7.2
CVE-2025-13604 - Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Siteβ¦
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers β¦
5.5
CVE-2025-67487 - Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping β¦
9.1
CVE-2025-67504 - WBCE CMS has Weak Random Number Generator in Password Generation Function
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilβ¦
7.2
CVE-2025-66631 - CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization.β¦
8.4
CVE-2025-66627 - Wasmi's Linear Memory has a Critical Use After Free Vulnerability
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory grβ¦
6
CVE-2025-66578 - robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature valiβ¦
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2βs canonicalization is invoked on an invalid XML inpβ¦
9.1
CVE-2025-42928 - Deserialization Vulnerability in SAP jConnect - SDK for ASE
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and aβ¦
6.5
CVE-2025-42904 - Information Disclosure vulnerability in Application Server ABAP
Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity oβ¦
5.4
CVE-2025-42896 - Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity,β¦
5.5
CVE-2025-42891 - Missing Authorization check in SAP Enterprise Search for ABAP
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on applicβ¦