5.5
CVE-2025-36889 -
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
9.3
CVE-2025-14535 - UTT θΏε 512W formConfigFastDirectionW strcpy buffer overflow
A vulnerability was identified in UTT θΏε 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be usedβ¦
9.3
CVE-2025-14534 - UTT θΏε 512W Endpoint formNatStaticMap strcpy buffer overflow
A vulnerability was determined in UTT θΏε 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been β¦
5.3
CVE-2025-14531 - code-projects Rental Management System Log Transaction.java crlf injection
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could beβ¦
9.1
CVE-2025-13780 - Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a criticalβ¦
7.8
CVE-2025-64669 - Windows Admin Center Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
8.6
CVE-2025-14046 - Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized β¦
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by certβ¦
5.1
CVE-2025-14530 - SourceCodester Real Estate Property Listing App property.php unrestricted upload
A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has beeβ¦
6.9
CVE-2025-14529 - Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published anβ¦
1
CVE-2025-13912 - Potential non-constant time compiled code with Clang LLVM
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.