Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Jan 1, 2026 11:40:16 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2026-0544

Jan 1, 2026 09:02:10 UTC

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

CVE-2025-15214

Jan 1, 2026 08:56:43 UTC

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be p...

CVE-2025-11157

Jan 1, 2026 07:03:57 UTC

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability ar...

CVE-2025-13820

Jan 1, 2026 06:00:03 UTC

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an accoun...

CVE-2025-12245

Jan 1, 2026 04:55:24 UTC

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl le...

CVE-2025-14424

Jan 1, 2026 04:55:24 UTC

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in ...

CVE-2025-14423

Jan 1, 2026 04:55:23 UTC

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln...

CVE-2025-14422

Jan 1, 2026 04:55:22 UTC

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability i...

CVE-2025-69413

Jan 1, 2026 04:43:13 UTC

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

CVE-2025-69412

Dec 31, 2025 23:36:14 UTC

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default ...

CVE-2025-67711

Dec 31, 2025 22:18:57 UTC

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the...

CVE-2025-67710

Dec 31, 2025 22:18:17 UTC

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the...

CVE-2025-67709

Dec 31, 2025 22:17:41 UTC

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the...

CVE-2025-67708

Dec 31, 2025 22:17:08 UTC

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the...