| CVE-2025-27153 | Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11. | medium |
| CVE-2025-27026 | A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control. | medium |
| CVE-2025-27025 | The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method. | high |
| CVE-2025-27024 | Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. | medium |
| CVE-2025-27023 | Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way. | medium |
| CVE-2025-27022 | A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service. | high |
| CVE-2025-27021 | The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address. | high |
| CVE-2025-26683 | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | critical |
| CVE-2025-26639 | Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-26637 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | medium |
| CVE-2025-26635 | Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | medium |
| CVE-2025-26634 | Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. | high |
| CVE-2025-26631 | Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-26630 | Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-2540 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-2537 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-25205 | Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue. | high |
| CVE-2025-24997 | Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. | medium |
| CVE-2025-24996 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-24995 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24994 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24992 | Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. | medium |
| CVE-2025-24717 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4. | high |
| CVE-2025-24335 | Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue. | low |
| CVE-2025-24334 | The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network. | low |
| CVE-2025-24333 | Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file. | medium |
| CVE-2025-24332 | Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity boards using the internal bsoc SSH service, which is available only internally within the baseband and through the internal backplane between the boards. The bsoc SSH allows login from one board to another via the baseband internal backplane using an SSH private key present on the baseband system board. This bsoc SSH capability was previously considered an administrative functionality but has now been restricted to be available only to baseband root-privileged administrators. This restriction mitigates the possibility of misuse with lower-level privileges (e.g., from baseband software images). This mitigation is included starting from release 23R4-SR 3.0 MP and later | high |
| CVE-2025-24331 | The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later. Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary. | medium |
| CVE-2025-24330 | Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue. | medium |
| CVE-2025-24329 | Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue. | medium |
| CVE-2025-24328 | Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service. | medium |
| CVE-2025-24074 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24073 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24071 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-24067 | Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24062 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24061 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | high |
| CVE-2025-24060 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-24053 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | high |
| CVE-2025-24045 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-24043 | Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network. | high |
| CVE-2025-24035 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-23225 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | medium |
| CVE-2025-23082 | Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | high |
| CVE-2025-2141 | IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | medium |
| CVE-2025-21399 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | high |
| CVE-2025-21247 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | medium |
| CVE-2025-21222 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-21180 | Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-20310 | A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. | medium |
