- CVE-2025-61623 - Apache OFBiz: Reflected Cross-site Scripting
- CVE-2025-59118 - Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload
- CVE-2025-64404 - Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
- CVE-2025-64405 - Apache OpenOffice: Remote documents loaded without prompt via DDE function
- CVE-2025-64406 - Apache OpenOffice: Possible memory corruption during CSV import
- CVE-2025-64402 - Apache OpenOffice: Remote documents loaded without prompt via OLE objects
- CVE-2025-64403 - Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
- CVE-2025-12732 - WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure
- CVE-2025-12903 - Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud
- CVE-2025-64401 - Apache OpenOffice: Remote documents loaded without prompt via IFrame
- CVE-2025-11962 - Stored XSS in DivvyDrive Information Technologies' Digital Corporate Warehouse
- CVE-2025-64407 - Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
- CVE-2025-13046 - ViewLead Technology|Bacteriology Laboratory Reporting System - SQL Injection
- CVE-2025-13047 - ViewLead Technology|Bacteriology Laboratory Reporting System
- CVE-2025-12633 - Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection
- CVE-2025-12869 - aEnrich|eHRD - Stored Cross-Site Scripting
- CVE-2025-12870 - aEnrich|eHRD - Authentication Abuse
- CVE-2025-12871 - aEnrich|a+HRD - Authentication Abuse
- CVE-2025-12872 - aEnrich|eHRD - Stored Cross-Site Scripting
- CVE-2025-12018 - MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting
- CVE-2025-12113 - Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion
- CVE-2025-11560 - Team Members Showcase < 3.5.0 - Reflected XSS
- CVE-2025-12901 - Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
- CVE-2025-12833 - GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
- CVE-2025-12087 - Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion
- CVE-2025-54983 - Health check port on ZCC allows tunnel bypass
- CVE-2025-40111 - drm/vmwgfx: Fix Use-after-free in validation
- CVE-2025-40110 - drm/vmwgfx: Fix a null-ptr access in the cursor snooper
- CVE-2025-43205 - Apple iOS/WatchOS/TVOS/VisonOS Memory Corruption
- CVE-2025-64531 - Substance3D - Stager | Use After Free (CWE-416)
- CVE-2025-61833 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
- CVE-2025-61834 - Substance3D - Stager | Use After Free (CWE-416)
- CVE-2025-61835 - Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)
- CVE-2025-40816 - Siemens LOGO! IP Address Manipulation Vulnerability
- CVE-2025-40817 - Siemens LOGO! Time Manipulation Remote Command Execution
- CVE-2025-41116 - Incorrect oauth passthrough in Grafana Snowflake Datasource
- CVE-2025-3717 - Incorrect oauth passthrough in Grafana Snowflake Datasource
- CVE-2025-40760 - Altair Grid Engine Password Hash Disclosure Vulnerability
- CVE-2024-32014 - Spectrum Power 4 Privilege Escalation
- CVE-2025-12748 - Libvirt: denial of service in xml parsing
- CVE-2025-61842 - Format Plugins | Use After Free (CWE-416)
- CVE-2025-61843 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-61844 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-61845 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-61830 - Adobe Pass | Incorrect Authorization (CWE-863)
- CVE-2025-61837 - Format Plugins | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-61838 - Format Plugins | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-61839 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-61840 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-61841 - Format Plugins | Out-of-bounds Read (CWE-125)
- CVE-2025-62453 - GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
- CVE-2025-62449 - Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
- CVE-2025-62219 - Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
- CVE-2025-62216 - Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-62217 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2025-62218 - Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
- CVE-2025-62209 - Windows License Manager Information Disclosure Vulnerability
- CVE-2025-62213 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2025-62214 - Visual Studio Remote Code Execution Vulnerability
- CVE-2025-62215 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2025-61831 - Illustrator | Out-of-bounds Write (CWE-787)
- CVE-2025-61820 - Illustrator | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-61815 - InDesign Desktop | Use After Free (CWE-416)
- CVE-2025-61816 - InCopy | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-61817 - InCopy | Use After Free (CWE-416)
- CVE-2025-61818 - InCopy | Use After Free (CWE-416)
- CVE-2025-61824 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-61832 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
- CVE-2025-35967 - Intel PROSet/Wireless WiFi Software Denial of Service Vulnerability
- CVE-2025-35968 - "UEFI Firmware Slim Bootloader Privilege Escalation Vulnerability"
- CVE-2025-35972 - Intel MPI Library Uncontrolled Search Path Privilege Escalation Vulnerability
- CVE-2025-61814 - InDesign Desktop | Use After Free (CWE-416)
- CVE-2025-33178 - NVIDIA NeMo Framework BERT Services Code Injection Vulnerability
- CVE-2025-33185 - NVIDIA AIStore AuthN Information Disclosure
- CVE-2025-33202 - NVIDIA Triton Inference Server Stack Overflow Denial of Service
- CVE-2025-32088 - Intel QAT Windows Denial of Service Vulnerability
- CVE-2025-32446 - Intel QuickAssist Technology Untrusted Pointer Dereference Privilege Escalation Vulnerability
- CVE-2025-32449 - Oracle PRI Driver Unquoted Search Path Privilege Escalation Vulnerability
- CVE-2025-32732 - "Intel QAT Windows Buffer Overflow Denial of Service Vulnerability"
- CVE-2025-64773 - JetBrains YouTrack Helpdesk Agent Limit Bypass
- CVE-2025-11959 - Improper Access Control in Premierturk's Excavation Management Information System
- CVE-2024-57695 - Agnitum Outpost Security Suite Code Execution Vulnerability
- CVE-2025-12101 - Cross-Site Scripting (XSS)
- CVE-2025-9227 - Stored XSS
- CVE-2025-11862 - Verve Asset Manager Access Control Vulnerability
- CVE-2025-11084 - FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass
- CVE-2025-11085 - FactoryTalk® DataMosaix™ Private Cloud – Persistent XSS
- CVE-2025-11696 - Studio 5000 ® Simulation Interface SSRF
- CVE-2025-11697 - Studio 5000 ® Simulation Interface Local Code Execution
- CVE-2025-41106 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-8324 - SQL Injection
- CVE-2025-41103 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-41104 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-41105 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-10161 - Authentication Bypass in Turkguven's Perfektive
- CVE-2025-9223 - Command Injection
- CVE-2025-41101 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-41102 - Multiple vulnerabilities in Fairsketch's RISE CRM Framework
- CVE-2025-11960 - Reflected XSS in Aryom's KVKNET
- CVE-2025-7632 - Stored XSS
Franck Ridel
