6.5
CVE-2025-25510 -
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.
8.4
CVE-2025-27088 - Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trustedโฆ
5.1
CVE-2025-27097 - Cache variables with the operations when transforms exist on the root level even if variables changโฆ
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transfoโฆ
5.8
CVE-2025-27098 - Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTโฆ
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any clieโฆ
2.3
CVE-2025-25299 - Cross-site scripting (XSS) in the real-time collaboration package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within โฆ
9.8
CVE-2025-24893 - Remote code execution as guest via SolrSearchMacros request in xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproducโฆ
8.7
CVE-2025-0352 - Rapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled Key
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.
9.4
CVE-2025-1265 - Elseta Vinci Protocol Analyzer OS Command Injection
An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.
9.4
CVE-2025-27096 - SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA
WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive infoโฆ
7
CVE-2025-26618 - SSH SFTP packet size not verified properly in Erlang OTP
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet sizeโฆ