Common Vulnerabilities and Exposures (CVE)
CVE-2025-24334
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
CVE-2025-45006
Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.
CVE-2025-24328
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier ...
CVE-2025-24329
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with ver...
CVE-2025-24335
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No prac...
CVE-2024-46993
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functi...
CVE-2025-6081
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If a...
CVE-2025-6934
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is du...
CVE-2025-41648
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
CVE-2025-6756
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and out...
CVE-2025-36630
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVE-2025-5063
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-52925
In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
CVE-2025-5692
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, ...
CVE-2025-4689
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQ...