7.8
CVE-2025-21127 - Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrarβ¦
7.7
CVE-2025-0474 - Invoice Ninja PDF Rendering Server Side Request Forgery
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.
8.7
CVE-2025-23042 - Gradio Blocked Path ACL Bypass Vulnerability
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. Thisβ¦
3.5
CVE-2025-23073 - API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets pβ¦
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWikiβs GlobalBlocking Extension.
2.1
CVE-2024-50349 - Git does not sanitize URLs when asking for credentials interactively
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for whicβ¦
2.1
CVE-2024-52006 - Newline confusion in credential helpers can lead to credential exfiltration in git
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (mostβ¦
5.4
CVE-2025-23072 - XSS in Special:RefreshSpecial
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X bβ¦
7.4
CVE-2024-50338 - Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credβ¦
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts thβ¦
8.8
CVE-2025-21245 - Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
8.8
CVE-2025-21409 - Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability