Common Vulnerabilities and Exposures (CVE)
CVE-2025-64656
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-64657
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-43300
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware...
CVE-2025-10089
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) a...
CVE-2025-13284
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-62728
SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call direct...
CVE-2025-9640
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, res...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication che...
CVE-2025-64127
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauth...
CVE-2025-64128
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthe...
CVE-2025-13084
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.
CVE-2025-65669
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
CVE-2025-65966
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been ...
CVE-2025-65676
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.
CVE-2025-66028
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parame...