, XXX engagements
"CVE-2025-31055 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress allows Ref" @CVEnew on X 2025-07-16 13:55:43 UTC 54.9K followers, XXX engagements
"CVE-2025-7591 A vulnerability which was classified as critical was found in PHPGurukul Dairy Farm Shop Management System XXX. Affected is an unknown function of the file view-invoi" @CVEnew on X 2025-07-14 09:50:05 UTC 54.9K followers, XXX engagements
"CVE-2025-30955 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects L" @CVEnew on X 2025-07-16 13:55:42 UTC 54.9K followers, XXX engagements
"CVE-2025-27582 The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mech" @CVEnew on X 2025-07-14 12:32:05 UTC 54.9K followers, XXX engagements
"CVE-2025-6971 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow" @CVEnew on X 2025-07-15 15:16:07 UTC 54.9K followers, XXX engagements
"CVE-2025-44251 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process" @CVEnew on X 2025-07-10 15:45:55 UTC 54.9K followers, XXX engagements
"CVE-2025-7520 A vulnerability which was classified as critical has been found in PHPGurukul Vehicle Parking Management System XXXX. This issue affects some unknown processing of th" @CVEnew on X 2025-07-13 05:18:41 UTC 54.9K followers, XXX engagements
"CVE-2025-52952 An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN MPC1 through MPC9 l" @CVEnew on X 2025-07-11 15:53:36 UTC 54.9K followers, XXX engagements
"CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0" @CVEnew on X 2025-07-15 19:44:26 UTC 54.9K followers, XXX engagements
"CVE-2025-28959 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This iss" @CVEnew on X 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-50105 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected a" @CVEnew on X 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by" @CVEnew on X 2025-07-11 13:46:17 UTC 54.9K followers, XXX engagements
"CVE-2025-7581 A vulnerability which was classified as critical has been found in code-projects Voting System XXX. Affected by this issue is some unknown functionality of the file /" @CVEnew on X 2025-07-14 07:20:51 UTC 54.9K followers, XXX engagements
"CVE-2025-41236 VMware ESXi Workstation and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.A malicious actor with local administrative pri" @CVEnew on X 2025-07-15 18:54:28 UTC 54.9K followers, XXX engagements
"CVE-2025-51652 SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php" @CVEnew on X 2025-07-14 17:16:51 UTC 54.9K followers, XXX engagements
"CVE-2025-7667 The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.1.2. This is due to missing or incorre" @CVEnew on X 2025-07-15 11:45:25 UTC 54.9K followers, XXX engagements
"CVE-2025-7628 A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the functi" @CVEnew on X 2025-07-14 18:55:01 UTC 54.9K followers, XXX engagements
"CVE-2025-47554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Re" @CVEnew on X 2025-07-16 13:55:45 UTC 54.9K followers, XXX engagements
"CVE-2025-53824 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 22:55:21 UTC 54.9K followers, XXX engagements
"CVE-2025-4369 The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the update_delay_days parameter in all versions up to and including" @CVEnew on X 2025-07-15 09:51:26 UTC 54.9K followers, XXX engagements
"CVE-2025-53840 Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2 users with access to Icinga Dependency Views" @CVEnew on X 2025-07-16 13:55:37 UTC 54.9K followers, XXX engagements
"CVE-2025-53822 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was iden" @CVEnew on X 2025-07-14 22:40:14 UTC 54.9K followers, XXX engagements
"CVE-2025-7599 A vulnerability which was classified as critical has been found in PHPGurukul Dairy Farm Shop Management System XXX. Affected by this issue is some unknown functional" @CVEnew on X 2025-07-14 11:32:24 UTC 54.9K followers, XXX engagements
"CVE-2025-52983 A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to acc" @CVEnew on X 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-50107 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12" @CVEnew on X 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-49829 Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager Self-Hosted allows authenticated attackers to" @CVEnew on X 2025-07-15 20:18:38 UTC 54.9K followers, XXX engagements
"CVE-2025-54023 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affec" @CVEnew on X 2025-07-16 10:48:50 UTC 54.9K followers, XXX engagements
"CVE-2025-7597 A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The man" @CVEnew on X 2025-07-14 11:15:14 UTC 54.9K followers, XXX engagements
"CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3.0. E" @CVEnew on X 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-7360 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient" @CVEnew on X 2025-07-15 04:52:58 UTC 54.9K followers, XXX engagements
"CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro f" @CVEnew on X 2025-07-11 13:46:28 UTC 54.9K followers, XXX engagements
"CVE-2025-50097 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4" @CVEnew on X 2025-07-15 19:44:22 UTC 54.9K followers, XXX engagements
"CVE-2025-53819 Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root) instead of the build users" @CVEnew on X 2025-07-14 20:55:16 UTC 54.9K followers, XXX engagements
"CVE-2025-53032 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vu" @CVEnew on X 2025-07-15 19:44:17 UTC 54.9K followers, XXX engagements
"CVE-2025-50104 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42 8.4.0-8.4.5 and 9.0.0-9.3" @CVEnew on X 2025-07-15 19:44:20 UTC 54.9K followers, XXX engagements
"CVE-2025-34107 A buffer overflow vulnerability exists in the WinaXe FTP Client version XXX within the FTP banner parsing functionality WCMDPA10.dll. When the client connects to a r" @CVEnew on X 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-54006 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affec" @CVEnew on X 2025-07-16 10:48:53 UTC 54.9K followers, XXX engagements
"CVE-2025-34111 An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version XXXX and earlier via the ELFinder component's default connector (conn" @CVEnew on X 2025-07-15 13:51:11 UTC 54.9K followers, XXX engagements
"CVE-2025-30753 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 an" @CVEnew on X 2025-07-15 19:44:32 UTC 54.9K followers, XXX engagements
"CVE-2025-52980 A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated netwo" @CVEnew on X 2025-07-11 15:53:35 UTC 54.9K followers, XXX engagements
"CVE-2025-7477 A vulnerability which was classified as critical has been found in code-projects Simple Car Rental System XXX. This issue affects some unknown processing of the file" @CVEnew on X 2025-07-12 14:51:43 UTC 54.9K followers, XXX engagements
"CVE-2025-40724 Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser b" @CVEnew on X 2025-07-16 10:48:57 UTC 54.9K followers, XXX engagements
"CVE-2025-53621 DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilit" @CVEnew on X 2025-07-15 15:16:08 UTC 54.9K followers, XXX engagements
"CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with" @CVEnew on X 2025-07-11 13:46:16 UTC 54.9K followers, XXX engagements
"CVE-2025-49888 Missing Authorization vulnerability in pimwick PW WooCommerce On Sale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW" @CVEnew on X 2025-07-16 19:15:34 UTC 54.9K followers, XXX engagements
"CVE-2025-52378 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is exec" @CVEnew on X 2025-07-15 14:41:02 UTC 54.9K followers, XXX engagements
"CVE-2025-28955 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce allows Path Travers" @CVEnew on X 2025-07-16 13:55:39 UTC 54.9K followers, XXX engagements
"CVE-2025-54035 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through" @CVEnew on X 2025-07-16 10:48:49 UTC 54.9K followers, XXX engagements
"CVE-2025-50819 Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the" @CVEnew on X 2025-07-15 15:37:13 UTC 54.9K followers, XXX engagements