8.7
CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key).โฆ
0.0
CVE-2025-43296 -
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
8.1
CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsaโฆ
7.2
CVE-2025-34248 - D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity โฆ
7.5
CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaโฆ
6.9
CVE-2025-11556 - code-projects Simple Leave Manager user.php sql injection
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
6.9
CVE-2025-11555 - Campcodes Online Learning Management System calendar_of_events.php sql injection
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be usโฆ
7.5
CVE-2025-61601 - BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array โฆ
8.2
CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServiโฆ
Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
6.9
CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access
Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.