7.5
CVE-2024-55567 -
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary cβ¦
6.1
CVE-2025-6035 - Gimp: gimp integer overflow
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently perforβ¦
5.4
CVE-2025-29744 -
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
9.2
CVE-2025-30085 - Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.β¦
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
6.7
CVE-2025-32466 - Extension - rsjoomla.com - SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 fβ¦
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fielβ¦
8.5
CVE-2025-32465 - Extension - rsjoomla.com - Stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomβ¦
A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
0.0
CVE-2025-6010 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.9
CVE-2025-49150 - Cursor Agent Potentially Leaks Information using JSON schema
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent cβ¦
9.8
CVE-2025-40912 - CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed uniβ¦
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
5.3
CVE-2025-0923 - IBM Cognos Analytics information disclosure
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.