Common Vulnerabilities and Exposures (CVE)
CVE-2025-48926
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
CVE-2025-48929
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
CVE-2025-48930
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.
CVE-2025-48379
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without che...
CVE-2025-6600
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a u...
CVE-2025-27153
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version...
CVE-2025-46259
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...
CVE-2025-3699
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and pr...
CVE-2025-5194
The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perfo...
CVE-2025-5526
The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user
CVE-2025-53104
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untr...
CVE-2025-6935
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql inj...
CVE-2025-6936
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possibl...
CVE-2021-4457
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
CVE-2025-45081
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.