5.1
CVE-2023-53870 - Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
8.7
CVE-2023-53869 - WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
8.7
CVE-2023-53868 - Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploβ¦
1
CVE-2025-64725 - Weblate has improper validation upon invitation acceptance
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.
8.5
CVE-2025-59947 - NanoMQ has Buffer Overflow
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription.
5.9
CVE-2025-13489 - IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
8.6
CVE-2025-14503 - Overly Permissive Trust Policy in Harmonix on AWS EKS
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sβ¦
6.5
CVE-2025-14148 - IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
6.5
CVE-2025-12035 - Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP
An integer overflow condition exists in Bluetooth Host stack, within the bt_br_acl_recv routine a critical path for processing inbound BR/EDR L2CAP traffic.
5
CVE-2025-36360 - IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expirationβ¦
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly β¦