7
CVE-2025-32023 - Redis allows out of bounds writes in hyperloglog commands leading to RCE
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The b…
5.4
CVE-2025-53487 - ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys…
5.4
CVE-2025-7057 - Stored XSS in Quiz
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.4…
5.4
CVE-2025-53486 - WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser functi…
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the {{#tag:tagcloud}} parser fun…
5.3
CVE-2025-7133 - CodeAstro Online Movie Ticket Booking System cross-site request forgery
A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be u…
7.8
CVE-2025-6663 - GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may v…
9.8
CVE-2025-6811 - Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execu…
Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit th…
9.8
CVE-2025-6810 - Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnera…
Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerabi…
9.8
CVE-2025-6802 - Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif…
7.5
CVE-2025-6806 - Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw e…