Vulnerability Details

CVE-2025-26168 • published on May 7, 2025 IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.

CVE-2025-29152 • published on May 7, 2025 Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, Decision Level Registration, Perspective Registration, Company Group Registration, Company Registration, News Registration, Employee Editing, Goal Team Registration, Learning Resource Type Registration, Learning Resource Family Registration, Learning Resource Supplier Registration, and Cycle Maintenance.

CVE-2025-29153 • published on May 7, 2025 SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions.

CVE-2025-29154 • published on May 7, 2025 HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/, .galera.app/escolaridade/listagem/, .galera.app/estados_civis/cadastro/, .galera.app/nivel_hierarquico/listagem/, .galera.app/nivel_decisorio/cadastro/, .galera.app/escolaridade/cadastro/, .galera.app/nivel_decisorio/listagem/, .galera.app/rh/cadastros/perspectivas/listagem/, .galera.app/empresas_grupo/cadastro/, .galera.app/empresas/edicao/, .galera.app/liais/listagem/, .galera.app/noticias/listagem/, .galera.app/gerenciamento-de-ciclo/abertura/cadastrar, .galera.app/colaborador/cadastro/cursos/adc/edicao/, .galera.app/colaborador/cadastro/adc/, .galera.app/cads_aux/escalact/, .galera.app/ncf/tec/cadastro/ct/ .galera.app/rh/metas/painel/, .galera.app/rh/metas/equipe/edicao/, .galera.app/rh/pdi/tipo_recursos/edicao/, .galera.app/rh/pdi/familia_recursos/cadastro/, .galera.app/rh/pdi/fornecedores/edicao/, and .galera.app/rh/pdi/recursos/cadastro/ components.

CVE-2025-29448 • published on May 7, 2025 Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

CVE-2025-29602 • published on May 7, 2025 flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.

CVE-2025-29746 • published on May 7, 2025 Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components

CVE-2025-45388 • published on May 7, 2025 Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been well documented that when serving uploaded files using a method outside of Wagtail (which admittedly is the default), it requires additional configuration from the developer, because Wagtail cannot control how these are served. ... For example, if a Wagtail instance is configured to upload files into AWS S3, Wagtail cannot control the permissions on how they're served, nor any headers used when serving them (a limitation of S3)."

CVE-2025-45514 • published on May 7, 2025 Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.

CVE-2025-47203 • published on May 7, 2025 dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

CVE-2025-47423 • published on May 7, 2025 Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

CVE-2025-0856 • published on May 6, 2025 The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.

CVE-2025-0855 • published on May 6, 2025 The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE-2025-4372 • published on May 6, 2025 Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-47420 • published on May 6, 2025 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

CVE-2025-0853 • published on May 6, 2025 The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2025-47419 • published on May 6, 2025 Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

CVE-2025-46573 • published on May 6, 2025 passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

CVE-2025-0649 • published on May 6, 2025 Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

CVE-2025-46572 • published on May 6, 2025 passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Recent Vulnerabilities