- CVE-2025-14607 - OFFIS DCMTK Remote Memory Corruption Vulnerability
- CVE-2025-14606 - "Tiny RDM Pickle Decoding Remote Deserialization Vulnerability"
- CVE-2025-14590 - Code-projects Prison Management System SQL Injection Vulnerability
- CVE-2025-14589 - "Code-Projects Prison Management System SQL Injection Vulnerability"
- CVE-2025-36753 - Growatt ShineLan-X Debug Interface Information Disclosure
- CVE-2025-8199 - WordPress MarqueeAddons Stored Cross-Site Scripting Vulnerability
- CVE-2025-9856 - WordPress Popup Builder Stored Cross-Site Scripting Vulnerability
- CVE-2025-14542 - Apache HTTP Server JSON Manual Injection Vulnerability
- CVE-2025-7960 - King Addons for Elementor Stored Cross-Site Scripting Vulnerability
- CVE-2025-36751 - Growatt ShineLan-X and MIC 3300TL-X Unencrypted Configuration Interface Vulnerability
- CVE-2025-8687 - WordPress Enter Addons Stored Cross-Site Scripting Vulnerability
- CVE-2025-14588 - iSourcecode Student Management System SQL Injection Vulnerability
- CVE-2025-36754 - Apache Device Authentication Bypass
- CVE-2025-8195 - JetWidgets For Elementor Stored Cross-Site Scripting Vulnerability
- CVE-2025-36752 - Growatt ShineLan-X Communication Dongle Backdoor Vulnerability
- CVE-2025-8780 - Livemesh SiteOrigin Widgets WordPress Stored Cross-Site Scripting Vulnerability
- CVE-2025-0969 - Brizy – WordPress Page Builder Sensitive Information Exposure Vulnerability
- CVE-2025-36750 - ShineLan-X Stored Cross Site Scripting (XSS)
- CVE-2025-14587 - iSourcecode Online Pet Shop Management System SQL Injection Vulnerability
- CVE-2025-36747 - ShineLan-X FTP Server Credentials Disclosure
- CVE-2025-36748 - ShineLan-X Stored XSS Vulnerability
- CVE-2025-10738 - WordPress URL Shortener Plugin SQL Injection Vulnerability
- CVE-2025-8779 - Elementor WidgetKit Stored Cross-Site Scripting
- CVE-2025-9207 - "TI WooCommerce Wishlist HTML Injection Vulnerability"
- CVE-2025-9116 - WordPress WPS Visitor Counter Plugin Reflected Cross-Site Scripting
- CVE-2025-10289 - WordPress Filter & Grids Plugin SQL Injection Vulnerability
- CVE-2025-14586 - TOTOLINK X5000R OS Command Injection Vulnerability
- CVE-2025-11970 - "Emplibot WordPress SSRF"
- CVE-2025-11164 - Mavix Education WordPress Unauthorized Data Modification Vulnerability
- CVE-2025-14446 - WordPress Easy Notify Lite Popup Builder Unauthenticated Data Modification Vulnerability
- CVE-2025-9488 - WordPress Redux Framework Stored Cross-Site Scripting Vulnerability
- CVE-2025-13705 - WordPress Custom Frames Stored Cross-Site Scripting
- CVE-2025-9218 - rtMedia Godam Plugin Information Disclosure Vulnerability
- CVE-2025-8617 - YITH WooCommerce Quick View Stored Cross-Site Scripting Vulnerability
- CVE-2025-14394 - WordPress Popover Windows Cross-Site Request Forgery (CSRF)
- CVE-2025-11707 - WordPress Login Lockdown & Protection IP Block Bypass
- CVE-2025-14366 - WooCommerce Eyewear Prescription Form Missing Authorization
- CVE-2025-7058 - Kingcabs WordPress Stored Cross-Site Scripting Vulnerability
- CVE-2025-12077 - WordPress WP to LinkedIn Auto Publish Plugin Reflected Cross-Site Scripting
- CVE-2025-14378 - WordPress Quick Testimonials Stored Cross-Site Scripting Vulnerability
- CVE-2025-14367 - WordPress Easy Theme Options Missing Authorization Vulnerability
- CVE-2025-9873 - WordPress a3 Lazy Load Stored Cross-Site Scripting Vulnerability
- CVE-2025-11376 - Colibri Page Builder Stored Cross-Site Scripting
- CVE-2025-13089 - WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection
- CVE-2025-14050 - Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import
- CVE-2025-14454 - Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion
- CVE-2025-14278 - HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
- CVE-2025-12512 - GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata
- CVE-2025-14056 - Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter
- CVE-2025-14477 - 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter
- CVE-2025-14581 - HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply
- CVE-2025-13403 - Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification
- CVE-2025-67721 - Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
- CVE-2025-67749 - PCSX2 has an Out-of-bounds Read due to unchecked offset and size passed to memcpy
- CVE-2025-14585 - itsourcecode COVID Tracking System page sql injection
- CVE-2025-14066 - CVE-2020-0601: Adobe Flash Player Use-After-Free
- CVE-2025-14584 - itsourcecode COVID Tracking System Admin Login login.php sql injection
- CVE-2025-14583 - campcodes Online Student Enrollment System register.php unrestricted upload
- CVE-2025-14582 - campcodes Online Student Enrollment System index.php unrestricted upload
- CVE-2025-46289 - Apple macOS Protected User Data Access Vulnerability
- CVE-2025-46287 - Apple FaceTime Spoofing Vulnerability
- CVE-2025-43522 - Intel-based Mac macOS Downgrade Code Signing Data Access
- CVE-2025-43530 - "Apple macOS App Sensitive Data Access Vulnerability"
- CVE-2025-43523 - Apple macOS Sequoia Data Access Vulnerability
- CVE-2025-43527 - "macOS Sequoia Privilege Escalation"
- CVE-2025-43532 - Apple macOS Memory Corruption Vulnerability
- CVE-2025-43538 - Apple macOS Sonoma Logging Information Disclosure
- CVE-2025-43539 - Apple macOS Processing File Memory Corruption Vulnerability
- CVE-2025-43542 - Apple FaceTime Password Disclosure Vulnerability
- CVE-2025-46276 - Apple macOS App Sensitive User Data Disclosure
- CVE-2025-46285 - "macOS Timestamp Overflow Privilege Escalation"
- CVE-2025-43511 - Apple iOS Use-After-Free Vulnerability
- CVE-2025-43516 - Apple Voice Control Session Management Authentication Bypass
- CVE-2025-43513 - "Apple macOS Location Permissions Denial of Service"
- CVE-2025-43517 - Apple macOS Private Data Exposure
- CVE-2025-43518 - "Apple macOS Spellcheck API File Access Vulnerability"
- CVE-2025-43519 - Apple macOS User Data Access Vulnerability
- CVE-2025-43520 - Apple WatchOS Memory Corruption Vulnerability
- CVE-2025-43521 - Intel-based Mac macOS Sequoia Code-Signing Downgrade Vulnerability
- CVE-2025-43512 - "Apple macOS Privilege Escalation Vulnerability"
- CVE-2025-11266 - Grassroots DICOM (GDCM) Out-of-bounds Write
- CVE-2025-67634 - Software Acquisition Guide Supplier Response Web Tool XSS
- CVE-2025-14580 - Qualitor viewDocumento.php cross site scripting
- CVE-2025-67734 - Frappe Authenticated Users can Execute JavaScript through its Job Form
- CVE-2025-14578 - itsourcecode Student Management System update_account.php sql injection
- CVE-2025-14174 - Google Chrome ANGLE Out-of-Bounds Memory Access Vulnerability
- CVE-2025-14372 - Google Chrome Password Manager Use After Free Vulnerability
- CVE-2025-67750 - Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
- CVE-2025-8082 - Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'
- CVE-2025-14571 - projectworlds Advanced Library Management System borrow_book.php sql injection
- CVE-2025-14570 - projectworlds Advanced Library Management System view_admin.php sql injection
- CVE-2025-40345 - usb: storage: sddr55: Reject out-of-bound new_pba
- CVE-2025-14569 - ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free
- CVE-2025-14568 - haxxorsid Stock-Management-System User.php sql injection
- CVE-2025-67819 - Weaviate File Path Traversal
- CVE-2025-64011 - Nextcloud Server IDOR
- CVE-2025-67342 - RuoYi Stored XSS Vulnerability
- CVE-2025-67818 - Weaviate Path Traversal File Write
- CVE-2023-29144 - Malwarebytes Linux Signature Validation Bypass
- CVE-2025-67344 - jshERP Stored XSS Vulnerability
Franck Ridel
