5.3
CVE-2025-13403 - Employee Spotlight β Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization tβ¦
The Employee Spotlight β Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee_spotlight_check_optin() function in all versions up to, and including, 5.1.3. This makes it possiblβ¦
7
CVE-2025-13970 - OpenPLC_V3 Cross-Site Request Forgery
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC sβ¦
6.9
CVE-2025-14585 - itsourcecode COVID Tracking System page sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and coulβ¦
6.9
CVE-2025-14584 - itsourcecode COVID Tracking System Admin Login login.php sql injection
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosedβ¦
5.3
CVE-2025-67749 - PCSX2 has an Out-of-bounds Read due to unchecked offset and size passed to memcpy
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. β¦
6.3
CVE-2025-67721 - Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reuβ¦
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafβ¦
6.9
CVE-2025-14583 - campcodes Online Student Enrollment System register.php unrestricted upload
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be useβ¦
5.1
CVE-2025-14582 - campcodes Online Student Enrollment System index.php unrestricted upload
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is nowβ¦
7.1
CVE-2025-14611 - Gladinet CentreStack and TrioFox Hard Coded AES Keys
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted requβ¦
0.0
CVE-2025-43518 -
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.