5.3
CVE-2023-37413 - IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
5.9
CVE-2023-37398 - IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
4.4
CVE-2023-37412 - IBM Aspera Faspex improper access control
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
4.4
CVE-2025-24792 - Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error
Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conβ¦
4.3
CVE-2025-24374 - Twig fixes a security issue where escaping was missing when using null coalesce operator (??)
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
2.1
CVE-2024-54462 - Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites
The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potenβ¦
2.1
CVE-2024-54461 - Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites
The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could poβ¦
8.1
CVE-2024-41140 - Improper Authorization
Zohocorp ManageEngine Applications Manager versionsΒ 174000 and prior are vulnerable to the incorrect authorization in the update user function.
6.4
CVE-2025-0353 - Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Wβ¦
The Divi Torque Lite β Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thisβ¦
6.4
CVE-2024-13561 - Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bβ¦
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