7.3
CVE-2025-59118 - Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.
7.3
CVE-2025-11962 - Stored XSS in DivvyDrive Information Technologies' Digital Corporate Warehouse
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS.This issue affects Digital Corporate Warehouse: before v.4.8.2.22.
5.3
CVE-2025-64407 - Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment…
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables…
4.3
CVE-2025-64406 - Apache OpenOffice: Possible memory corruption during CSV import
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the is…
7.5
CVE-2025-64405 - Apache OpenOffice: Remote documents loaded without prompt via DDE function
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to ext…
7.5
CVE-2025-64404 - Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgroun…
8.1
CVE-2025-64403 - Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOf…
6.5
CVE-2025-64402 - Apache OpenOffice: Remote documents loaded without prompt via OLE objects
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to …
7.5
CVE-2025-64401 - Apache OpenOffice: Remote documents loaded without prompt via IFrame
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked…
7.5
CVE-2025-12903 - Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposu…
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permi…