[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@CVEnew Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::821806287461740544.png) @CVEnew CVE

CVE posts on X about has been, networks, applications, javascript the most. They currently have XXXXXX followers and 5000 posts still getting attention that total XXXXX engagements in the last XX hours.

### Engagements: XXXXX [#](/creator/twitter::821806287461740544/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:interactions.svg)

- X Week XXXXXXX -XX%
- X Month XXXXXXX +2.10%
- X Months XXXXXXXXX +11%
- X Year XXXXXXXXX -XXXX%

### Mentions: XXX [#](/creator/twitter::821806287461740544/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:posts_active.svg)

- X Week XXXXX +29%
- X Month XXXXX +17%
- X Months XXXXXX +27%
- X Year XXXXXX +25%

### Followers: XXXXXX [#](/creator/twitter::821806287461740544/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:followers.svg)

- X Week XXXXXX +0.04%
- X Month XXXXXX +0.21%
- X Months XXXXXX +2.20%
- X Year XXXXXX +3.40%

### CreatorRank: XXXXXXX [#](/creator/twitter::821806287461740544/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:influencer_rank.svg)

### Social Influence [#](/creator/twitter::821806287461740544/influence)
---

**Social category influence**
[technology brands](/list/technology-brands)  XXXX% [stocks](/list/stocks)  XXXX% [social networks](/list/social-networks)  XXXX% [countries](/list/countries)  XXXX%

**Social topic influence**
[has been](/topic/has-been) #3864, [networks](/topic/networks) #532, [applications](/topic/applications) 0.16%, [javascript](/topic/javascript) #1082, [vulnerability](/topic/vulnerability) #18, [bound](/topic/bound) 0.12%, [electronics](/topic/electronics) #1362, [delta](/topic/delta) #1450, [neo](/topic/neo) 0.12%, [elements](/topic/elements) #1132

**Top accounts mentioned or mentioned by**
[@transilienceai](/creator/undefined) [@cveannounce](/creator/undefined) [@centry_agent](/creator/undefined) [@askperplexity](/creator/undefined) [@blacksnufkin42](/creator/undefined) [@vueclipl](/creator/undefined) [@opennextjscloudflare](/creator/undefined) [@cyanheadsgitmcpserver](/creator/undefined) [@strapicore](/creator/undefined) [@psytester1](/creator/undefined) [@replyaz](/creator/undefined) [@klsgitbelagavi](/creator/undefined) [@greenbacktick](/creator/undefined) [@basefortify](/creator/undefined) [@batalhao](/creator/undefined) [@cwecapec](/creator/undefined) [@vysecurity](/creator/undefined) [@threadreaderapp](/creator/undefined)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [IBM (IBM)](/topic/ibm) [Pegasystems Inc (PEGA)](/topic/$pega)
### Top Social Posts [#](/creator/twitter::821806287461740544/posts)
---
Top posts by engagements in the last XX hours

"CVE-2025-9890 The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing or incorrect nonce v"  
[X Link](https://x.com/CVEnew/status/1979470781894533150) [@CVEnew](/creator/x/CVEnew) 2025-10-18T08:53Z 55.7K followers, XXX engagements


"CVE-2025-62653 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allow"  
[X Link](https://x.com/CVEnew/status/1979319144232165506) [@CVEnew](/creator/x/CVEnew) 2025-10-17T22:50Z 55.7K followers, XXX engagements


"CVE-2020-36854 The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.19.07.14. This is due to missing authoriza"  
[X Link](https://x.com/CVEnew/status/1979395069519237582) [@CVEnew](/creator/x/CVEnew) 2025-10-18T03:52Z 55.7K followers, XXX engagements


"CVE-2025-62669 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.T"  
[X Link](https://x.com/CVEnew/status/1979409793291894950) [@CVEnew](/creator/x/CVEnew) 2025-10-18T04:50Z 55.7K followers, XXX engagements


"CVE-2025-11940 A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Ins"  
[X Link](https://x.com/CVEnew/status/1979830359043817961) [@CVEnew](/creator/x/CVEnew) 2025-10-19T08:41Z 55.7K followers, XXX engagements


"CVE-2025-60169 Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form X to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact For"  
[X Link](https://x.com/CVEnew/status/1971499176489013261) [@CVEnew](/creator/x/CVEnew) 2025-09-26T08:56Z 55.7K followers, XXX engagements


"CVE-2024-31573 XMLUnit for Java before 2.10.0 in the default configuration might allow code execution via an untrusted stylesheet (used for an XSLT transformation) because XSLT e"  
[X Link](https://x.com/CVEnew/status/1979289040663797763) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62655 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL In"  
[X Link](https://x.com/CVEnew/status/1979325098671604060) [@CVEnew](/creator/x/CVEnew) 2025-10-17T23:14Z 55.7K followers, XXX engagements


"CVE-2025-10750 The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to and including 1.2.0. This is due to missing c"  
[X Link](https://x.com/CVEnew/status/1979451666848973092) [@CVEnew](/creator/x/CVEnew) 2025-10-18T07:37Z 55.7K followers, XXX engagements


