4.8
CVE-2025-5200 - Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attackβ¦
5.6
CVE-2025-23392 - Reflected XSS in SystemsController.java in spacewalk-java
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container susβ¦
0.0
CVE-2025-5223 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.8
CVE-2025-23394 - daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.
5.3
CVE-2025-39498 - WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through 1.7.1.
7.5
CVE-2025-5196 - Wing FTP Server Lua Admin Console unnecessary privileges
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The complexiβ¦
5.3
CVE-2025-5186 - thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forβ¦
5.1
CVE-2025-40663 - Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A
Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time.
6.9
CVE-2025-40653 - User enumeration in M3M Printer Server Web
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames.
5.3
CVE-2025-40652 - Cross-Site Scripting (XSS) in CoverManager
Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server. The malicious scripts are executed in the browser of any user visiting the affected page withouβ¦