- CVE-2025-40815 - Siemens LOGO! TCP Packet Structure Validation Buffer Overflow
- CVE-2025-40827 - Siemens Software Center/DLL Hijacking
- CVE-2025-40744 - "Solid Edge Certificate Validation Weakness"
- CVE-2025-40763 - "Altair Grid Engine Environment Variable Path Hijacking (Local Privilege Escalation)"
- CVE-2024-32010 - Spectrum Power 4 Database Credential Extraction and Command Injection Vulnerability
- CVE-2024-32011 - Spectrum Power Command Injection Vulnerability
- CVE-2024-32008 - Spectrum Power 4 Local Privilege Escalation
- CVE-2024-32009 - Spectrum Power Privilege Escalation Vulnerability
- CVE-2025-62452 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2025-62222 - Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
- CVE-2025-62220 - Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
- CVE-2025-62210 - Dynamics 365 Field Service (online) Spoofing Vulnerability
- CVE-2025-62211 - Dynamics 365 Field Service (online) Spoofing Vulnerability
- CVE-2025-62204 - Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2025-60724 - GDI+ Remote Code Execution Vulnerability
- CVE-2025-60715 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2025-30398 - Nuance PowerScribe 360 Information Disclosure Vulnerability
- CVE-2025-59499 - Microsoft SQL Server Elevation of Privilege Vulnerability
- CVE-2025-35963 - Intel PROSet/Wireless WiFi Software Denial of Service Vulnerability
- CVE-2025-35971 - Intel PROSet/Wireless WiFi Software Denial of Service Vulnerability
- CVE-2025-33029 - Intel PROSet/Wireless WiFi Software Denial of Service
- CVE-2025-33186 - NVIDIA AIStore AuthN Privilege Escalation and Information Disclosure Vulnerability
- CVE-2025-33000 - Intel QuickAssist Technology Ring 3 Privilege Escalation Vulnerability
- CVE-2025-32091 - Intel Arc B-series GPUs Privilege Escalation Vulnerability
- CVE-2025-30185 - Intel UEFI Reference Platforms - Denial of Service and Privilege Escalation Vulnerability
- CVE-2025-30255 - "Intel PROSet/Wireless WiFi Software Denial of Service Vulnerability"
- CVE-2025-24838 - Intel CIP Software Privilege Escalation Vulnerability
- CVE-2025-24299 - Intel CIP Privilege Escalation Vulnerability
- CVE-2025-13032 - Avast/AVG Antivirus Sandbox Kernel Driver Pool Overflow Privilege Escalation
- CVE-2025-20010 - Intel Processor Identification Utility Unmaintained Component Escalation of Privilege Vulnerability
- CVE-2025-9408 - Userspace privilege escalation vulnerability on Cortex M
- CVE-2025-11168 - Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation
- CVE-2025-11170 - WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload
- CVE-2025-11457 - EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.5.0 - Unauthenticated Privilege Escalation
- CVE-2025-11521 - Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload
- CVE-2025-42887 - Code Injection vulnerability in SAP Solution Manager
- CVE-2025-42890 - Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
- CVE-2025-12438 - Ozone Use-After-Free Vulnerability in Google Chrome
- CVE-2025-12432 - Google Chrome V8 Race Condition Heap Corruption Vulnerability
- CVE-2025-12429 - Google Chrome V8 HTML Injection Vulnerability
- CVE-2025-12480 - Triofox Improper Access Control
- CVE-2025-64685 - In JetBrains YouTrack before 2025.3.104432 missing
- CVE-2025-64689 - JetBrains YouTrack Junie Token Exposure
- CVE-2025-64456 - JetBrains ReSharper DPA Collector Unverified Signature Escalation
- CVE-2025-12864 - e-Excellence|U-Office Force - SQL Injection
- CVE-2025-12865 - e-Excellence|U-Office Force - SQL Injection
- CVE-2025-12866 - Hundred Plus|EIP Plus - Weak Password Recovery Mechanism
- CVE-2025-64495 - Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
- CVE-2025-64492 - SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
- CVE-2025-64489 - SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
- CVE-2025-64490 - SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
- CVE-2025-64488 - SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
- CVE-2025-64431 - IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
- CVE-2025-3222 - Smallworld SWMFS Improper Authentication
- CVE-2025-63689 - Ycf1998 Money-Pos System SQL Injection Vulnerability
- CVE-2025-52425 - QuMagie
- CVE-2025-4519 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function
- CVE-2025-12352 - Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'
- CVE-2025-64328 - FreePBX Administration GUI is Vulnerable to Authenticated Command Injection
- CVE-2025-5483 - LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation
- CVE-2025-64180 - Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
- CVE-2025-64184 - Dosage vulnerable to Directory Traversal through crafted HTTP responses
- CVE-2025-11546 - NEC Corporation UNIVERGE IX Cross-Site Scripting (XSS)
- CVE-2025-58423 - Advantech DeviceOn/iEdge Path Traversal
- CVE-2025-59171 - Advantech DeviceOn/iEdge Path Traversal
- CVE-2025-62630 - Advantech DeviceOn/iEdge Path Traversal
- CVE-2025-64178 - Jellysweep uses uncontrolled data in image cache API endpoint
- CVE-2025-12486 - Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability
- CVE-2025-12487 - oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
- CVE-2025-12488 - oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
- CVE-2022-50591 - Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure
- CVE-2022-50592 - Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
- CVE-2022-50589 - SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality
- CVE-2022-50590 - SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
- CVE-2025-64287 - WordPress Alloggio - Hotel Booking Theme theme <= 1.8 - Local File Inclusion vulnerability
- CVE-2025-6325 - WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability
- CVE-2025-6327 - WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability
- CVE-2025-62067 - WordPress Savory theme <= 2.5 - Local File Inclusion vulnerability
- CVE-2025-62035 - WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability
- CVE-2025-60198 - WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability
- CVE-2025-60199 - WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability
- CVE-2025-60197 - WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability
- CVE-2025-58207 - WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability
- CVE-2025-54719 - WordPress Yogi - Health Beauty & Yoga Theme <= 2.9.2 - Deserialization of untrusted data Vulnerability
- CVE-2025-48090 - WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability
- CVE-2025-12556 - IDIS ICM Viewer Argument Injection
- CVE-2025-11956 - XSS in Proliz's OBS
- CVE-2025-64163 - DataEase's DB2 is vulnerable to SSRF
- CVE-2025-55278 - HCL DevOps Loop is susceptible to an improper authentication vulnerability
- CVE-2025-12779 - Amazon WorkSpaces Client for Linux Authentication Token Exposure
- CVE-2025-63416 - SelfBest Stored Cross-Site Scripting (XSS)
- CVE-2025-55343 - Quipux SQL Injection Vulnerability
- CVE-2025-11093 - Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)
- CVE-2025-10907 - Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution
- CVE-2025-46364 - Dell CloudLink, versions prior to 8.1.1, contain a
- CVE-2025-45379 - Dell CloudLink Command Injection Vulnerability
- CVE-2025-30479 - Dell CloudLink Remote Command Injection Vulnerability
- CVE-2025-45378 - Dell CloudLink Privileged Shell Escalation Vulnerability
- CVE-2025-57130 - ZwiiCMS Privilege Escalation Access Control Bypass
- CVE-2025-63601 - Snipe-IT Remote Code Execution Vulnerability
Franck Ridel
