9.8
CVE-2025-4689 - Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Iβ¦
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerabβ¦
6.3
CVE-2025-5692 - Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Manyβ¦
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscribβ¦
5.5
CVE-2025-38093 - arm64: dts: qcom: x1e80100: Add GPU cooling
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads it is possible to reach the critical hardware shutdown tβ¦
5.5
CVE-2025-38092 - ksmbd: use list_first_entry_or_null for opinfo_get_list()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty then it returns an invalid pointer. Use list_first_entry_or_null() to check if the list is empty.
7.8
CVE-2025-38091 - drm/amd/display: check stream id dml21 wrapper to get plane_id
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false positive warning which occurs due to lack of correct checks when querying plane_id in DML21. This fixes the warning when performing a mode1 reβ¦
9.8
CVE-2025-45814 -
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.
5
CVE-2025-52925 -
In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
3.7
CVE-2025-7039 - Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulβ¦
5.3
CVE-2025-45424 -
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
9.8
CVE-2025-45813 -
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.