9.3
CVE-2025-14310 -
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.
7.5
CVE-2025-14309 -
NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.
10
CVE-2025-14308 - Integer Overflow in Robocode's Buffer Write Method
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vβ¦
9.3
CVE-2025-14307 - Insecure Temporary File Creation in Robocode's AutoExtract Component
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. Thβ¦
10
CVE-2025-14306 - Directory Traversal in Robocode's CacheCleaner Component
A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submiβ¦
8.6
CVE-2025-13428 - RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containiβ¦
7.1
CVE-2025-13071 - Custom Admin Menu <= 1.0.0 - Reflected XSS
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.6
CVE-2025-13070 - CSV to SortTable <= 4.2 - Contributor+ LFI
The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks.
5.9
CVE-2025-13031 - WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
5.1
CVE-2025-14284 - tiptap/extension-link: tiptap/extension-link: Cross-site Scripting (XSS) via unsanitized user inputβ¦
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload inβ¦