9.1
CVE-2025-4967 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portalβs SSRF protections.
5.3
CVE-2025-5325 - zhilink ζΊδΊθ(ζ·±ε³)η§ζζιε ¬εΈ ADP Application Developer Platform εΊη¨εΌεθ εΉ³ε° testService special elements used β¦
A vulnerability has been found in zhilink ζΊδΊθ(ζ·±ε³)η§ζζιε ¬εΈ ADP Application Developer Platform εΊη¨εΌεθ εΉ³ε° 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization ofβ¦
3.5
CVE-2025-47288 - Discourse Policy plugin private group members visible
Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. Aβ¦
6.5
CVE-2024-49350 - IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
5.3
CVE-2025-2518 - IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
5.3
CVE-2025-3050 - IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
7.3
CVE-2025-46701 - Apache Tomcat: Security constraint bypass for CGI scripts
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 throβ¦
9.8
CVE-2025-48336 - WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through < 3.6.6.
5.7
CVE-2025-32752 -
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
4.8
CVE-2025-5324 - TechPowerUp GPU-Z 0x8000645C IOCTL GPU-Z.sys sub_140001880 memory leak
A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The eβ¦