8.8
CVE-2025-0303 - Liteos_a has a buffer overflow vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
5.5
CVE-2025-0302 - Liteos_a has an integer overflow read vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
9.5
CVE-2025-1077 - Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived productsβ¦
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather).Β The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes tβ¦
7.8
CVE-2025-22880 - Heap-based Buffer Overflow in CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current pβ¦
4.3
CVE-2024-13841 - Builder Shortcode Extras β WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticateβ¦
The Builder Shortcode Extras β WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makβ¦
6.1
CVE-2024-13492 - Guten Free Options <= 0.9.5 - Reflected XSS
The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13352 - Legull <= 1.2.2 - Reflected XSS
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.5
CVE-2025-1072 - Allocation of Resources Without Limits or Throttling in GitLab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.
2.6
CVE-2025-22402 -
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
9.8
CVE-2025-1061 - Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthentβ¦