9.8
CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
9.6
CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
6.9
CVE-2025-11558 - code-projects E-Commerce Website user_index_search.php sql injection
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public aβ¦
6.9
CVE-2025-11557 - projectworlds Gate Pass Management System add-pass.php sql injection
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publicβ¦
6.3
CVE-2025-61783 - Python Social Auth - Django has unsafe account association
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service dβ¦
8.7
CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key).β¦
5.5
CVE-2025-43296 -
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
8.1
CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsaβ¦
7.2
CVE-2025-34248 - D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity β¦
7.5
CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaβ¦