5.4
CVE-2025-13663 - Quartus Prime Pro Edition Installer Advisory
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
6.9
CVE-2025-14537 - code-projects Class and Exam Timetable Management preview7.php sql injection
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes sql injection. Remote exploitation of the attack is possible…
6.5
CVE-2025-14293 - WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files …
7.5
CVE-2025-55184 - next: React Server Components: Denial of Service via unsafe HTTP deserialization
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely…
5.3
CVE-2025-55183 - next: React Server Components: Source code exposure through crafted HTTP request
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically craft…
6.9
CVE-2025-14536 - code-projects Class and Exam Timetable Management Login index.php sql injection
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be laun…
7.6
CVE-2025-13214 - IBM Aspera Orchestrator SQL Injection
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
8.1
CVE-2025-13148 - IBM Aspera Orchestrator Unverified Password Change
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.
8.8
CVE-2025-13481 - IBM Aspera Orchestrator Command Injection
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
5.3
CVE-2025-13211 - IBM Aspera Orchestrator Denial of Service
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.