8.5
CVE-2025-14338 - Polkit authentication dis isabled by default in inputplumber
Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005.
8.5
CVE-2025-66005 - Lack of Authentication in the InputManager D-Bus interface
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.
5.3
CVE-2025-66169 - Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
5.1
CVE-2025-67859 - Polkit Authorization Check can be Bypassed in the TLP power daemon
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemonโs log settings.This issue affects TLP: from 1.9 before 1.9.1.
7.9
CVE-2025-0647 -
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by tโฆ
8.6
CVE-2026-0532 - External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Geminโฆ
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticaโฆ
6.5
CVE-2026-0529 - Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers
Improper Validation of Array Index (CWE-129) in Packetbeatโs MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol pโฆ
10
CVE-2026-23550 - WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
5.3
CVE-2025-15475 - PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated โฆ
The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check_payhere_response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to โฆ
4.3
CVE-2025-15376 - Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_for_comments' and 'delete_stopwords_for_comments' functions. This makes it possible for unauthenticateโฆ