8.7
CVE-2025-34457 - wb2osz/direwolf <= 1.8.1 Stack-based Buffer Overflow DoS
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the…
8.7
CVE-2025-34458 - wb2osz/direwolf <= 1.8.1 Reachable Assertion DoS
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty o…
5.3
CVE-2025-68480 - Marshmallow has DoS in Schema.load(many)
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a dispr…
6.5
CVE-2025-15033 - WooCommerce - Subscriber/Customer+ Order Data Disclosure
A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting from 8.1, where it ha…
7
CVE-2025-10021 -
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation uni…
7.2
CVE-2025-61740 - Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.
7.2
CVE-2025-26379 - Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Rand…
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
7.3
CVE-2025-14018 - Unquoted Service Path in NetBT Consultancy's e-Fatura
Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: before 1.2.15.
7.2
CVE-2025-14273 - Mattermost Jira plugin user spoofing enables Jira request forgery.
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who kno…
6.8
CVE-2025-54890 - A user with elevated privileges can inject XSS in the Hostgroups configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0…