8.8
CVE-2025-12970 - CVE-2025-12970
The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary cβ¦
8.5
CVE-2025-11921 - iStat Menus 7.10.4 - Local Privilege Escalation
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4.
7.5
CVE-2025-65998 - Apache Syncope: Default AES key used for internal password encryption
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained acceβ¦
0.0
CVE-2025-13602 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
7.7
CVE-2025-13601 - Glib: integer overflow in in g_escape_uri_string()
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped strβ¦
6.3
CVE-2025-12628 - WP 2FA < 3.0.0 - Second Factor Bypass
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them
6.9
CVE-2025-41017 - Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing β/cameras/<CAMERA_ID>/perspectiveβ.
8.7
CVE-2025-41016 - Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to β/alarms/<ALARM_ID>/<MEDIA>β, where the βMEDIAβ parameter can take the value of βsnapshotβ or βvideo.mp4β. These media files β¦
7.7
CVE-2025-12741 - Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances.Β No user aβ¦
7.7
CVE-2025-12740 - Remote Command Execution in Looker via IBM DB2 JDBC drive
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has alβ¦