7.8
CVE-2025-1276 - DWG File Parsing Out-of-Bounds Write Vulnerability
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1275 - JPG File Parsing Heap-Based Overflow Vulnerability
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
6.9
CVE-2025-27568 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request.
5.3
CVE-2025-30702 -
Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Sucβ¦
2.2
CVE-2025-32021 - Weblate VCS credentials included in URL parameters are potentially logged and saved into browser hiβ¦
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code reβ¦
7.6
CVE-2025-31499 - Jellyfin Vulnerable to Argument Injection in FFmpeg
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. This vulnerability was previously reported in CVE-2023-49β¦
6.9
CVE-2025-24487 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.
6.5
CVE-2025-30740 -
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOβ¦
5.7
CVE-2025-30737 -
Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Smart View for Office. β¦
7.4
CVE-2025-30736 -
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacksβ¦