| CVE-2025-49796 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | critical |
| CVE-2025-49795 | A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | high |
| CVE-2025-49794 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. | critical |
| CVE-2025-49596 | The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. | critical |
| CVE-2025-49015 | The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default. | medium |
| CVE-2025-49003 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available. | high |
| CVE-2025-48923 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1. | medium |
| CVE-2025-48922 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16. | medium |
| CVE-2025-48921 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. | high |
| CVE-2025-48470 | Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation. | medium |
| CVE-2025-48469 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation. | critical |
| CVE-2025-48468 | Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware. | medium |
| CVE-2025-48467 | Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability. | medium |
| CVE-2025-48466 | Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks. | high |
| CVE-2025-48463 | Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering. | low |
| CVE-2025-48462 | Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product. | medium |
| CVE-2025-48461 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords. | medium |
| CVE-2025-48270 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks allows DOM-Based XSS. This issue affects SKT Blocks: from n/a through 2.2. | medium |
| CVE-2025-48263 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22. | medium |
| CVE-2025-4799 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory. | high |
| CVE-2025-4798 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files. | medium |
| CVE-2025-47977 | Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | high |
| CVE-2025-47969 | Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. | medium |
| CVE-2025-47968 | Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-47962 | Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-47957 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47956 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | medium |
| CVE-2025-47955 | Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-47953 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47682 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2. | critical |
| CVE-2025-47204 | An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | medium |
| CVE-2025-47175 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47174 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47173 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47172 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-47171 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | medium |
| CVE-2025-47170 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47169 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47168 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47167 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47166 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-47165 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47164 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47163 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-47162 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-47160 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | medium |
| CVE-2025-46718 | sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability. | low |
| CVE-2025-46717 | sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability. | low |
| CVE-2025-46647 | A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3. Multiple issuers share the same private key and relies only on the issuer being different If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer. This issue affects Apache APISIX: until 3.12.0. Users are recommended to upgrade to version 3.12.0 or higher. | medium |
| CVE-2025-45835 | A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | high |
