7.1
CVE-2025-53080 -
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
4.9
CVE-2025-53079 -
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
8
CVE-2025-53078 -
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
6.5
CVE-2025-53077 -
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
9.1
CVE-2025-8264 -
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify β¦
5.9
CVE-2025-53649 -
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
5.3
CVE-2025-4370 - Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload
The Brizy β Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticatedβ¦
6.4
CVE-2025-4566 - Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget
The Elementor Website Builder β More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This mβ¦
6.4
CVE-2025-3075 - Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder β More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attβ¦
7.5
CVE-2025-6495 - Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the βpβ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticateβ¦