CVE Brief Security Intelligence

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1

Jenkins Credentials Binding Plugin 687

Jenkins Git Parameter Plugin 439

Headlamp is an extensible Kubernetes web UI

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet

The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation

A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations

Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own

A vulnerability, which was classified as critical, was found in Tenda O3V2 1

A vulnerability has been found in Tenda O3V2 1

A vulnerability was found in Tenda O3V2 1

A vulnerability was found in Tenda O3V2 1

A vulnerability was found in Tenda O3V2 1

The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1

An issue has been discovered in GitLab CE/EE affecting all versions from 17

Gitk is a Tcl/Tk based Git history browser

Git GUI allows you to use the Git source control management tools via a GUI

The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA)

Git GUI allows you to use the Git source control management tools via a GUI

A directory traversal vulnerability was discovered in White Star Software Protop version 4

The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA)

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA)

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability

A flaw was found in the libxslt library

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management

Trend Micro Security 17

Trend Micro Password Manager (Consumer) version 5

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product

Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere

A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils

Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22

Zimbra Collaboration Suite (ZCS) before 9

Clerk helps developers build user management

A flaw was found in libsoup

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library

Improper certificate validation in Zoom Workplace for Linux before version 6

A vulnerability was found in code-projects LifeStyle Store 1

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1

A vulnerability has been found in Campcodes Payroll Management System 1

A vulnerability was found in Campcodes Payroll Management System 1

A vulnerability was found in Campcodes Payroll Management System 1

A vulnerability was found in Campcodes Payroll Management System 1

A vulnerability was found in code-projects Mobile Shop 1

A vulnerability was found in code-projects LifeStyle Store 1

A vulnerability was found in code-projects LifeStyle Store 1

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to disclose information such as generated power and electricity sold back to the grid stored in the product, tamper with or destroy stored or configured information in the product, or cause a Denial-of-Service (DoS) condition on the product, by using hardcoded user ID and password common to the product series obtained by exploiting CVE-2025-5022