- CVE-2025-61757 - Vulnerability in the Identity Manager product of O
- CVE-2025-61751 - Vulnerability in the Oracle Financial Services Ana
- CVE-2025-53072 - Vulnerability in the Oracle Marketing product of O
- CVE-2025-53049 - Vulnerability in the Oracle Business Intelligence
- CVE-2025-53043 - Vulnerability in the Oracle Product Hub product of
- CVE-2025-53036 - Vulnerability in the Oracle Financial Services Ana
- CVE-2025-53037 - Vulnerability in the Oracle Financial Services Ana
- CVE-2025-11757 - Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App
- CVE-2025-62518 - astral-tokio-tar Vulnerable to PAX Header Desynchronization
- CVE-2025-11534 - Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series
- CVE-2025-11151 - Information Disclosure in Beyaz Computer's CityPLus
- CVE-2025-11949 - Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication
- CVE-2025-7850 - Authenticated OS command execution
- CVE-2025-7851 - Unauthorized root access via debug functionality
- CVE-2025-6542 - OS command injection in multiple parameters
- CVE-2025-6541 - OS command injection using information obtained from the web management interface
- CVE-2018-25118 - GeoVision Command Injection RCE via /PictureCatch.cgi
- CVE-2025-9574 - Missing Authentication Vulnerability
- CVE-2025-41028 - SQL injection in Epsilon RH
- CVE-2025-9890 - Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution
- CVE-2025-11391 - PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload
- CVE-2025-62650 - RBI Restaurant Brands International Client-Side Authentication Bypass
- CVE-2025-62645 - RBI Assistant Platform Privilege Escalation Vulnerability
- CVE-2025-62515 - Remote Code Execution by Pickle Deserialization via FlightServer in pyquokka
- CVE-2025-56221 - SigningHub Authentication Bypass
- CVE-2025-55085 - Web http client: Unchecked Server-Side Malicious Packet Issue
- CVE-2023-28814 - Hikvision iSecure Center Improper File Upload Vulnerability
- CVE-2023-28815 - Hikvision iSecure Center Command Injection Vulnerability
- CVE-2025-11849 - Mammoth Directory Traversal Vulnerability
- CVE-2025-6950 - Moxa Network Security Appliances and Routers Hard-Coded Credentials JWT Forgery
- CVE-2025-6893 - Moxa Network Security Appliances and Routers Privilege Escalation Vulnerability
- CVE-2025-6949 - Moxa Network Security Appliances and Routers Privilege Escalation Vulnerability
- CVE-2025-62425 - Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
- CVE-2025-62427 - Server-Side Request Forgery (SSRF) in Angular SSR
- CVE-2025-62428 - Drawing-Captcha APP Host Header Injection in `/register` and `/confirm-email` Endpoints
- CVE-2025-11493 - Self-Update Verification Mechanism Process in ConnectWise Automate
- CVE-2025-11492 - HTTP Configuration and Encryption in Transit
- CVE-2025-9804 - Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs
- CVE-2025-9152 - Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint
- CVE-2025-58073 - Arbitrary Mattermost Team can be joined by manipulating the OAuth state
- CVE-2025-55089 - Eclipse ThreadX FileX RAM disk driver buffer overflow
- CVE-2025-10850 - Felan Framework <= 1.1.4 - Hardcoded Credentials
- CVE-2025-10706 - Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
- CVE-2025-10742 - Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change
- CVE-2025-11832 - APIs Lack Rate Limiting
- CVE-2025-10577 - Sound Research SECOMNService Escalation of Privilege
- CVE-2025-10576 - Sound Research SECOMNService Escalation of Privilege
- CVE-2025-61990 - TMM vulnerability
- CVE-2025-57780 - F5OS Vulnerability
- CVE-2025-61935 - BIG-IP Advanced WAF and ASM vulnerability
- CVE-2025-58071 - BIG-IP IPSec vulnerability
- CVE-2025-8486 - PC Manager Elevation of Privilege Vulnerability
- CVE-2025-10581 - Lenovo PC Manager DLL Hijacking Vulnerability
- CVE-2025-54854 - BigIP APM Vulnerability
- CVE-2025-54858 - BIG-IP Advanced WAF and ASM vulnerability
- CVE-2025-9967 - Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover
- CVE-2025-10294 - OwnID Passwordless Login <= 1.3.4 - Authentication Bypass
- CVE-2025-10299 - WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
- CVE-2025-10293 - Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
- CVE-2025-10041 - Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
- CVE-2025-11746 - XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion
- CVE-2025-54264 - Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
- CVE-2025-54263 - Adobe Commerce | Incorrect Authorization (CWE-863)
- CVE-2025-59291 - Confidential Azure Container Instances Elevation of Privilege Vulnerability
- CVE-2025-59292 - Azure Compute Gallery Elevation of Privilege Vulnerability
- CVE-2025-59295 - Windows URL Parsing Remote Code Execution Vulnerability
- CVE-2025-59287 - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
- CVE-2025-59249 - Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2025-59250 - JDBC Driver for SQL Server Spoofing Vulnerability
- CVE-2025-59236 - Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-59237 - Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2025-59228 - Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2025-59213 - Configuration Manager Elevation of Privilege Vulnerability
- CVE-2025-58718 - Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2025-58716 - Windows Speech Runtime Elevation of Privilege Vulnerability
- CVE-2025-58715 - Windows Speech Runtime Elevation of Privilege Vulnerability
- CVE-2025-53782 - Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2025-55315 - ASP.NET Security Feature Bypass Vulnerability
- CVE-2025-49708 - Microsoft Graphics Component Elevation of Privilege Vulnerability
- CVE-2025-11548 - ibi WebFOCUS - Unauthenticated RCE Vulnerability
- CVE-2025-62156 - argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
- CVE-2025-62157 - Argo Workflows exposes artifact repository credentials in workflow-controller logs
- CVE-2025-7329 - Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability
- CVE-2025-7328 - Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities
- CVE-2025-10610 - SQLi in SFS Winsure
- CVE-2025-20709 - Aruba WLAN AP Driver Out-of-Bounds Write Privilege Escalation Vulnerability
- CVE-2011-20002 - Siemens SIMATIC S7-1200 CPU Capture-Replay Vulnerability
- CVE-2011-20001 - Siemens SIMATIC S7-1200 Web Server Remote Denial of Service
- CVE-2025-10228 - Session Hijacking in Rolantis Information Technologies' Agentis
- CVE-2025-46581 - ZTE ZXCDN product has a Struts RCE Vulnerability
- CVE-2025-41699 - Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
- CVE-2025-59889 - Eaton IPP Software Arbitrary Code Execution Vulnerability
- CVE-2025-42937 - Directory Traversal vulnerability in SAP Print Service
- CVE-2025-42910 - Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management
- CVE-2025-9713 - Ivanti Endpoint Manager Remote Code Execution via Path Traversal
- CVE-2025-61688 - Omni leaks information via the API
- CVE-2025-11695 - Configuration may unexpectedly disable certificate validation
- CVE-2025-6919 - SQLi in Cats Informatics' Aykome
- CVE-2025-9265 - API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
- CVE-2025-8915 - Hardcoded TLS private key in Kiloview N30 firmware
Franck Ridel
