- CVE-2025-7779 - Acronis True Image macOS Local Privilege Escalation Vulnerability
- CVE-2025-7493 - Freeipa: idm: privilege escalation from host to domain admin in freeipa
- CVE-2025-8120 - Remote Code Execution via Unrestricted File Upload in PAD CMS
- CVE-2025-8121 - Blind SQL Injection in PAD CMS
- CVE-2025-7063 - Remote Code Execution via Unrestricted File Upload in PAD CMS
- CVE-2025-7065 - Remote Code Execution via Unrestricted File Upload in PAD CMS
- CVE-2025-8117 - Account Takeover via Reset Password Functionality in PAD CMS
- CVE-2025-9762 - WordPress Post By Email Plugin Remote File Upload Vulnerability
- CVE-2025-11148 - Apache Check-Branches Command Injection Vulnerability
- CVE-2025-8625 - WordPress Copypress Rest API Remote Code Execution Vulnerability
- CVE-2025-7052 - WordPress LatePoint CSRF Vulnerability
- CVE-2025-7038 - LatePoint WordPress Authentication Bypass Vulnerability
- CVE-2025-9991 - WordPress Tiny Bootstrap Elements Light Local File Inclusion Vulnerability
- CVE-2025-9993 - Bei Fen – WordPress Backup Plugin Local File Inclusion Vulnerability
- CVE-2025-59937 - go-mail has insufficient address encoding when passing mail addresses to the SMTP client
- CVE-2025-36245 - IBM InfoSphere Information Server command execution
- CVE-2025-54875 - FreshRSS: Unauthorized creation of admin user when registration is enabled
- CVE-2025-30247 - Western Digital My Cloud OS Command Injection
- CVE-2025-35030 - Medical Informatics Engineering Enterprise Health cross site request forgery
- CVE-2025-41251 - Weak password recovery vulnerability
- CVE-2025-34196 - Vasion Print (formerly PrinterLogic) Hardcoded PrinterLogic CA Private Key and Hardcoded Password
- CVE-2025-57483 - Tawk.to Chatbox Widget Reflected XSS
- CVE-2025-41250 - Header injection vulnerability
- CVE-2025-11123 - Tenda AC18 saveAutoQos stack-based overflow
- CVE-2025-11122 - Tenda AC18 WizardHandle stack-based overflow
- CVE-2025-59945 - SysReptor Susceptible to Privilege Escalation by Authenticated Users
- CVE-2025-59936 - get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass
- CVE-2025-59939 - WeGIA vulnerable to SQL Injection into method `excluir` of the `ProdutoControle` class in the parameter `id_produto`.
- CVE-2025-59932 - FlagForgeCTF Unauthenticated Resource Modification/Deletion
- CVE-2025-55187 - DriveLock Privilege Escalation Vulnerability
- CVE-2025-9642 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
- CVE-2025-60219 - WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability
- CVE-2025-60156 - WordPress AR For WordPress Plugin <= 7.98 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-60126 - WordPress Testimonial Slider Plugin <= 3.5.8.6 - Local File Inclusion Vulnerability
- CVE-2025-60118 - WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability
- CVE-2025-60109 - WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability
- CVE-2025-60110 - WordPress AllInOne - Banner Rotator Plugin <= 3.8 - SQL Injection Vulnerability
- CVE-2025-60111 - WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-60107 - WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability
- CVE-2025-60108 - WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
- CVE-2025-10880 - Insufficiently Protected Credentials in Dingtian DT-R002
- CVE-2025-34227 - Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
- CVE-2025-10879 - Insufficiently Protected Credentials in Dingtian DT-R002
- CVE-2025-59841 - FlagForgeCTF's Improper Session Handling Allows Access After Logout
- CVE-2025-20333 - "Cisco Secure Firewall Arbitrary Code Execution Vulnerability"
- CVE-2025-20363 - "Cisco Secure Firewall Arbitrary Code Execution Vulnerability"
- CVE-2025-10953 - UTT 1200GW/1250GW formApMail buffer overflow
- CVE-2025-10948 - MikroTik RouterOS libjson.so print parse_json_element buffer overflow
- CVE-2025-10467 - Stored XSS in Proliz Software's OBS
