Common Vulnerabilities and Exposures (CVE)
CVE-2025-10607
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. T...
CVE-2025-59339
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and...
CVE-2025-59341
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server...
CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML...
CVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-48807
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2025-53773
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2025-49736
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49707
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVE-2025-55231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49755
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53787
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53774
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability