6.5
CVE-2025-3028 - Use-after-free triggered by XSLTProcessor
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
7.8
CVE-2025-1659 - DWFX File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1658 - DWFX File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
8.1
CVE-2025-3085 - MongoDB Server running on Linux may allow unexpected connections where intermediate certificates arβ¦
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to impropeβ¦
6.5
CVE-2025-30177 - Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering
Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow cβ¦
6.5
CVE-2025-3084 - MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server β¦
7.5
CVE-2025-3083 - Malformed MongoDB wire protocol messages may cause mongos to crash
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, Β MongoDB v6.0 versions prior toΒ 6.0.20 and MongoDB v7.0 versions prior to 7.0.β¦
9.8
CVE-2025-2237 - WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an β¦
9.8
CVE-2024-13553 - SMS Alert Order Notifications β WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Eβ¦
The SMS Alert Order Notifications β WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possiβ¦
6.4
CVE-2025-2906 - Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sβ¦
The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contβ¦