8.8
CVE-2025-1653 - Directory Listings WordPress plugin β uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escβ¦
The Directory Listings WordPress plugin β uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possibβ¦
8.8
CVE-2025-1657 - Directory Listings WordPress plugin β uListing <= 2.1.7 - Missing Authorization to Authenticated (Sβ¦
The Directory Listings WordPress plugin β uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticβ¦
8.6
CVE-2025-30066 -
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
0.0
CVE-2025-2333 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
6.9
CVE-2025-2320 - 274056675 springboot-openai-chatgpt User submit improper authorization
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launcβ¦
3.5
CVE-2025-2295 - Potential iSCSI R2T PDU Vulnerability
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
4.8
CVE-2025-2310 - HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and mβ¦
4.8
CVE-2025-2309 - HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been discloβ¦
4.8
CVE-2025-2308 - HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been discloβ¦
6.4
CVE-2025-29782 - WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tβ¦
WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` β¦