6.6
CVE-2025-30212 - Frappe has possibility of SQL injection due to improper validations
Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no oβ¦
7.8
CVE-2025-2532 - Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability
Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a maliciousβ¦
7.8
CVE-2025-2531 - Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit β¦
7.8
CVE-2025-2530 - Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must vβ¦
4.8
CVE-2024-55604 - Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a liβ¦
7.8
CVE-2025-22230 - Authentication bypass vulnerability
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.Β A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
6.5
CVE-2025-27631 -
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
4.1
CVE-2025-29932 -
In JetBrains GoLand before 2025.1 an XXE during debugging was possible
6.1
CVE-2025-27633 -
The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.
8.7
CVE-2025-1445 -
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are conβ¦