6.9
CVE-2025-7745 - Modbus TCP buffer overread
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
10
CVE-2025-41240 - Mounted Kubernetes Secrets under a predictable path located within the web server document root
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secretsβ¦
4.3
CVE-2025-0765 - Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.
4.3
CVE-2025-1299 - Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sendinβ¦
4.3
CVE-2025-4976 - Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.
4.3
CVE-2025-7001 - Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable.
9.8
CVE-2025-7437 - Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's β¦
9.8
CVE-2025-7852 - WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versions up to, and including, 1.0.6. The pluginβs imageβupload handler calls move_uploaded_file() on clβ¦
6.4
CVE-2025-4968 - WPBakery Page Builder <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiβ¦
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line β¦
6.8
CVE-2025-4395 - Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025