5.3
CVE-2025-2916 - Aishida Call Center System amr2mp3 command injection
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotelyβ¦
4.8
CVE-2025-2915 - HDF5 H5Faccum.c H5F__accum_free heap-based overflow
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dβ¦
4.8
CVE-2025-2914 - HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit β¦
4.8
CVE-2025-2913 - HDF5 H5FL.c H5FL__blk_gc_list use after free
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been discβ¦
4.8
CVE-2025-2912 - HDF5 H5Omessage.c H5O_msg_flush heap-based overflow
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The expβ¦
6.8
CVE-2025-2713 - Improper File Permission Handling in Google gVisor runsc
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
4.3
CVE-2025-31010 - WordPress SimplyRETS Real Estate IDX plugin <= 3.0.5 - CSRF to Multiple Admin Actions vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5.
7.1
CVE-2025-22767 - WordPress GlobalPayments WooCommerce Plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Reflected XSS.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.13.2.
7.1
CVE-2025-22575 - WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
7.1
CVE-2025-22566 - WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb ULTIMATE VIDEO GALLERY ultimate-gallery allows Reflected XSS.This issue affects ULTIMATE VIDEO GALLERY: from n/a through <= 1.4.