5.3
CVE-2025-53498 - Lack of Audit Logging in AbuseFilter
Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
9.1
CVE-2025-53499 - Unauthorized Inspection of Protected Variables in AbuseFilter
Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
4.8
CVE-2025-7140 - SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is possiblโฆ
9.1
CVE-2025-53495 - Unauthorized Disclosure of IP Reputation in AbuseFilter
Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
5.4
CVE-2025-53478 - CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages
The CheckUser extensionโs Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the โIPs and User agentsโ tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befโฆ
4.8
CVE-2025-7139 - SourceCodester Best Salon Management System Update Customer Details Page edit-customer-detailed.phpโฆ
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the argument Name leads to crosโฆ
8.1
CVE-2025-53536 - Roo Code allows Potential Remote Code Execution via .vscode/settings.json
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with thโฆ
4.3
CVE-2025-20322 - Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk โฆ
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster tโฆ
4.3
CVE-2025-20323 - Missing Access Control of Saved Searches in the Splunk Archiver app
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the savedโฆ
6.5
CVE-2025-20321 - Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) iโฆ
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC)โฆ