"CVE-2025-11256 The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions u"  
[X Link](https://x.com/CVEnew/status/1979451667830526229) [@CVEnew](/creator/x/CVEnew) 2025-10-18T07:37Z 55.7K followers, XXX engagements


"CVE-2025-40001 In the Linux kernel the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SAT"  
[X Link](https://x.com/CVEnew/status/1979468391640613266) [@CVEnew](/creator/x/CVEnew) 2025-10-18T08:43Z 55.7K followers, XXX engagements


"CVE-2025-5555 A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Hand"  
[X Link](https://x.com/CVEnew/status/1979468392588611897) [@CVEnew](/creator/x/CVEnew) 2025-10-18T08:43Z 55.7K followers, XXX engagements


"CVE-2025-11926 The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including XXXX due to insuffic"  
[X Link](https://x.com/CVEnew/status/1979482586557649001) [@CVEnew](/creator/x/CVEnew) 2025-10-18T09:40Z 55.7K followers, XXX engagements


"CVE-2025-47410 Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giv"  
[X Link](https://x.com/CVEnew/status/1979572765389705497) [@CVEnew](/creator/x/CVEnew) 2025-10-18T15:38Z 55.7K followers, XXX engagements


"CVE-2025-62672 rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the R"  
[X Link](https://x.com/CVEnew/status/1979743021844328454) [@CVEnew](/creator/x/CVEnew) 2025-10-19T02:54Z 55.7K followers, XXX engagements


"CVE-2025-11939 A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component"  
[X Link](https://x.com/CVEnew/status/1979830360000061718) [@CVEnew](/creator/x/CVEnew) 2025-10-19T08:41Z 55.7K followers, XXX engagements


"CVE-2025-11896 In Xpdf XXXX (and earlier) a PDF object loop in a CMap via the "UseCMap" entry leads to infinite recursion and a stack overflow"  
[X Link](https://x.com/CVEnew/status/1978954173321531588) [@CVEnew](/creator/x/CVEnew) 2025-10-16T22:40Z 55.7K followers, XXX engagements


"CVE-2025-55100 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func()"  
[X Link](https://x.com/CVEnew/status/1979063782841422025) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-55099 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_l"  
[X Link](https://x.com/CVEnew/status/1979063783822888998) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-55098 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_device_type_get()"  
[X Link](https://x.com/CVEnew/status/1979063784779198701) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-49655 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3 enabling a maliciously uploaded"  
[X Link](https://x.com/CVEnew/status/1979209220038996014) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:33Z 55.7K followers, XXX engagements


"CVE-2025-62665 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stor"  
[X Link](https://x.com/CVEnew/status/1979406116447453320) [@CVEnew](/creator/x/CVEnew) 2025-10-18T04:36Z 55.7K followers, XXX engagements


"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"  
[X Link](https://x.com/CVEnew/status/1978562084729233876) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements


"CVE-2025-55085 In NextX Duo before 6.4.4 in the HTTP client module the network support code for Eclipse Foundation ThreadX the parsing of HTTP header fields was missing bounds ve"  
[X Link](https://x.com/CVEnew/status/1979204792024207382) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements


"CVE-2025-62649 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders"  
[X Link](https://x.com/CVEnew/status/1979289055528423458) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62651 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface"  
[X Link](https://x.com/CVEnew/status/1979289057290055992) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2017-20208 The RegistrationMagic Custom Registration Forms User Registration Payment and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versio"  
[X Link](https://x.com/CVEnew/status/1979395067409481968) [@CVEnew](/creator/x/CVEnew) 2025-10-18T03:52Z 55.7K followers, XXX engagements


"CVE-2025-62670 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extensi"  
[X Link](https://x.com/CVEnew/status/1979409794227126460) [@CVEnew](/creator/x/CVEnew) 2025-10-18T04:50Z 55.7K followers, XXX engagements


"CVE-2025-40003 In the Linux kernel the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel"  
[X Link](https://x.com/CVEnew/status/1979468389660962886) [@CVEnew](/creator/x/CVEnew) 2025-10-18T08:43Z 55.7K followers, XXX engagements


"CVE-2025-11942 A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authenticatio"  
[X Link](https://x.com/CVEnew/status/1979944891334447555) [@CVEnew](/creator/x/CVEnew) 2025-10-19T16:17Z 55.7K followers, XXX engagements


"CVE-2025-11943 A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipula"  
[X Link](https://x.com/CVEnew/status/1979998661745516879) [@CVEnew](/creator/x/CVEnew) 2025-10-19T19:50Z 55.7K followers, XXX engagements


"CVE-2025-11944 A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL"  
[X Link](https://x.com/CVEnew/status/1980009414695235671) [@CVEnew](/creator/x/CVEnew) 2025-10-19T20:33Z 55.7K followers, XXX engagements


"CVE-2025-11945 A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipu"  
[X Link](https://x.com/CVEnew/status/1980019458711109702) [@CVEnew](/creator/x/CVEnew) 2025-10-19T21:13Z 55.7K followers, XXX engagements


"CVE-2025-11946 A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component"  
[X Link](https://x.com/CVEnew/status/1980028816333410504) [@CVEnew](/creator/x/CVEnew) 2025-10-19T21:50Z 55.7K followers, XXX engagements


"CVE-2025-9274 Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbit"  
[X Link](https://x.com/CVEnew/status/1962976549147124057) [@CVEnew](/creator/x/CVEnew) 2025-09-02T20:30Z 55.7K followers, XXX engagements


"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"  
[X Link](https://x.com/CVEnew/status/1970765350166794690) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements


"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"  
[X Link](https://x.com/CVEnew/status/1970765351089508559) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements


"CVE-2025-39897 In the Linux kernel the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error chec"  
[X Link](https://x.com/CVEnew/status/1973302180074471690) [@CVEnew](/creator/x/CVEnew) 2025-10-01T08:21Z 55.7K followers, XXX engagements


"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"  
[X Link](https://x.com/CVEnew/status/1973951257556537836) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements


"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"  
[X Link](https://x.com/CVEnew/status/1973951258571444548) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements


"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"  
[X Link](https://x.com/CVEnew/status/1973951259594919983) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements


"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"  
[X Link](https://x.com/CVEnew/status/1973951260601557053) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements


"CVE-2025-56382 A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbit"  
[X Link](https://x.com/CVEnew/status/1975255440075190543) [@CVEnew](/creator/x/CVEnew) 2025-10-06T17:42Z 55.7K followers, XXX engagements


"CVE-2025-60312 Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field allowing a remote attacker to inject arbit"  
[X Link](https://x.com/CVEnew/status/1975615164264169931) [@CVEnew](/creator/x/CVEnew) 2025-10-07T17:32Z 55.7K followers, XXX engagements


"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"  
[X Link](https://x.com/CVEnew/status/1976328920585863334) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328921689006461) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"  
[X Link](https://x.com/CVEnew/status/1976328922796261806) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"  
[X Link](https://x.com/CVEnew/status/1976328923811283138) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328924826395042) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328925908537552) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328926977982919) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328927963721982) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328929037386232) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328930127917096) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328931155579001) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328932157948288) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328933269479449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328934318080315) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328935265927285) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328936247468488) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328937249947852) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328938331963879) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328939267326295) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328940244566057) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328941226066043) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328942220083348) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328943293903087) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328944275362239) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328945340645614) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"  
[X Link](https://x.com/CVEnew/status/1976328946397610312) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"  
[X Link](https://x.com/CVEnew/status/1976328947454574715) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"  
[X Link](https://x.com/CVEnew/status/1976328948494827792) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"  
[X Link](https://x.com/CVEnew/status/1976328949530808449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"  
[X Link](https://x.com/CVEnew/status/1976328950541586798) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"  
[X Link](https://x.com/CVEnew/status/1976328952479350983) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"  
[X Link](https://x.com/CVEnew/status/1976328953515344256) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"  
[X Link](https://x.com/CVEnew/status/1976328954488422767) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"  
[X Link](https://x.com/CVEnew/status/1976328959618056562) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"  
[X Link](https://x.com/CVEnew/status/1976328960679240009) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"  
[X Link](https://x.com/CVEnew/status/1976328961727861041) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"  
[X Link](https://x.com/CVEnew/status/1976328963707597056) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"  
[X Link](https://x.com/CVEnew/status/1976328964663804152) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements


"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"  
[X Link](https://x.com/CVEnew/status/1978085840044577251) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements


"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"  
[X Link](https://x.com/CVEnew/status/1978102613196345737) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:16Z 55.7K followers, XXX engagements


"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"  
[X Link](https://x.com/CVEnew/status/1978123679381835852) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements


"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"  
[X Link](https://x.com/CVEnew/status/1978123683458658688) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements


"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"  
[X Link](https://x.com/CVEnew/status/1978123685056729150) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements


"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"  
[X Link](https://x.com/CVEnew/status/1978123690895122586) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements


"CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978171220806996410) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements


"CVE-2025-55337 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978171225156546768) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements


"CVE-2025-55332 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978171227207549095) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements


"CVE-2025-55330 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978171229166256179) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements


"CVE-2025-55338 Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978198284268089719) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements


"CVE-2025-55333 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"  
[X Link](https://x.com/CVEnew/status/1978198287178989937) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements


"CVE-2025-43282 A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia XXXX iOS XXXX and iPadOS XXXX watchOS XXXX tvOS XXXX visio"  
[X Link](https://x.com/CVEnew/status/1978562025178427750) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements


"CVE-2025-10575 The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injection via the 'ids' shortcode attribute parameter handled by the WPJqueryPaged::get_gallery_page_img"  
[X Link](https://x.com/CVEnew/status/1978562036482130167) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements


"CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications"  
[X Link](https://x.com/CVEnew/status/1978926540558573952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-11853 A vulnerability was determined in Sismics Teedy up to XXXX. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulati"  
[X Link](https://x.com/CVEnew/status/1978926541825270116) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-11852 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service"  
[X Link](https://x.com/CVEnew/status/1978926543003922843) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-11493 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server such as updates dependencies and integrations. This creat"  
[X Link](https://x.com/CVEnew/status/1978926544111243356) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-11492 In the ConnectWise Automate Agent communications could be configured to use HTTP instead of HTTPS. In such cases an on-path threat actor with a man-in-the-middle ne"  
[X Link](https://x.com/CVEnew/status/1978926545268776961) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62428 Drawing-Captcha APP provides interactive engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm"  
[X Link](https://x.com/CVEnew/status/1978926546363597018) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-34253 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when"  
[X Link](https://x.com/CVEnew/status/1978926547433107621) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-34255 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Forgot Password' endpoint returns dis"  
[X Link](https://x.com/CVEnew/status/1978926548586496385) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-34254 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Login' endpoint returns distinct JSON"  
[X Link](https://x.com/CVEnew/status/1978926549740007797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62427 The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution me"  
[X Link](https://x.com/CVEnew/status/1978926550729801771) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62425 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers written and maintained by Element. A logic flaw in matrix-"  
[X Link](https://x.com/CVEnew/status/1978926551732203868) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62423 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier a Blind SQL injection vulnerability exists in the Admin Areas /admin_"  
[X Link](https://x.com/CVEnew/status/1978926552722100546) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"  
[X Link](https://x.com/CVEnew/status/1978926553745498523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"  
[X Link](https://x.com/CVEnew/status/1978926554802495772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62414 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the Create New Customer feature (in the admin panel) is vulnerable to Cross-Site Scripting"  
[X Link](https://x.com/CVEnew/status/1978926555783959017) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being proces"  
[X Link](https://x.com/CVEnew/status/1978926556840878099) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62417 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example = + - or @) is accepted and l"  
[X Link](https://x.com/CVEnew/status/1978926557885321681) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-62413 MQTTX is an MQTT XXX desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT"  
[X Link](https://x.com/CVEnew/status/1978926558929687002) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements


