3.5
CVE-2025-30259 -
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with β¦
2.7
CVE-2025-30258 - gnupg: verification DoS due to a malicious subkey in the keyring
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
8.3
CVE-2024-55551 -
An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.
8.3
CVE-2025-30234 -
SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26).
8.8
CVE-2024-12563 - s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Executionβ¦
The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the servβ¦
6
CVE-2025-27080 - Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involβ¦
4.3
CVE-2025-25042 - Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Iβ¦
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized accessβ¦
3.3
CVE-2025-25040 - Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originaβ¦
6.9
CVE-2025-29930 - imFAQ allows local file inclusion in seo.php
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could allow an attacker to β¦
8.7
CVE-2025-29907 - jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that rβ¦