6.5
CVE-2025-64527 - Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fβ¦
6.9
CVE-2025-39665 - Livestatus Injection in dynmaps
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.
5.3
CVE-2025-13472 - Missing authorization in BlazeMeter Jenkins Plugin
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.
6.2
CVE-2025-29864 -
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
5.5
CVE-2025-13946 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
5.5
CVE-2025-13945 - Improperly Controlled Sequential Memory Allocation in Wireshark
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
8.8
CVE-2025-12744 - Abrt: command-injection in abrt leading to local privilege escalation
A flaw was found in the ABRT daemonβs handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell meβ¦
9.8
CVE-2025-13486 - Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepaβ¦
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unaβ¦
2.7
CVE-2025-12954 - Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.
5.3
CVE-2025-10304 - Everest Backup β WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Autβ¦
The Everest Backup β WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticateβ¦