4.4
CVE-2025-30101 -
Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
5.5
CVE-2025-30102 -
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
7.2
CVE-2024-13009 - Eclipse Jetty GZIP buffer release
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
3.1
CVE-2025-4132 - Unvalidated Redirect Vulnerability on Rapid7.com
Rapid7 Corporate Website prior to May 2nd 2025, suffered from a URL Redirection to Untrusted Site ('Open Redirect') vulnerability whereby, due to misconfigured headers, an attacker could successfully redirect users to a malicious site of their control. This vulnerability has been fixed as of May 2β¦
5.9
CVE-2025-4207 - PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that failsβ¦
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 1β¦
8.7
CVE-2024-6648 - Path Traversal in AP Page Builder
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.
6.3
CVE-2025-3506 - Potentially senitive path exposed via unauthenticated http route
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.
6.1
CVE-2025-2806 - tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the βdataβ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers β¦
6.4
CVE-2025-3468 - NEX-Forms β Ultimate Form Builder β Contact forms and much more <= 8.9.1 - Authenticated (Custom) Sβ¦
The NEX-Forms β Ultimate Form Builder β Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it pβ¦
6.4
CVE-2025-3862 - Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parametβ¦
Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboβ¦