CVE-2025-3692

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2025-22105

CVE-2025-22105 affects the Linux kernel bonding driver. When an XDP program is attached to a bonded interface, changing the bond mode may trigger a warning inside bond_xdp_set. The fix adds a check for the presence of an XDP program when setting bond mode, since some modes (e.g., balance-rr with ...

CVE-2025-39513

Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through = 0.2.46...

HTML Injection

pimcore/admin-ui-classic-bundle is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of the content parameter in the email sending functionality, allowing arbitrary HTML code to be injected into emails...

CVE-2025-3680

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LANG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2025-0101

CVE-2025-0101 involves a 32-bit time overflow on WAGO devices where a low-privilege user can set the system date to January 19, 2038. Affected components are not exhaustively listed in the provided documents, but multiple sources (Red Hat, NVD, CVE listing, and vendor-related enrichments) describ...

PT-2025-16563 · Wago · Cc100 0751-9X01 +12

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A user with low privileges can set the device date to January 19, 2038, exceeding the 32-bit time limit. This causes some functions to behave unexpectedly or stop working altogether, both...

CVE-2025-27008

Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through 1.6.1...

CVE-2025-26953

CVE-2025-26953 is a Missing Authorization vulnerability in Crocoblock JetMenu (JetMenu for Elementor) affecting versions up to and including 2.4.9. The issue allows accessing functionality not constrained by ACLs, with CVSS v3.1 base score 7.5 (Network, Low attack complexity, No privileges requir...

CVE-2025-1292

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NVRead functionality during the Challenge-Response process...

CVE-2025-1122

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NVRead functionality during the Challenge-Response process...

CVE-2025-32949

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading...

CVE-2025-32949

PeerTube is affected by an authenticated resource-exhaustion vulnerability in the User Import feature when handling archives. The issue occurs because the archive-reading library yauzl has no mechanism to detect or prevent Zip Bombs, allowing a Zip Bomb to cause extremely large disk-space consump...

CVE-2025-32948

PeerTube (inbox via ActivityPub) is affected by CVE-2025-32948, where mishandling of Create Activity can be abused to crash the server or trigger blind SSRF by sending crafted ActivityPub activities to the inbox. The vulnerability arises from handling ActivityPub activities in playlists, enabling...

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

CVE-2025-26944 WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through = 2.0.11...

CVE-2025-26942 WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through = 1.5.1...

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

PT-2025-16322 · Jetblog · Jetblog

Name of the Vulnerable Software and Affected Versions: JetBlog versions n/a through 2.4.3 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For JetBlog versions n/a through 2.4.3,...