6.9
CVE-2025-53522 -
Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.
6.9
CVE-2025-57791 - Argument Injection Vulnerability in CommServe
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
8.7
CVE-2025-57790 - Path Traversal Vulnerability
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
5.3
CVE-2025-57789 - Vulnerability in Initial Administrator Login Process
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
8.8
CVE-2025-8141 - Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary filβ¦
7.5
CVE-2025-8289 - Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserializaβ¦
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenticated attackers to inject a PHP Object. Thisβ¦
8.8
CVE-2025-8145 - Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additionβ¦
9.3
CVE-2024-12223 - Stored Cross-site Scripting (XSS) in Nutanix Prism Central
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim userβs session and perform actions in their security context.
8.8
CVE-2025-9132 -
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
5.1
CVE-2025-9193 - TOTVS Portal Meu RH Password Reset redirect
A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and mβ¦