"CVE-2025-34517 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an absolute path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitr"  
[X Link](https://x.com/CVEnew/status/1978926560095752293) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34514 Ilevia EVE X1 Server firmware versions 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exe"  
[X Link](https://x.com/CVEnew/status/1978926561177850368) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34519 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function w"  
[X Link](https://x.com/CVEnew/status/1978926562201235484) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34512 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attack"  
[X Link](https://x.com/CVEnew/status/1978926563199496459) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34518 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a relative path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitra"  
[X Link](https://x.com/CVEnew/status/1978926564239634611) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34515 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.shthat allows an attacker to es"  
[X Link](https://x.com/CVEnew/status/1978926565246259542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62412 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized and can be used"  
[X Link](https://x.com/CVEnew/status/1978926566324220207) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34513 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.phpthat allows an unauthenticated attacke"  
[X Link](https://x.com/CVEnew/status/1978926567339233587) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34516 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a use of default credentials vulnerabilitythat allows an unauthenticated attacker to obtain remote acc"  
[X Link](https://x.com/CVEnew/status/1978926568333283592) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62411 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Tran"  
[X Link](https://x.com/CVEnew/status/1978926569335706057) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62409 Envoy is a cloud-native open source edge and service proxy. Prior to 1.36.1 1.35.5 1.34.9 and 1.33.10 large requests and responses can potentially trigger TCP co"  
[X Link](https://x.com/CVEnew/status/1978926570333945971) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62407 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0 an open redirect was possible through the redirect argument on the login page if a s"  
[X Link](https://x.com/CVEnew/status/1978926571315405154) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the Target PayPal merchant account hij"  
[X Link](https://x.com/CVEnew/status/1978926572305260888) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the backoffice is missing validation o"  
[X Link](https://x.com/CVEnew/status/1978926573358100620) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 missing validation on the Express Chec"  
[X Link](https://x.com/CVEnew/status/1978926574339530840) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61909 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 the safe-reload script (also used during systemctl reload icinga2) an"  
[X Link](https://x.com/CVEnew/status/1978926575342047686) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62586 OPEXUS FOIAXpress allows a remote unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0"  
[X Link](https://x.com/CVEnew/status/1978926576340242661) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61908 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 when creating an invalid reference such as a reference to null dere"  
[X Link](https://x.com/CVEnew/status/1978926577372078553) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61907 Icinga X is an open source monitoring system. In Icinga X versions XXX through 2.15.0 filter expressions provided to the various /v1/objects endpoints could access v"  
[X Link](https://x.com/CVEnew/status/1978926578412195863) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61789 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3 an authorized user with access to Icinga DB Web can use a custom variable"  
[X Link](https://x.com/CVEnew/status/1978926579427221772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-36128 IBM MQ XXX XXX XXX XXX LTS and XXX XXX CD is vulnerable to a denial of service caused by improper enforcement of the timeout on individual read operations. By co"  
[X Link](https://x.com/CVEnew/status/1978926580433850378) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58051 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6 0.8.8 and 0.9.5 when importing a table a user was able to specify files"  
[X Link](https://x.com/CVEnew/status/1978926581448847582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-53092 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. B"  
[X Link](https://x.com/CVEnew/status/1978926582438695069) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hash"  
[X Link](https://x.com/CVEnew/status/1978926583411851569) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2024-56143 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2 the lookup operator provided by the document service does not pro"  
[X Link](https://x.com/CVEnew/status/1978926584380694654) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11851 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument"  
[X Link](https://x.com/CVEnew/status/1978926585374728495) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62496 A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessivel"  
[X Link](https://x.com/CVEnew/status/1978926586456904040) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62495 An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. *"  
[X Link](https://x.com/CVEnew/status/1978926587446763849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62494 A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand ope"  
[X Link](https://x.com/CVEnew/status/1978926588411380091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62493 A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits"  
[X Link](https://x.com/CVEnew/status/1978926589355114750) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62492 A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negati"  
[X Link](https://x.com/CVEnew/status/1978926590336585849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62491 A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts-rejected_"  
[X Link](https://x.com/CVEnew/status/1978926591523635471) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62490 In quickjs in js_print_object when printing an array the function first fetches the array length and then loops over it.The issue is printing a value is not side"  
[X Link](https://x.com/CVEnew/status/1978926592517685500) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11842 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulat"  
[X Link](https://x.com/CVEnew/status/1978926593583071507) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11840 A weakness has been identified in GNU Binutils XXXX. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bound"  
[X Link](https://x.com/CVEnew/status/1978926594736447934) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dat"  
[X Link](https://x.com/CVEnew/status/1978926595654967412) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-55035 Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from acces"  
[X Link](https://x.com/CVEnew/status/1978926596665810945) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-36002 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5 and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5 and 6.2.1.0 stores user credentials in configu"  
[X Link](https://x.com/CVEnew/status/1978926597806629065) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41254 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions"  
[X Link](https://x.com/CVEnew/status/1978926598775570866) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An"  
[X Link](https://x.com/CVEnew/status/1978926599794770226) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11839 A security flaw has been discovered in GNU Binutils XXXX. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked retur"  
