5.3
CVE-2025-13119 - Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.
5.3
CVE-2025-13118 - macrozheng mall-swarm/mall paySuccess improper authorization
A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public andβ¦
6.8
CVE-2025-11538 - Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker on the same networkβ¦
4.3
CVE-2025-62482 - Zoom Workplace for Windows - Cross-site Scripting
Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
6.6
CVE-2025-30662 - Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
4.8
CVE-2025-30669 - Zoom Workplace Clients - Improper Certificate Validation
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
8.1
CVE-2025-64741 - Zoom Workplace for Android - Improper Authorization Handling
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
7.5
CVE-2025-64740 - Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
5.3
CVE-2025-13117 - macrozheng mall-swarm/mall cancelOrder improper authorization
A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exβ¦
4.3
CVE-2025-64739 - Zoom Clients - External Control of File Name or Path
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.