4.3
CVE-2025-64515 - Open Forms prefill data in read-only components can be tampered
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields aβ¦
8.4
CVE-2025-64325 - Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has beβ¦
8.1
CVE-2025-62406 - Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's Hβ¦
5.3
CVE-2025-54990 - XWiki AdminTools application doesn't set permissions on the AdminTools space
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin userβ¦
8.5
CVE-2025-64324 - KubeVirt Vulnerable to Arbitrary Host File Read and Write
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreateβ¦
6.9
CVE-2025-12119 - Bulk write with options may read invalid memory
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
6.5
CVE-2025-37162 - Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
7.5
CVE-2025-37161 - Unauthenticated Remote Denial-of-Service (DoS) Vulnerability in Web Management Interface
A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting netwoβ¦
7.2
CVE-2025-37163 - Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave)β¦
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
3.5
CVE-2025-52639 - HCL Connections is vulnerable to sensitive information disclosure
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.