5.4
CVE-2025-6555 -
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
8.8
CVE-2025-52882 - Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages.β¦
6.9
CVE-2025-6579 - code-projects Car Rental System message_admin.php sql injection
A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /message_admin.php. The manipulation of the argument Message leads to sql injection. The attack may be initiated remotely. The exploit has been disβ¦
6.9
CVE-2025-6578 - code-projects Simple Online Hotel Reservation System delete_account.php sql injection
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_account.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotβ¦
4.2
CVE-2025-52880 - Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File
Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attackerβ¦
7.2
CVE-2025-52471 - ESP-NOW Integer Underflow Vulnerability Advisory
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficieβ¦
7.5
CVE-2025-52888 - Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) andβ¦
9.3
CVE-2025-49853 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iβ¦
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.
8.7
CVE-2025-49852 - Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.
8.7
CVE-2025-49851 - Improper Authentication in ControlID iDSecure On-premises
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.