4.3
CVE-2025-12756 - Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
6.6
CVE-2025-11772 - Co-Installer Privilege Escalation
A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
8.6
CVE-2025-34297 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when โฆ
2.1
CVE-2025-13837 - Out-of-memory when loading Plist
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
6.3
CVE-2025-13836 - Excessive read buffering DoS in http.client
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
4.3
CVE-2025-13653 - Unauthorized access to documents in data streams with specially crafted requests
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.
0.0
CVE-2025-13835 - WordPress Arconix Shortcodes plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.20.
0.0
CVE-2025-13832 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2025-7007 - Null pointer dereference in Avast Antivirus on macOS (16.0.0) or Linux (3.0.3)
NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
9
CVE-2025-3500 - Integer Overflow in Avast Antiviurs 25.1.981.6 on Windows may result in privilege escalation
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.