9.3
CVE-2025-34164 - NetSupport Manager < 14.12.0000 Heap-Based Buffer Overflow
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.
10
CVE-2025-58159 - WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Becβ¦
6.2
CVE-2025-57752 - Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorβ¦
4.3
CVE-2025-55173 - Next.js Content Injection Vulnerability for Image Optimization
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary coβ¦
1.9
CVE-2025-58156 - Centurion ERP users can view hashed authentication tokens that belong to other users
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed auβ¦
6.5
CVE-2025-57822 - Next.js Improper Middleware Redirect Handling Leads to SSRF
Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability hasβ¦
6.9
CVE-2025-9678 - Campcodes Online Loan Management System ajax.php sql injection
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been maβ¦
2.3
CVE-2025-58160 - Tracing logging user input may result in poisoning logs with ANSI escape sequences
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminβ¦
7.5
CVE-2025-58157 - gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been paβ¦
6.3
CVE-2025-58068 - Eventlet affected by HTTP request smuggling in unparsed trailers
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attaβ¦