7
CVE-2025-13052 - An improper certificates validation vulnerability was found in the Notification settings of ADM
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may obtain the sensitive inβ¦
5.4
CVE-2025-13669 - High Level Synthesis Compiler Security Advisory
Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.
7.5
CVE-2025-13886 - LT Unleashed <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter
The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the `book` shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and aβ¦
6.4
CVE-2025-13839 - LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Atβ¦
The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'ljuser' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatβ¦
5.4
CVE-2025-13665 - Quartus Prime Standard Security Advisory
The System Console Utility for Windows is vulnerable to a DLL planting vulnerability
8.2
CVE-2025-10451 - H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.
4.6
CVE-2025-67344 -
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.
4.9
CVE-2025-67819 -
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessβ¦
9.8
CVE-2025-65854 -
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
4.6
CVE-2025-67342 -
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can β¦