6.9
CVE-2025-2705 - Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosβ¦
4.4
CVE-2025-23204 - GraphQl securityAfterResolver not called
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when thβ¦
9.3
CVE-2023-25610 -
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, versioβ¦
6.9
CVE-2021-26091 -
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their β¦
4.3
CVE-2025-0256 - HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
6.4
CVE-2021-26105 -
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.
6.5
CVE-2025-1558 - Denial of Service Via Malicious GIF
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.
5.9
CVE-2025-30623 - WordPress wA11y β The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y β The Web Accessibility Toolbox wa11y allows Stored XSS.This issue affects wA11y β The Web Accessibility Toolbox: from n/a through <= 1.0.3.
7.1
CVE-2025-30621 - WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.
7.1
CVE-2025-30620 - WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= 1.1.0.