[X Link](https://x.com/CVEnew/status/1978926600776192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-46752 A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5 11.5.1 11.4.6 11.4.5 allows attacker to information disclosure via re"  
[X Link](https://x.com/CVEnew/status/1978926601757679865) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-53950 An Exposure of Private Personal Information ('Privacy Violation') vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5"  
[X Link](https://x.com/CVEnew/status/1978926602726547706) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-53951 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows"  
[X Link](https://x.com/CVEnew/status/1978926603817115864) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54658 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11"  
[X Link](https://x.com/CVEnew/status/1978926605033476302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-9152 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Cl"  
[X Link](https://x.com/CVEnew/status/1978926606052667453) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-9804 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System"  
[X Link](https://x.com/CVEnew/status/1978926606971203627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-9955 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services relate"  
[X Link](https://x.com/CVEnew/status/1978926607952699739) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10611 Due to an insufficient access control implementation in multiple WSO2 Products authentication and authorization checks for certain REST APIs can be bypassed allowin"  
[X Link](https://x.com/CVEnew/status/1978926608938381383) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-3930 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation the JWT is not invalidated which allows an attacker who has stolen or inter"  
[X Link](https://x.com/CVEnew/status/1978926609940799941) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58426 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key which allows an attacker to create malicious AppSuite applications"  
[X Link](https://x.com/CVEnew/status/1978926610918076755) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58079 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications"  
[X Link](https://x.com/CVEnew/status/1978926611845013797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-55072 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"  
[X Link](https://x.com/CVEnew/status/1978926612809703502) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54859 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"  
[X Link](https://x.com/CVEnew/status/1978926613786968357) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54760 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"  
[X Link](https://x.com/CVEnew/status/1978926614768476572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-52583 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a users web browser"  
[X Link](https://x.com/CVEnew/status/1978926615699554498) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-24833 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"  
[X Link](https://x.com/CVEnew/status/1978926616618090988) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-6338 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt"  
[X Link](https://x.com/CVEnew/status/1978926617603850695) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58115 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited an arbitrary script may be executed on the web browser of the user who is"  
[X Link](https://x.com/CVEnew/status/1978926618555900251) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54461 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited an uninvited guest user may register itself"  
[X Link](https://x.com/CVEnew/status/1978926619533148271) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-53858 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited an arbitrary script may be executed on the web browser of the user who is accessin"  
[X Link](https://x.com/CVEnew/status/1978926620464369839) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58073 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"  
[X Link](https://x.com/CVEnew/status/1978926621441642682) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-61581 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all ver"  
[X Link](https://x.com/CVEnew/status/1978926622406213967) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41410 Mattermost versions 10.10.x = 10.10.2 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to c"  
[X Link](https://x.com/CVEnew/status/1978926623341588746) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-0277 HCL BigFix Mobile XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing"  
[X Link](https://x.com/CVEnew/status/1978926624318910882) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to an"  
[X Link](https://x.com/CVEnew/status/1978926625258353003) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-0276 HCL BigFix Modern Client Management (MCM) XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could tri"  
[X Link](https://x.com/CVEnew/status/1978926626206335454) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10545 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add"  
[X Link](https://x.com/CVEnew/status/1978926627137507674) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-58075 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"  
[X Link](https://x.com/CVEnew/status/1978926628081107079) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-54499 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timi"  
[X Link](https://x.com/CVEnew/status/1978926628974510477) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41443 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users"  
[X Link](https://x.com/CVEnew/status/1978926629960192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41021 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0 consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request usi"  
[X Link](https://x.com/CVEnew/status/1978926630878790136) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers thr"  
[X Link](https://x.com/CVEnew/status/1978926631818231871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41019 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve create update and delete databases through the 'id' parameter in '/ind"  
[X Link](https://x.com/CVEnew/status/1978926633126912410) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-55091 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ip_packet_receive() funct"  
[X Link](https://x.com/CVEnew/status/1978926634087375273) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-41018 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve create update and delete databases through the 'cat' parameter in '/publ"  
[X Link](https://x.com/CVEnew/status/1978926635018543157) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62585 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment"  
[X Link](https://x.com/CVEnew/status/1978926635987431871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62584 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment"  
[X Link](https://x.com/CVEnew/status/1978926636922782184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62583 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment"  
[X Link](https://x.com/CVEnew/status/1978926638030037472) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10849 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function"  
[X Link](https://x.com/CVEnew/status/1978926638969594302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to and including 1.1.4. This is due to the hardcoded password in th"  
[X Link](https://x.com/CVEnew/status/1978926639942648200) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10742 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to and including 1.8.6. This is due to the plugin providing"  
[X Link](https://x.com/CVEnew/status/1978926640894808281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements


