CVE Brief Security Intelligence

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and including, 16

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file

ABC Fine Wine & Spirits Android App version v

AdForest - Classified Android App version 4

Senza: Keto & Fasting Android App version 2

2nd Line Android App version v1

Kanova Android App version 1

AG Life Logger Android App version v1

Mobile Scanner Android App version 2

Dell Unity, version(s) 5

Dell Unity, version(s) 5

Dell Unity, version(s) 5

Dell Unity, version(s) 5

Dell Unity, version(s) 5

Dell Unity, version(s) 5

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

SQL injection in Revive Adserver 6

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K

Each Italy Wireless Mini Router WIRELESS-N 300M v28K

Malicious or unintentional API requests can be used to add significant amount of data to caches

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

A buffer overflow in the UPnP service of Tenda AC8 Hardware v03

An issue in BusinessNext CRMnext v

n8n is an open source workflow automation platform

The service Bizerba Communication Server (BCS) has an unquoted service path

ELOG allows an authenticated user to modify another user's profile

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled

IBM Tivoli Monitoring 6

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted

On a client with an admin user, a Global_Shipping script can be implemented

By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1

Statmatic is a Laravel and Git powered content management system (CMS)

ELOG allows an authenticated user to upload arbitrary HTML files

IBM InfoSphere Information Server 11

DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing

TalkTalk 3

mCarFix Motorists App version 2

IBM Tivoli Monitoring 6

sqls-server/sqls 0

Scrapy versions up to 2

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have

Integer overflow in GameMaker IDE below 2024

Kitware VTK (Visualization Toolkit) up to 9

Totolink LR350 v9

Totolink LR350 v9

Totolink LR350 v9

Totolink LR350 v9

Summer Pearl Group Vacation Rental Management Platform prior to 1

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users

A flaw was identified in the X

A flaw was found in the X

A flaw was discovered in the X

IBM Sterling Connect Direct for Unix 6

FutureNet MA and IP-K series provided by Century Systems Co

JumpServer is an open source bastion host and an operation and maintenance security audit system

Kitware VTK (Visualization Toolkit) through 9

Agno is a multi-agent framework, runtime and control plane

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service