- CVE-2025-13633 - Google Chrome Use After Free in Digital Credentials
- CVE-2025-13631 - Google Chrome Mac Privilege Escalation Vulnerability
- CVE-2025-13630 - Google Chrome V8 Type Confusion Heap Corruption
- CVE-2025-34352 - JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory
- CVE-2025-12465 - Blind SQL Injection in QuickCMS
- CVE-2025-41742 - Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components
- CVE-2025-41744 - Sprecher Automation: SPRECON-E series has static default key material for TLS connections
- CVE-2025-12529 - Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion
- CVE-2024-45675 - IBM Informix Dynamic Server Authentication Bypass
- CVE-2025-34297 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
- CVE-2025-63534 - Blood Bank Management System XSS
- CVE-2025-63535 - "Blood Bank Management System SQL Injection Vulnerability"
- CVE-2025-63532 - Apache Blood Bank Management System SQL Injection
- CVE-2025-63533 - Blood Bank Management System XSS
- CVE-2024-39148 - KerOS wmp-agent Remote Command Execution
- CVE-2025-63525 - Blood Bank Management System Privilege Escalation Vulnerability
- CVE-2025-63526 - Blood Bank Management System XSS
- CVE-2025-64772 - INZONE Hub DLL Search Path Code Execution Vulnerability
- CVE-2025-66223 - OpenObserve's Invite Token Lifecycle Misconfiguration
- CVE-2025-66216 - AIS-catcher has a Buffer Overflow vulnerability in `AIS::Message` leading to DoS/RCE
- CVE-2025-66217 - AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
- CVE-2025-65112 - PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing
- CVE-2025-58310 - Apache Distributed Component Permission Control Bypass
- CVE-2025-58303 - Adobe Screen Recorder Use-After-Free Vulnerability
- CVE-2025-64314 - Cisco Memory Management Permission Control Vulnerability
- CVE-2025-66359 - Logpoint Cross-Site Scripting Vulnerability
- CVE-2025-34351 - Anyscale Ray v2.52.0 Token Authentication Disabled by Default Insecure Configuration
- CVE-2024-5539 - ALC WebCTRL Carrier i-Vu Access Control Bypass
- CVE-2025-0657 - ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range
- CVE-2025-0658 - Automated Logic and Carrier Zone Controllers malformed packets denial of service
- CVE-2019-25227 - Tellion HN-2204AP Unauthenticated Configuration Disclosure
- CVE-2020-36871 - ESCAM QD-900 Unauthenticated Configuration Disclosure
- CVE-2019-25226 - Dongyoung Media DM-AP240T/W Unauthenticated Configuration Disclosure
- CVE-2020-36872 - BACnet Test Server 1.01 Malformed BVLC Length DoS
- CVE-2020-36873 - Astak CM-818T3 Unauthenticated Configuration Disclosure
- CVE-2020-36874 - ACE SECURITY WIP-90113 Unauthenticated Configuration Disclosure
- CVE-2025-62354 - Cisco Cursor Command Injection Vulnerability
- CVE-2025-64983 - Ring Video Doorbell Debug Code Remote Code Execution
- CVE-2025-66021 - OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
- CVE-2025-66266 - Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation
- CVE-2025-66259 - Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters
- CVE-2025-66261 - Unauthenticated OS Command Injection (restore_settings.php)
- CVE-2025-66262 - Arbitrary File Overwrite via Tar Extraction Path Traversal
- CVE-2025-66263 - Unauthenticated Arbitrary File Read via Null Byte Injection
- CVE-2025-62703 - Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
- CVE-2025-9624 - OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS
- CVE-2025-65965 - Grype has a credential disclosure vulnerability in Grype JSON output
- CVE-2025-66016 - CGGMP24 is missing a check in the ZK proof used in CGGMP21
- CVE-2025-66017 - CGGMP21 presignatures can be used in the way that significantly reduces security
- CVE-2025-34350 - UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
- CVE-2025-65084 - Out-of-bounds Write in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
- CVE-2025-65085 - Heap-based Buffer Overflow in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
- CVE-2025-33188 - NVIDIA DGX Spark Hardware Control Manipulation Vulnerability
- CVE-2025-13483 - Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)
- CVE-2025-33187 - NVIDIA DGX Spark GB10 SROOT Privilege Escalation
- CVE-2025-63729 - Syrotech SY-GPON-1110-WDONT SSL Key Disclosure
- CVE-2025-0248 - HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability
- CVE-2025-64693 - MaLion and MaLionCloud Windows Heap-Based Buffer Overflow Vulnerability
- CVE-2025-62691 - MaLion/MaLionCloud HTTP Header Stack Overflow Vulnerability
- CVE-2025-59366 - ASUS AiCloud Authentication Bypass
- CVE-2025-12003 - ASUS Router Firmware WebDAV Path Traversal Vulnerability
- CVE-2025-59373 - ASUS System Control Interface Local Privilege Escalation
- CVE-2025-62155 - QuantumNous New API Has SSRF Bypass
- CVE-2025-54347 - Desktop Alert PingAlert Directory Traversal Vulnerability
- CVE-2025-52538 - Apache Xerces Integer Overflow Vulnerability
- CVE-2023-7330 - Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php
- CVE-2024-14007 - TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure
- CVE-2018-25126 - TVT NVMS-9000 Hard-coded API Credentials & Command Injection
- CVE-2025-13609 - Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
- CVE-2025-63434 - Xtooltech Xtool AnyScan Unauthenticated Remote Code Execution Vulnerability
- CVE-2025-44018 - GL-Inet GL-AXT1800 Firmware Downgrade Vulnerability
- CVE-2025-10555 - Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x
- CVE-2025-10554 - Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
- CVE-2025-11921 - iStat Menus 7.10.4 - Local Privilege Escalation
- CVE-2025-41016 - Multiple vulnerabilities in DFUSION by Davantis
- CVE-2025-13553 - D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
- CVE-2025-13552 - D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
- CVE-2025-13549 - D-Link DIR-822K formNtp sub_455524 buffer overflow
- CVE-2025-13548 - D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
- CVE-2025-65947 - thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS
- CVE-2025-65946 - Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug
- CVE-2025-65108 - md-to-pdf is vulnerable to arbitrary JavaScript code execution when parsing front matter
- CVE-2025-65109 - Minder does not sandbox http.send in Rego programs
- CVE-2025-65102 - PJSIP is vulnerable to buffer overflow in Opus PLC
- CVE-2025-65106 - LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
- CVE-2025-13322 - WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter
- CVE-2025-11985 - Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
- CVE-2025-12138 - URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
- CVE-2025-11456 - ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload
- CVE-2025-64695 - LogStare Collector Windows Installer Uncontrolled Search Path Element Vulnerability (RCE)
- CVE-2025-64310 - Epson Projector WebConfig Brute Force Authentication Vulnerability
- CVE-2025-64762 - authkit-nextjs may let session cookies be cached in CDNs
- CVE-2025-62164 - VLLM deserialization vulnerability leading to DoS and potential RCE
- CVE-2025-62372 - vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
- CVE-2025-64755 - @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
- CVE-2025-62459 - Microsoft Defender Portal Spoofing Vulnerability
- CVE-2025-62207 - Azure Monitor Elevation of Privilege Vulnerability
- CVE-2025-49752 - Azure Bastion Elevation of Privilege Vulnerability
- CVE-2025-64655 - Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
- CVE-2025-59245 - Microsoft SharePoint Online Elevation of Privilege Vulnerability
Franck Ridel
