CVE-2025-12966

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolveimportdirectory function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +15769 more potentially affected by CVE-2025-66418 via urllib3 (>=1.24.0 <=2.5.0)

urllib3 PYPI version =1.24.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 and more Source cves: CVE-2025-66418 Source advisory: SNYK:PYTHON-URLLIB3-14192443...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

AZL-71528 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

Dell PowerScale OneFS 8.2.2 <= 9.4.0.17 / 9.5.0 <= 9.5.0.8 / 9.6.0.0 <= 9.7.0.3 / 9.8.0.0 < 9.8.0.1 Privilege Management (DSA-2024-255)

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by privilege management vulnerability: - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 are affected by a PHP object injection in BxBaseMenuSetAclLevel.php. The profile_id POST parameter is passed to PHP unserialize() without proper handling, enabling remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write...

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +3710 more potentially affected by CVE-2025-65945 via jws (>=3.0.0 <=3.2.2)

jws NPM version =3.0.0, =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jws and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 -...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-13372 via django (>=5.1.0 <=5.1.14)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...

12306-adk-mcp (=0.3.4), 12306-mcp (>=0.3.3 <=0.3.8) +1958 more potentially affected by CVE-2025-66414 via @modelcontextprotocol/sdk (>=1.0.0 <=1.23.1)

@modelcontextprotocol/sdk NPM version =1.0.0, =0.3.3, =1.0.0, =1.14.1, =1.0.0, =1.2.1, =0.1.4, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.3.0, =0.3.6 and more Source cves: CVE-2025-66414 Source advisory: SNYK:JS-MODELCONTEXTPROTOCOLSDK-14171914...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-64460 via django (>=5.1.0 <=5.1.14)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-64460 Source advisory: OSV:PYSEC-2025-109...

EUVD-2025-200263

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34...

CVE-2025-13505 Stored XSS in Datateam's Datactive

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS. This issue affects Datactive: from 2.13.34...

nova-act (>=2.3.18.0 <=3.1.18.0) potentially affected by unknown CVE via strands-agents (=1.14.0)

strands-agents PYPI version =1.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on strands-agents and may be impacted: - nova-act =2.3.18.0, =3.1.18.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-STRANDSAGENTS-14157238...

VulnCheck KEV: CVE-2025-13486

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

ado-vllm-performance (=1.2.2), agentclinic (=0.1.0) +23 more potentially affected by CVE-2025-66448 via vllm (>=0.10.0 <=0.11.0)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.1.5, =1.0.0, =1.2.6 - haerae-evaluation-toolkit =0.1.0 - hedge-bench =0.1.2 and more Source cves: CVE-2025-66448 Source advisory: SNYK:PYTHON-VLLM-14157153...

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

EUVD-2025-200018

Integer Overflow or Wraparound vulnerability in Avast Antivirus 25.1.981.6 on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3...

CVE-2025-13129

The CVE-2025-13129 entry describes an Improper Enforcement of Behavioral Workflow vulnerability in the Onaylarım system from Seneka Software (Seneka Onaylarım). Affects Onaylarım versions 25.09.26.01 through 18112025 and enables Functionality Misuse due to incorrect behavioral workflow enforcemen...