8.6
CVE-2025-4674 - Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial)β¦
9.8
CVE-2025-40600 -
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
6.4
CVE-2025-5684 - MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Elβ¦
The MetForm β Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it posβ¦
4.3
CVE-2025-53902 - Tuleap exposes artifacts to a mentioned user via email notifications
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts tβ¦
5.4
CVE-2025-53541 - Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could insert β¦
8.2
CVE-2025-53102 - Discourse's WebAuthn challenge isn't cleared from user session after authentication
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not clearβ¦
5.3
CVE-2025-52899 - Tuleap vulnerable to user enumeration via the lost password form
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed inβ¦
6.5
CVE-2024-49828 - IBM Db2 for Linux, UNIX and Windows denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2Β is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
6.5
CVE-2024-51473 - IBM Db2 for Linux, UNIX and Windows denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
4.9
CVE-2024-52894 - IBM Db2 for Linux, UNIX and Windows denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.