7.3

CVSS3.1

CVE-2025-49144 - Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social en…

📅 Published: June 23, 2025, 7:01 p.m. 🔄 Last Modified: June 23, 2025, 7:01 p.m.

9.1

CVSS4.0

CVE-2025-6547 - On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

📅 Published: June 23, 2025, 7 p.m. 🔄 Last Modified: June 23, 2025, 7 p.m.

5.3

CVSS4.0

CVE-2025-6518 - PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a t…

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improp…

📅 Published: June 23, 2025, 7 p.m. 🔄 Last Modified: June 23, 2025, 7 p.m.

9.1

CVSS4.0

CVE-2025-6545 - pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplem…

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

📅 Published: June 23, 2025, 6:41 p.m. 🔄 Last Modified: June 23, 2025, 6:44 p.m.

5.3

CVSS4.0

CVE-2025-6517 - Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of the…

📅 Published: June 23, 2025, 6 p.m. 🔄 Last Modified: June 23, 2025, 6:15 p.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri Çilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali İltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

Nicat Abbasov

@scan9

CVE stats coming here

avatar

Mücahit İç

@mucahic

CVE stats coming here

avatar

@arslan

CVE stats coming here