7.6
CVE-2025-9558 - Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start
There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size.
8.6
CVE-2025-64983 -
Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device.
9.7
CVE-2025-66022 - FACTION Unauthenticated Custom Extension Upload leads to RCE
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Factionβs extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code β¦
6.1
CVE-2025-66026 - REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context whenβ¦
4.3
CVE-2025-66025 - Caido Improperly Handles External Links in Markdown
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caidoβs Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or otβ¦
8.6
CVE-2025-66021 - OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tβ¦
7.5
CVE-2025-66020 - Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive β¦
7
CVE-2025-12848 - XSS vulnerability when rendering filename in Webform Multiform
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g., "<img src=1 onerror=alert(docuβ¦
7.1
CVE-2025-66269 - Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables lβ¦
9.3
CVE-2025-66266 - Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Priviβ¦
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting β¦