7.8
CVE-2025-1883 - Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJΓΒ file.
4.5
CVE-2025-4166 - Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, isβ¦
9.8
CVE-2025-3927 - CVE-2025-3927
Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices.
9.9
CVE-2025-2605 - Authenticated command injection
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most β¦
7.5
CVE-2025-4204 - Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'
The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the βauction_idβ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fβ¦
6.1
CVE-2025-2488 - XSS in Profelis Informatics' SambaBox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.
9.8
CVE-2025-2421 - Remote Code Execution in Profelis Informatics' SambaBox
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.
6.1
CVE-2025-1301 - Reflected XSS in Yordam Informatics' Library Automation System
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yordam Informatics Library Automation System allows Reflected XSS.This issue affects Library Automation System: before 21.6.
7.8
CVE-2025-0427 - Mali GPU Kernel Driver allows access to already freed memory
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Biβ¦
7.8
CVE-2025-0072 - Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driverβ¦