CVE Brief Security Intelligence

Adobe Experience Manager versions 6

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3

Dell ECS versions prior to 3

Dell Avamar, versions prior to 19

Dell Unity, version(s) 5

Dell Unity, version(s) 5

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7

Dell Enterprise SONiC OS, version 4

Dell Unity, version(s) 5

Dell Digital Delivery, versions prior to 5

CyberGhostVPNSetup

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol

Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory

RUCKUS Network Director (RND) before 4

Certain Draytek products are affected by Insecure Configuration

Ruckus SmartZone (SZ) before 6

RUCKUS SmartZone (SZ) before 6

Cursor is a code editor built for programming with AI

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases

Cursor is a code editor built for programming with AI

LibreChat is a ChatGPT clone with additional features

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2

An issue was discovered on FIRSTNUM JC21A-04 devices through 2

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image