9.8
CVE-2025-53511 -
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
8.2
CVE-2025-52461 -
An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
9.8
CVE-2025-54462 -
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
9.8
CVE-2025-48005 -
A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
5.1
CVE-2025-9407 - mtons mblog profile cross site scripting
A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may β¦
4.3
CVE-2025-48303 - WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through <= 0.6.
6.5
CVE-2025-8562 - Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter
The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can cβ¦
9.3
CVE-2025-7426 - MINOVA TTA Information Disclosure and Credential Exposure
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of autβ¦
7.3
CVE-2025-5191 - Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows)
An Unquoted Search Path vulnerability has been identified in the utility for Moxaβs industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority direβ¦
10
CVE-2025-9118 - Dataform Path Traversal
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.