6.5
CVE-2025-3107 - Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the โorderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible โฆ
8.8
CVE-2025-4473 - Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Taโฆ
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends โฆ
0.0
CVE-2025-4642 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.8
CVE-2025-4632 -
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
6.5
CVE-2025-4478 - Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denโฆ
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. โฆ
3
CVE-2025-22246 - CVE-2025-22246 โ UAA Private Key Exposure
Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
8.2
CVE-2025-22249 - VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerabiliโฆ
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.ย A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
7.5
CVE-2025-4396 - Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection
The Relevanssi โ A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient prepaโฆ
7
CVE-2025-35471 - conda-forge openssl-feedstock writable OPENSSLDIR
conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary coโฆ
7.7
CVE-2025-43011 - Missing Authorization Check in SAP Landscape Transformation (PCL Basis)
Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availabilityโฆ