4.8
CVE-2025-7068 - HDF5 H5FL.c H5FL__malloc memory leak
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
4.8
CVE-2025-7067 - HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosβ¦
7.5
CVE-2025-53485 - SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extensiβ¦
9.8
CVE-2025-53484 - SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names) This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This isβ¦
8.8
CVE-2025-53483 - SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from β¦
6.1
CVE-2025-53482 - IPInfo: Message key XSS through several IPInfo messages in infobox and popup
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, frβ¦
7.5
CVE-2025-53481 - Denial of service vector on ipinfo/v0/norevision
Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
7.9
CVE-2025-46733 - REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that β¦
5.1
CVE-2025-7061 - Intelbras InControl operador csv injection
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and mβ¦
6.1
CVE-2025-7066 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for imβ¦