5.1
CVE-2025-62228 - Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injecβ¦
Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.
8.8
CVE-2025-10240 - Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web aβ¦
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session.
7.2
CVE-2025-10239 - Unintended command execution via troubleshooting scripts in Progress Flowmon
In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes.
7.8
CVE-2025-39963 - io_uring: fix incorrect io_kiocb reference in io_link_skb
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where prev_notif is incorrectly assigned using 'nd' instead of 'prev_nd'. This causes the context validation check to compare the cβ¦
7.5
CVE-2025-10004 - Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs.
7.7
CVE-2025-11340 - Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped β¦
4.3
CVE-2025-2934 - Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP β¦
6.4
CVE-2025-9371 - Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βpage_titleβ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with Contribuβ¦
6.5
CVE-2025-10249 - Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File β¦
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above, β¦
7.5
CVE-2025-10862 - Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers β¦
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on thβ¦