"CVE-2025-10706 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' functi"  
[X Link](https://x.com/CVEnew/status/1978932548286976151) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-55090 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ipv4_packet_receive() fun"  
[X Link](https://x.com/CVEnew/status/1978932549377495208) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-55089 In FileX before 6.4.2 the file support module for Eclipse Foundation ThreadX there was a possible buffer overflow in the FileX RAM disk driver. It could cause a rem"  
[X Link](https://x.com/CVEnew/status/1978932550379933952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-55084 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions"  
[X Link](https://x.com/CVEnew/status/1978932551688544582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-58778 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual and enabled in the initial configurat"  
[X Link](https://x.com/CVEnew/status/1978932552686801152) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-0275 HCL BigFix Mobile XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions potentially allowing access"  
[X Link](https://x.com/CVEnew/status/1978932553861218528) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-0274 HCL BigFix Modern Client Management (MCM) XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions pot"  
[X Link](https://x.com/CVEnew/status/1978932554855219232) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-11814 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input"  
[X Link](https://x.com/CVEnew/status/1978932555866083768) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-10700 The Ally Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.8.0. This is due to"  
[X Link](https://x.com/CVEnew/status/1978932556994351254) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-62580 ASDA-Soft Stack-based Buffer Overflow Vulnerability"  
[X Link](https://x.com/CVEnew/status/1978932558252642760) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-62579 ASDA-Soft Stack-based Buffer Overflow Vulnerability"  
[X Link](https://x.com/CVEnew/status/1978932559137640744) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-11683 YAML::Syck versions before XXXX for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators i"  
[X Link](https://x.com/CVEnew/status/1978932560177828097) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-22381 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality allowing an attacker to reset a user's password"  
[X Link](https://x.com/CVEnew/status/1978932561356427505) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-56699 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version XXX allows an unauthenticated user to execute arbitrary"  
[X Link](https://x.com/CVEnew/status/1978932562409197853) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-56700 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version XXX allows a low level priviliged user that has access"  
[X Link](https://x.com/CVEnew/status/1978932563424260420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60358 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations"  
[X Link](https://x.com/CVEnew/status/1978932564409880835) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60639 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26)"  
[X Link](https://x.com/CVEnew/status/1978932565429080111) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60641 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST'mexcel')) where $_POST'mexcel' is user-controll"  
[X Link](https://x.com/CVEnew/status/1978932566481867145) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60855 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images r"  
[X Link](https://x.com/CVEnew/status/1978932567446557130) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61330 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems fro"  
[X Link](https://x.com/CVEnew/status/1978932568704823447) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61514 An arbitrary file upload vulnerability in SageMath Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file"  
[X Link](https://x.com/CVEnew/status/1978932569862476001) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61536 FelixRiddle dev-jobs-handlebars XXX uses absolute password-reset (magic) links using the untrusted header and forces the http:// scheme. An attac"  
[X Link](https://x.com/CVEnew/status/1978932571070513218) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61539 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php"  
[X Link](https://x.com/CVEnew/status/1978932572215480562) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61540 SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php"  
[X Link](https://x.com/CVEnew/status/1978932573226307722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61541 Webmin XXXXX is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTT"  
[X Link](https://x.com/CVEnew/status/1978932574350393431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61543 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $_SERVER'HTTP_HOST' directly to construct"  
[X Link](https://x.com/CVEnew/status/1978932575554146697) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61553 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a"  
[X Link](https://x.com/CVEnew/status/1978932576548221184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-61554 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial"  
[X Link](https://x.com/CVEnew/status/1978932577668076013) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37141 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"  
[X Link](https://x.com/CVEnew/status/1978932578834096610) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37140 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"  
[X Link](https://x.com/CVEnew/status/1978932579773616473) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render"  
[X Link](https://x.com/CVEnew/status/1978932580889301432) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37138 An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. E"  
[X Link](https://x.com/CVEnew/status/1978932582273421629) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37137 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"  
[X Link](https://x.com/CVEnew/status/1978932583292637450) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37136 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"  
[X Link](https://x.com/CVEnew/status/1978932584458653732) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37135 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"  
[X Link](https://x.com/CVEnew/status/1978932585410805982) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37134 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"  
[X Link](https://x.com/CVEnew/status/1978932586492875073) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-8430 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuratio"  
[X Link](https://x.com/CVEnew/status/1978932587721822431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37133 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"  
[X Link](https://x.com/CVEnew/status/1978932588799758438) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37132 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Su"  
[X Link](https://x.com/CVEnew/status/1978932589777031523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-11548 A remote unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated R"  
[X Link](https://x.com/CVEnew/status/1978932590892716206) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS XX could allow an unauthenticated remote attacker to conduct a denial of service attack. Su"  
[X Link](https://x.com/CVEnew/status/1978932591991624075) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only"  
[X Link](https://x.com/CVEnew/status/1978932593103094020) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote co"  
[X Link](https://x.com/CVEnew/status/1978932594235576379) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to th"  
[X Link](https://x.com/CVEnew/status/1978932595162595572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-37149 A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware"  
[X Link](https://x.com/CVEnew/status/1978932596110397665) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-11577 Clevos UEFI firmware update packages including B10717.exe inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. T"  
[X Link](https://x.com/CVEnew/status/1978932596978716917) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-54973 A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through"  
[X Link](https://x.com/CVEnew/status/1978932598065041783) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2023-46718 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 thro"  
[X Link](https://x.com/CVEnew/status/1978932599017107932) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2024-50571 A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1 7.4.0 through 7.4.5 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6.4.0 through 6.4.15 6.2.0 thr"  
[X Link](https://x.com/CVEnew/status/1978932599977545915) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-31366 An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 in FortiOS 7.6.0 through 7.6.3 7.4.0 through 7.4.7 XXX all versions XXX all v"  
[X Link](https://x.com/CVEnew/status/1978932601235857584) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-22258 A heap-based buffer overflow in Fortinet FortiSRA 1.5.0 1.4.0 through 1.4.2 FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1"  
[X Link](https://x.com/CVEnew/status/1978932602225725627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-25253 An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below version 7.4.8 and below XXX all versions 7.0"  
[X Link](https://x.com/CVEnew/status/1978932603328827420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-57740 An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below version 7.4.7 and below version 7.2.10 and below XXX all versions XXX all"  
[X Link](https://x.com/CVEnew/status/1978932604402569281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-47890 An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2 7.4.0 through 7.4.8 XXX all versions XXX all versions XXX all versio"  
[X Link](https://x.com/CVEnew/status/1978932605530837305) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-57741 An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may all"  
[X Link](https://x.com/CVEnew/status/1978932606671687885) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1.0.0 through 1.0.3 FortiSwitchManager 7.2.0"  
[X Link](https://x.com/CVEnew/status/1978932607888036033) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2.5 through 7.2.10 7.0.0 through 7.0.15 XXX all v"  
[X Link](https://x.com/CVEnew/status/1978932609028886955) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-58324 An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSIEM 7.2.0 through 7.2.2 XXX all versions XXX all versions XXX all ve"  
[X Link](https://x.com/CVEnew/status/1978932610031325630) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-58903 An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null P"  
[X Link](https://x.com/CVEnew/status/1978932611046347193) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2024-48891 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1 7.5.0 through 7"  
[X Link](https://x.com/CVEnew/status/1978932612183056467) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1 the energy dashboard is vuln"  
[X Link](https://x.com/CVEnew/status/1978932613105750140) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users"  
[X Link](https://x.com/CVEnew/status/1978932614057857343) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-57563 A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files"  
[X Link](https://x.com/CVEnew/status/1978932615093850355) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-57618 A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability it is"  
[X Link](https://x.com/CVEnew/status/1978932616037638542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET"  
[X Link](https://x.com/CVEnew/status/1978932616985481551) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration"  
[X Link](https://x.com/CVEnew/status/1978932618126332192) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplyi"  
[X Link](https://x.com/CVEnew/status/1978932619074273722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of"  
[X Link](https://x.com/CVEnew/status/1978932620181537160) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF)"  
[X Link](https://x.com/CVEnew/status/1978932621133648302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements


