Common Vulnerabilities and Exposures (CVE)

CVE-2025-62497

Nov 25, 2025 04:37:08 UTC

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.

CVE-2025-64304

Nov 25, 2025 04:27:35 UTC

"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.

CVE-2025-10646

Nov 25, 2025 03:27:43 UTC

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible ...

CVE-2025-6389

Nov 25, 2025 02:26:49 UTC

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then pas...

CVE-2025-59373

Nov 25, 2025 02:03:36 UTC

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially...

CVE-2025-65951

Nov 25, 2025 00:30:14 UTC

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire W...

CVE-2025-65944

Nov 25, 2025 00:23:53 UTC

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP header...

CVE-2023-41419

Nov 25, 2025 00:11:09 UTC

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

CVE-2025-64761

Nov 25, 2025 00:01:17 UTC

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's perm...

CVE-2025-9803

Nov 25, 2025 00:00:35 UTC

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is c...

CVE-2025-62155

Nov 24, 2025 23:56:52 UTC

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and st...

CVE-2025-65018

Nov 24, 2025 23:50:18 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng sim...

CVE-2025-64720

Nov 24, 2025 23:45:38 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_co...

CVE-2025-64506

Nov 24, 2025 23:41:09 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_wr...

CVE-2025-64505

Nov 24, 2025 23:38:40 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize fu...