7.3
CVE-2025-49144 - Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social enβ¦
9.1
CVE-2025-6547 - On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
5.3
CVE-2025-6518 - PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a tβ¦
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to impropβ¦
9.1
CVE-2025-6545 - pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemβ¦
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
5.3
CVE-2025-6517 - Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of theβ¦
8.8
CVE-2025-49126 - Visionatrix Vulnerable to Reflected XSS Leading to Exfiltration of Secrets
Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation usβ¦
4.8
CVE-2025-6516 - HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed toβ¦
8.7
CVE-2025-6511 - Netgear EX6150 sub_410090 stack-based overflow
A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
8.7
CVE-2025-6510 - Netgear EX6100 sub_415EF8 stack-based overflow
A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-6509 - seaswalker spring-analysis SimpleController.java echo cross site scripting
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads tβ¦