4.8
CVE-2025-62240 -
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbiβ¦
6.5
CVE-2025-59286 - Copilot Spoofing Vulnerability
Copilot Spoofing Vulnerability
6.5
CVE-2025-59272 - Copilot Spoofing Vulnerability
Copilot Spoofing Vulnerability
8.7
CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability
Redis Enterprise Elevation of Privilege Vulnerability
6.5
CVE-2025-59252 - M365 Copilot Spoofing Vulnerability
M365 Copilot Spoofing Vulnerability
8.7
CVE-2025-55321 - Azure Monitor Log Analytics Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
8.8
CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability
Azure PlayFab Elevation of Privilege Vulnerability
9.8
CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
9.6
CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
6.9
CVE-2025-11558 - code-projects E-Commerce Website user_index_search.php sql injection
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public aβ¦