6
CVE-2025-65953 - NanoMQ UAF of retain message due to invalid MQTTV5 properties
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerabβ¦
8.7
CVE-2025-65952 - Console is vulnerable to path traversal regarding custom assets
Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issβ¦
9.8
CVE-2025-13597 - AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite pluβ¦
9.8
CVE-2025-13595 - CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite pβ¦
2.7
CVE-2025-65942 - VictoriaMetrics Snappy Decoder DoS Vulnerability is Causing OOM
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics requβ¦
5.1
CVE-2025-64713 - WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when hβ¦
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLβ¦
4.7
CVE-2025-64704 - WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
6.1
CVE-2025-21621 - GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim'sβ¦
8.8
CVE-2025-62703 - Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework impβ¦
8.2
CVE-2025-58360 - GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feaβ¦
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. Hβ¦