Common Vulnerabilities and Exposures (CVE)

CVE-2025-11953

Dec 4, 2025 04:55:13 UTC

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attacke...

CVE-2025-11727

Dec 4, 2025 04:29:01 UTC

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1.3.65 due to i...

CVE-2025-11379

Dec 4, 2025 04:29:00 UTC

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct acce...

CVE-2025-66293

Dec 4, 2025 01:31:47 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to...

CVE-2025-62173

Dec 3, 2025 23:14:56 UTC

## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API

CVE-2025-12819

Dec 3, 2025 22:38:58 UTC

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

CVE-2025-61727

Dec 3, 2025 22:06:17 UTC

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from cla...

CVE-2017-5130

Dec 3, 2025 22:02:32 UTC

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

CVE-2017-6519

Dec 3, 2025 21:57:30 UTC

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause informa...

CVE-2017-7375

Dec 3, 2025 21:49:54 UTC

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, th...

CVE-2025-13086

Dec 3, 2025 21:49:07 UTC

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating ...

CVE-2025-66489

Dec 3, 2025 21:48:27 UTC

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. ...

CVE-2025-65097

Dec 3, 2025 21:47:55 UTC

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directl...

CVE-2025-65096

Dec 3, 2025 21:47:22 UTC

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users ...

CVE-2025-12385

Dec 3, 2025 21:46:42 UTC

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This i...