Total
302532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3428 | 1 Wp3dprinting | 1 3dprint Lite | 2025-07-10 | N/A | 4.9 MEDIUM |
| The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-3427 | 1 Wp3dprinting | 1 3dprint Lite | 2025-07-10 | N/A | 4.9 MEDIUM |
| The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-7363 | 2025-07-10 | N/A | 5.4 MEDIUM | ||
| The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript. This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-7362 | 2025-07-10 | N/A | 5.4 MEDIUM | ||
| The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-6019 | 2025-07-10 | N/A | 7.0 HIGH | ||
| A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. | |||||
| CVE-2025-53479 | 2025-07-10 | N/A | 5.4 MEDIUM | ||
| The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki - CheckUser extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-52996 | 1 Filebrowser | 1 Filebrowser | 2025-07-10 | N/A | 3.1 LOW |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available. | |||||
| CVE-2025-32722 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-32721 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 7.3 HIGH |
| Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32718 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-10 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32716 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32714 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.8 HIGH |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32713 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32712 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.8 HIGH |
| Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32710 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-10 | N/A | 8.1 HIGH |
| Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29828 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-10 | N/A | 8.1 HIGH |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-52997 | 1 Filebrowser | 1 Filebrowser | 2025-07-10 | N/A | 5.9 MEDIUM |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1. | |||||
| CVE-2025-53004 | 1 Dataease | 1 Dataease | 2025-07-10 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. | |||||
| CVE-2025-3467 | 1 Langgenius | 1 Dify | 2025-07-10 | N/A | 5.4 MEDIUM |
| An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker. | |||||
| CVE-2025-5537 | 1 Fooplugins | 1 Foobox | 2025-07-10 | N/A | 6.4 MEDIUM |
| The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||