4.6
CVE-2024-13126 - Download Manager < 3.3.07 - Unauthenticated Data Exposure
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.
5.1
CVE-2025-2335 - Drivin Soluçáes API registerSchool cross site scripting
A vulnerability classified as problematic was found in Drivin Soluçáes up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remβ¦
7.7
CVE-2022-49737 -
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input locβ¦
7.8
CVE-2025-30074 -
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
7.7
CVE-2025-30076 -
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.
4.2
CVE-2025-24856 -
An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the β¦
5.4
CVE-2025-30089 -
gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.
5.8
CVE-2024-58103 -
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.
6.2
CVE-2025-30077 -
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.
5.3
CVE-2025-2334 - 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access coβ¦