3.7
CVE-2025-65014 - LibreNMS has Weak Password Policy
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weโฆ
6.2
CVE-2025-65013 - LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameterโฆ
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response withoutโฆ
5.1
CVE-2025-65012 - Kirby CMS has cross-site scripting (XSS) in the changes dialog
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Chโฆ
4.3
CVE-2025-64515 - Open Forms prefill data in read-only components can be tampered
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields aโฆ
8.4
CVE-2025-64325 - Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has beโฆ
8.1
CVE-2025-62406 - Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's Hโฆ
5.3
CVE-2025-54990 - XWiki AdminTools application doesn't set permissions on the AdminTools space
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin userโฆ
8.5
CVE-2025-64324 - KubeVirt Vulnerable to Arbitrary Host File Read and Write
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreateโฆ
6.9
CVE-2025-12119 - Bulk write with options may read invalid memory
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
6.5
CVE-2025-37162 - Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.