8.4
CVE-2025-54496 - Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow
A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
5.3
CVE-2025-62520 - MantisBT unauthorized disclosure of private project column configuration
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have β¦
7.7
CVE-2025-62507 - Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this isβ¦
7.2
CVE-2025-62369 - Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System -> Add/Edit custom modules and teβ¦
5.4
CVE-2025-55155 - MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventingβ¦
5.3
CVE-2025-48884 - Galette is vulnerable to XSS through Document Type
Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
5.3
CVE-2025-48076 - Galette is vulnerable to Cross-site Scripting
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
8.8
CVE-2025-47776 - MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Insβ¦
7.5
CVE-2025-32786 - GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
8.2
CVE-2025-23358 -
NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.