"CVE-2025-62504 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2 1.35.6 1.34.10 and 1.33.12 contain a use-after-free vulnerability in the Lua fil"  
[X Link](https://x.com/CVEnew/status/1978938148857221173) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements


"CVE-2025-62506 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z a privilege escalation vulnerability allows service accounts"  
[X Link](https://x.com/CVEnew/status/1978938150061064545) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements


"CVE-2025-11864 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component"  
[X Link](https://x.com/CVEnew/status/1978938151059230861) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements


"CVE-2025-11900 The iSherlock developed by HGiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them"  
[X Link](https://x.com/CVEnew/status/1979045627360370824) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-11899 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability allowing unauthenticated remote attackers to exploit the fixed key to genera"  
[X Link](https://x.com/CVEnew/status/1979045628366983601) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-11898 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability allowing unauthenticated remote attackers to exploit Relative Path Traversal to download"  
[X Link](https://x.com/CVEnew/status/1979045629214277753) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign"  
[X Link](https://x.com/CVEnew/status/1979045630061482207) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-6949 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API a"  
[X Link](https://x.com/CVEnew/status/1979045630887837755) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-6894 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of t"  
[X Link](https://x.com/CVEnew/status/1979045631739203934) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-6893 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been i"  
[X Link](https://x.com/CVEnew/status/1979045632603205942) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-6892 An Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauth"  
[X Link](https://x.com/CVEnew/status/1979045633437897141) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements


"CVE-2025-55097 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_"  
[X Link](https://x.com/CVEnew/status/1979063785785852044) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-55096 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get"  
[X Link](https://x.com/CVEnew/status/1979063786641506327) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-55094 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_icmpv6_validate_options("  
[X Link](https://x.com/CVEnew/status/1979063787593637904) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements


"CVE-2025-55087 In NextX Duo's snmp addon versions before 6.4.4 a part of the Eclipse Foundation ThreadX an attacker could cause an out-of-bound read by a crafted SNMPv3 security p"  
[X Link](https://x.com/CVEnew/status/1979087859127849402) [@CVEnew](/creator/x/CVEnew) 2025-10-17T07:31Z 55.7K followers, XXX engagements


"CVE-2023-28815 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation resulting in a command injection vulnerability. Attackers may exploit t"  
[X Link](https://x.com/CVEnew/status/1979147277211181491) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements


"CVE-2023-28814 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded attac"  
[X Link](https://x.com/CVEnew/status/1979147278167478627) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements


"CVE-2025-48087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stor"  
[X Link](https://x.com/CVEnew/status/1979198254953959750) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-11903 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of th"  
[X Link](https://x.com/CVEnew/status/1979198255948009709) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-11902 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Perform"  
[X Link](https://x.com/CVEnew/status/1979198256967291176) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-48044 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex an"  
[X Link](https://x.com/CVEnew/status/1979198257915183159) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-60359 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new"  
[X Link](https://x.com/CVEnew/status/1979198258867245122) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-60360 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init"  
[X Link](https://x.com/CVEnew/status/1979198259769020584) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements


"CVE-2025-11904 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument I"  
[X Link](https://x.com/CVEnew/status/1979204791030149289) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements


"CVE-2025-62515 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior the FlightServer class directly uses pickle.loads() to deserialize ac"  
[X Link](https://x.com/CVEnew/status/1979289008208220293) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11914 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.doActi"  
[X Link](https://x.com/CVEnew/status/1979289009365942428) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62508 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the st"  
[X Link](https://x.com/CVEnew/status/1979289010670350624) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11913 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do"  
[X Link](https://x.com/CVEnew/status/1979289012071243981) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11912 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.doAction=Query. This manipulatio"  
[X Link](https://x.com/CVEnew/status/1979289013153407183) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11925 Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.Thi"  
[X Link](https://x.com/CVEnew/status/1979289014109663233) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-62511 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version XXX contains a Time-of-Check to Time-of-Use (TOCTO"  
[X Link](https://x.com/CVEnew/status/1979289015078490164) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11911 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.doAction=Query. The mani"  
[X Link](https://x.com/CVEnew/status/1979289016240370039) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-11910 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.doAction=Q"  
[X Link](https://x.com/CVEnew/status/1979289017234420220) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements


"CVE-2025-34282 ThingsBoard versions 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a mali"  
[X Link](https://x.com/CVEnew/status/1979289018299756989) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements