7.8
CVE-2025-30312 - Dimension | Out-of-bounds Write (CWE-787)
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2025-47135 - Dimension | Out-of-bounds Read (CWE-125)
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must opβ¦
5.4
CVE-2025-7363 - TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript. β¦
5.4
CVE-2025-7362 - MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload exteβ¦
8.8
CVE-2025-0928 - Arbitrary executable upload via authenticated endpoint
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or uβ¦
5.4
CVE-2025-53479 - CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationaliβ¦
The CheckUser extensionβs Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki - β¦
5.3
CVE-2025-7187 - code-projects Chat System fetch_member.php sql injection
A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to theβ¦
7.5
CVE-2025-47988 - Azure Monitor Agent Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
7
CVE-2025-49744 - Windows Graphics Component Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
7.8
CVE-2025-49742 - Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.