9.1
CVE-2025-6065 - Image Resizer On The Fly <= 1.1 - Unauthenticated Arbitrary File Deletion
The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which canβ¦
7.2
CVE-2025-5487 - AutomatorWP <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions
The AutomatorWP β Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parβ¦
7.2
CVE-2025-3234 - File Manager Pro β Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload
The File Manager Pro β Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on tβ¦
4.3
CVE-2025-6059 - Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions
The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to performβ¦
8.5
CVE-2025-33108 - IBM Backup Recovery and Media Services for i code execution
IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access toβ¦
8.1
CVE-2025-24919 - Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromiβ¦
8.8
CVE-2025-25215 - Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerabiliβ¦
5.2
CVE-2025-6083 - ExtremeCloud Universal ZTNA Improper Authorization
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.
8.8
CVE-2025-25050 - Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability
An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call tβ¦
8.8
CVE-2025-24922 - Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability
A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior toΒ 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call tβ¦