CVE-2025-20375 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20376

The collection shows CVE-2025-20376 affecting Cisco Unified CCX web UI, due to insufficient input validation in the file upload mechanism. An authenticated, remote attacker could upload a malicious file via the web UI and execute arbitrary commands on the underlying system, with potential privile...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

PT-2025-45132

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989551 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedfexecutetmf non-preemptible Stop calling smpprocessorid from preemptible code...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

EUVD-2025-37400

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...

EUVD-2025-37390

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

CVE-2025-64348 ELOG configuration file authorization bypass

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...

CVE-2025-64348

CVE-2025-64348 affects ELOG (ELOG

MAL-2025-49307 Malicious code in sechub-openapi-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa5b3dc481ba626b038be55ed5cb344e32dc983f53f2b83fc1b9f6293a3a493 The package sechub-openapi-typescript was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-36993

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

EUVD-2025-36709

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

MAL-2025-49246 Malicious code in json-schema-to-typescript-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148a68690ce752d3b4d67269d4cdd05066913f5abbc344c7f7bf9ac550af794b The package json-schema-to-typescript-example was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg, which originates from the dnnexecutemodeltf function in the libavfilter/dnnbackendtf.c source file that releases a task object multiple times in...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE versions 17.6.0 to before 18.3.5,...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...