6.5
CVE-2025-3599 - Symantec Endpoint Protection Elevation of Privilege
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.
4.3
CVE-2025-3859 - Firefox Focus elide URL allows address bar spoofing
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.
4.8
CVE-2025-32376 - Discourse DM limits arenβt always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable verβ¦
8.6
CVE-2025-46342 - Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error prβ¦
8.8
CVE-2025-27134 - Privilege escalation in Joplin server via user patch endpoint
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` tβ¦
7.5
CVE-2025-27409 - Joplin Server Vulnerable to Path Traversal
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` functiβ¦
9.1
CVE-2025-32973 - org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentCβ¦
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contaiβ¦
9.1
CVE-2025-32974 - org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't β¦
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page likβ¦
2.7
CVE-2025-32972 - The lesscss script service allows cache clearing without programming right
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making β¦
3.8
CVE-2025-32971 - XWiki Solr script service doesn't take dropped programming right into account
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's scβ¦