6.9
CVE-2025-32378 - Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered β¦
9.8
CVE-2025-32375 - Insecure Deserialization leads to RCE in BentoML's runner server
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbβ¦
5.9
CVE-2025-32374 - Possible Denial of Service (DoS) in DNN.PLATFORM registration
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.
6.5
CVE-2025-32373 - DNN allows a registered user to enumerate and access files they should not have access to
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.
6.5
CVE-2025-32372 - Server-Side Request Forgery (SSRF) in DotNetNuke.Core
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including intβ¦
4.3
CVE-2025-32371 - Unexpected external content may be displayed in DNN ImageHandler
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think thatβ¦
6.8
CVE-2025-27391 - Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties areΒ logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has theΒ debug level enabled. This issue affects Apache ActiveMQ Artemis: fromβ¦
4.9
CVE-2025-25023 - IBM Security Guardium information disclosure
IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.
5.4
CVE-2023-33844 - IBM Security Verify Governance cross-site scripting
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
7.7
CVE-2025-1968 -
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,β¦