Common Vulnerabilities and Exposures (CVE)
CVE-2025-66588
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
CVE-2025-49347
Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1.
CVE-2025-14326
Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146.
CVE-2025-66589
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose informatio...
CVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146.
CVE-2025-49351
Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1.
CVE-2025-36917
In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed f...
CVE-2025-65295
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to ...
CVE-2025-36912
In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-14330
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
CVE-2025-14321
Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
CVE-2025-67526
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through < 4.4.6.
CVE-2025-63895
An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.
CVE-2025-65512
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-b...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application...