0.0
CVE-2025-10219 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.8
CVE-2025-7718 - Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insβ¦
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email. Tβ¦
5.1
CVE-2025-40725 - Reflected Cross-Site Scripting (XSS) in Azon Dominator
Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the βqβ parameter in /search via GET. This vulnerability can be exploited to steal sensitive user dataβ¦
7
CVE-2025-10215 - DLL search path hijacking vulnerability
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitβ¦
7
CVE-2025-10214 - DLL search path hijacking vulnerability
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitβ¦
7
CVE-2025-10213 - DLL search path hijacking vulnerability
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitraβ¦
7
CVE-2025-40979 - DLL search order hijack in Wave by Grandstream Networks
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could leaβ¦
8.7
CVE-2025-36759 - Sensitive Information Disclosure in SolaX Cloud
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
6.3
CVE-2025-36757 - Bypass of administrator login screen in SolaX Cloud
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.
6.3
CVE-2025-36758 - Bypass of bruteforce protection in SolaX Cloud
It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.