CVE Brief Security Intelligence

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE)

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Use after free in V8 in Google Chrome prior to 140

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion

Adacore Ada Web Server (AWS) before 25

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2

phpgurukul Complaint Management System 2

Inappropriate implementation in Extensions in Google Chrome prior to 140

Figma Desktop for Windows version 125

Out-of-bounds Write vulnerability in libaudiosaplus_sec

Out-of-bounds Write vulnerability in libaudiosaplus_sec

In phpgurukul Doctor Appointment Management System 1

The mikecao/flight PHP framework in versions prior to v1

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP)

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1

Improper Input Validation vulnerability in Apache DolphinScheduler

Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

SSH dissector crash in Wireshark 4

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints

ESPHome is a system to control microcontrollers remotely through Home Automation systems

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures

There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab

There is a deserialization of untrusted data vulnerability in Digilent DASYLab

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection

A vulnerability was determined in Tenda CH22 1

A vulnerability was identified in Tenda CH22 1

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs

Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities

IBM Transformation Advisor 2

Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection

A weakness has been identified in alaneuler batteryKid up to 2

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab

There is an out of bounds write vulnerability due to improper bounds checking in displ2

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab

There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab

Realtek RTL8811AU rtwlanu

In multiple functions of Permissions

In FuseDaemon

In onCreate of ChooserActivity

In multiple locations, there is a possible confused deputy due to Intent Redirect

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code

In hasInteractAcrossUsersFullPermission of AppInfoBase

In canForward of IntentForwarderActivity

In handleKeyGestureEvent of PhoneWindowManager

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code

In afterKeyEventLockedInterruptable of InputDispatcher

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured

An issue was discovered in rust-ffmpeg 0

An issue was discovered in rust-ffmpeg 0

An issue was discovered in rust-ffmpeg 0

An issue was discovered in rust-ffmpeg 0

An issue was discovered in rust-ffmpeg 0

In ParseTag of dng_ifd

Tenda AC8 v16

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log

A vulnerability was found in Campcodes Farm Management System 1

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1

A vulnerability was detected in SourceCodester Online Farm Management System 1

A vulnerability was determined in itsourcecode Student Information Management System 1

In multiple functions of ConnectionServiceWrapper

In finishTransition of Transition

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack

In onCreate of NotificationAccessConfirmationActivity

In onLastAccessedStackLoaded of ActionHandler

A vulnerability was identified in itsourcecode Student Information Management System 1

A security flaw has been discovered in itsourcecode Student Information Management System 1

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1

Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing

A vulnerability was identified in 1000projects Beauty Parlour Management System 1

A vulnerability has been found in projectworlds Travel Management System 1

A vulnerability was found in projectworlds Travel Management System 1

A vulnerability was determined in projectworlds Travel Management System 1

A vulnerability was identified in projectworlds Travel Management System 1

A security flaw has been discovered in projectworlds Travel Management System 1