5.5
CVE-2025-38314 - virtio-pci: Fix result size returned for the admin command completion
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes larger than the actual result data size. This occurs because the result_sg_size field o…
7.1
CVE-2025-38330 - firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets(). The code uses mock_coeff_template.length_bytes (4 bytes) for register value al…
8.8
CVE-2025-28244 -
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
8.4
CVE-2025-0141 - GlobalProtect App: Privilege Escalation (PE) Vulnerability
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and Gl…
6.8
CVE-2025-0140 - GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Win…
6.3
CVE-2025-0139 - Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability
An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
6.4
CVE-2025-6976 - Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortc…
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i…
6.1
CVE-2025-6975 - Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for una…
7.5
CVE-2025-6970 - Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex…
10
CVE-2025-53624 - docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration …