5
CVE-2025-64738 - Zoom Workplace for macOS - External Control of File Name or Path
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
5.3
CVE-2025-13116 - macrozheng mall-swarm/mall cancelUserOrder improper authorization
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit hasโฆ
5.3
CVE-2025-13115 - macrozheng mall-swarm/mall Order Details detail improper authorization
A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the atโฆ
5.3
CVE-2025-13114 - macrozheng mall-swarm attr updateAttr improper authorization
A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was coโฆ
5.3
CVE-2025-41069 - Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite
Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in โ/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/obtenerDatosConsentimiโฆ
3.1
CVE-2025-12817 - PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before Pโฆ
5.9
CVE-2025-12818 - PostgreSQL libpq undersizes allocations, via integer wraparound
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions โฆ
7.5
CVE-2025-12765 - pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
pgAdmin <= 9.9ย is affected by aย vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
7.5
CVE-2025-12764 - pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.
pgAdmin <= 9.9ย is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
6.8
CVE-2025-12763 - Command injection vulnerability allowing arbitrary command execution on Windows
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.