- CVE-2025-10941 - Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission
- CVE-2025-10942 - H3C Magic B3 aspForm AddMacList buffer overflow
- CVE-2025-40698 - SQL injection vulnerability in Prevengos
- CVE-2025-54520 - Xilinx FPGA Power Glitch Attack Vulnerability
- CVE-2025-10894 - Nx: nx/devkit: malicious versions of nx and plugins published to npm
- CVE-2025-59827 - FlagForgeCTF is Missing Authorization in main-v2
- CVE-2025-59343 - tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
- CVE-2025-52906 - TOTOLINK X6000R Command Injection Vulnerability
- CVE-2025-20315 - Cisco NBAR CAPWAP Denial of Service
- CVE-2025-20160 - Cisco TACACS+ Unauthenticated Data Disclosure and Authentication Bypass
- CVE-2025-56816 - Datart Directory Traversal Deserialization Remote Code Execution
- CVE-2025-27034 - Improper Validation of Array Index in Multi-Mode Call Processor
- CVE-2025-21484 - Buffer Over-read in Data Network Stack & Connectivity
- CVE-2025-21487 - Buffer Over-read in Data Network Stack & Connectivity
- CVE-2025-21488 - Buffer Over-read in Data Network Stack & Connectivity
- CVE-2025-21483 - Improper Restriction of Operations within the Bounds of a Memory Buffer in Data Network Stack & Connectivity
- CVE-2025-10906 - Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication
- CVE-2025-9054 - MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'
- CVE-2025-41715 - Missing Authentication for Database Access in Web Application
- CVE-2025-59545 - DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
- CVE-2025-4993 - Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
- CVE-2025-1255 - Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
- CVE-2025-9798 - Stored XSS in Netcad Software's Netigma
- CVE-2025-9588 - OS Command Injection in Iron Mountain's enVision
- CVE-2025-10815 - Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow
- CVE-2025-59434 - Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
- CVE-2025-59528 - Flowise has Remote Code Execution vulnerability
- CVE-2025-59572 - WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-53468 - WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability
- CVE-2025-58013 - WordPress CouponXxL Theme <= 4.5.0 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-58244 - WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-58250 - WordPress Findgo Theme <= 1.3.55 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-58255 - WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability
- CVE-2025-58686 - WordPress Perfect Brands for WooCommerce Plugin <= 3.6.0 - SQL Injection Vulnerability
- CVE-2025-57437 - Blackmagic Web Presenter HD Telnet Information Disclosure
- CVE-2025-57439 - Creacast Creabox Manager Remote Code Execution
- CVE-2025-57441 - Blackmagic ATEM Mini Pro Telnet Information Disclosure
- CVE-2025-43953 - 2wcom IP-4c Remote Code Execution Vulnerability
- CVE-2025-57434 - Creacast Creabox Manager Hard-Coded Credentials Vulnerability
- CVE-2025-57431 - Sound4 PULSE-ECO AES67 Remote Code Execution Vulnerability
- CVE-2025-35042 - Airship AI Acropolis default credentials
- CVE-2025-10803 - Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow
- CVE-2025-10854 - Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices
- CVE-2025-48703 - CWP Filemanager Unauthenticated RCE
- CVE-2025-47698 - Cognex In-Sight Explorer and In-Sight Camera Firmware Cleartext Transmission of Sensitive Information
- CVE-2025-54754 - Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password
- CVE-2025-30519 - Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials
- CVE-2025-54807 - Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key
- CVE-2025-55068 - Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound
- CVE-2025-10650 - Non-admin users may erroneously be granted cluster-level SSH access
- CVE-2023-49367 - Kyocera Command Center RX EXOSYS M5521cdn Information Disclosure Vulnerability
Franck Ridel
