7.5
CVE-2025-3600 - Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
6
CVE-2025-47436 - Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory cor…
9.8
CVE-2025-47445 - WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.
5.3
CVE-2025-3769 - Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to missing validation on a user controlled key. This makes it possib…
8.1
CVE-2025-3834 - SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
8.1
CVE-2025-3833 - SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
9.5
CVE-2025-47292 - Cap Collectif vulnerable to insecure deserialization leading to remote code execution
Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this v…
7.5
CVE-2025-26864 - Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version…
7.5
CVE-2025-26795 - Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3…
9.8
CVE-2024-24780 - Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes …