4.3
CVE-2025-32791 - Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission bacβ¦
3.1
CVE-2025-32789 - EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of theβ¦
3.1
CVE-2025-32787 - SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning Nβ¦
4.7
CVE-2025-32783 - XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from β¦
XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in β¦
10
CVE-2025-32433 - Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor cβ¦
7.8
CVE-2025-25230 -
Omnissa Horizon Client for Windows contains an LPE Vulnerability.Β A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
8.2
CVE-2025-31478 - Zulip Authentication Backend Configuration Bypass
Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requiredβ¦
4.8
CVE-2025-3730 - PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed tβ¦
6.9
CVE-2025-3729 - SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command iβ¦
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os coβ¦
8.8
CVE-2025-3620 -
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)