| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-52089 | A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.5... | | |
| CVE-2025-52101 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT aut... | | |
| CVE-2025-52207 | PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PH... | | |
| CVE-2025-52294 | Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proxima... | | |
| CVE-2025-52357 | Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-... | | |
| CVE-2025-52364 | Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (t... | | |
| CVE-2025-52434 | Apache Tomcat: APR/Native Connector crash leading to DoS | | |
| CVE-2025-52437 | Rejected reason: Not used... | R | |
| CVE-2025-52438 | Rejected reason: Not used... | R | |
| CVE-2025-52439 | Rejected reason: Not used... | R | |
| CVE-2025-52440 | Rejected reason: Not used... | R | |
| CVE-2025-52441 | Rejected reason: Not used... | R | |
| CVE-2025-52442 | Rejected reason: Not used... | R | |
| CVE-2025-52443 | Rejected reason: Not used... | R | |
| CVE-2025-52444 | Rejected reason: Not used... | R | |
| CVE-2025-52445 | Rejected reason: Not used... | R | |
| CVE-2025-52459 | Advantech iView Argument Injection | S | |
| CVE-2025-52462 | Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.0600856... | | |
| CVE-2025-52463 | Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earli... | | |
| CVE-2025-52464 | Meshtastic Repeated Public and Private Keypairs | | |
| CVE-2025-52467 | pgai secrets exfiltration via `pull_request_target` | | |
| CVE-2025-52471 | ESP-NOW Integer Underflow Vulnerability Advisory | | |
| CVE-2025-52473 | liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 | | |
| CVE-2025-52474 | WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint | E S | |
| CVE-2025-52477 | Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow | | |
| CVE-2025-52479 | HTTP.jl vulnerable to CR/LF Injection in URIs | | |
| CVE-2025-52480 | Registrator.jl Argument Injection Vulnerability | | |
| CVE-2025-52483 | Registrator.jl Vulnerable to Argument Injection and Command Injection | | |
| CVE-2025-52484 | RISC Zero zkVM Underconstrained Vulnerability | | |
| CVE-2025-52485 | DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed | | |
| CVE-2025-52486 | DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects | | |
| CVE-2025-52487 | DNN.PLATFORM possibly allows bypass of IP Filters | | |
| CVE-2025-52488 | DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input | | |
| CVE-2025-52491 | Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.... | | |
| CVE-2025-52492 | A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware ... | | |
| CVE-2025-52496 | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occu... | E | |
| CVE-2025-52497 | Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_bu... | | |
| CVE-2025-52520 | Apache Tomcat: DoS via integer overflow in multipart file upload | | |
| CVE-2025-52521 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vu... | | |
| CVE-2025-52542 | ... | R | |
| CVE-2025-52552 | FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS | | |
| CVE-2025-52553 | authentik has Insufficient Session verification for Remote Access Control endpoint access | | |
| CVE-2025-52554 | n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows | | |
| CVE-2025-52555 | CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS | | |
| CVE-2025-52556 | rfc3161-client has insufficient verification for timestamp response signatures | | |
| CVE-2025-52557 | Mail-0 Zero Session Hijacking Via Email | | |
| CVE-2025-52558 | ChangeDetection.io XSS in watch overview | | |
| CVE-2025-52559 | Zulip XSS in digest preview URL | | |
| CVE-2025-52560 | Kanboard Password Reset Poisoning via Host Header Injection | | |
| CVE-2025-52561 | HTMLSanitizer.jl Possible XSS | | |
| CVE-2025-52562 | Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution | | |
| CVE-2025-52566 | llama.cpp tokenizer signed vs. unsigned heap overflow | E | |
| CVE-2025-52568 | NeKernal Multiple Memory Corruption Vulnerabilities in mkfs.hefs | | |
| CVE-2025-52569 | GitHub.jl lacks validation for user-provided fields | | |
| CVE-2025-52570 | Letmein connection limiter allows an arbitrary amount of simultaneous connections | | |
| CVE-2025-52571 | Hikka vulnerable to RCE through edits in a channel | | |
| CVE-2025-52572 | Hikka vulnerable to RCE through dangling web interface | | |
| CVE-2025-52573 | Command Injection in MCP Server ios-simulator-mcp | | |
| CVE-2025-52574 | SysmonElixir path traversal in /read endpoint allows arbitrary file read | | |
| CVE-2025-52576 | Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass | E | |
| CVE-2025-52577 | Advantech iView SQL Injection | S | |
| CVE-2025-52579 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory | S | |
| CVE-2025-52707 | WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52708 | WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52709 | WordPress Everest Forms plugin <= 3.2.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52710 | WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52711 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-52713 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability | S | |
| CVE-2025-52715 | WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52717 | WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability | S | |
| CVE-2025-52718 | WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability | S | |
| CVE-2025-52719 | WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability | S | |
| CVE-2025-52722 | WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability | S | |
| CVE-2025-52723 | WordPress Networker theme <= 1.2.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52724 | WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52725 | WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52726 | WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability | S | |
| CVE-2025-52727 | WordPress CSS3 Vertical Web Pricing Tables plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52729 | WordPress Diza theme <= 1.3.9 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52733 | WordPress ANON::form embedded secure form plugin <= 1.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52772 | WordPress Virtual Moderator plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52774 | WordPress Infility Global plugin <= 2.12.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52776 | WordPress Video List Manager <= 1.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52778 | WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52780 | WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52781 | WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52782 | WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52783 | WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52784 | WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52789 | WordPress Lewe ChordPress plugin <= 3.9.7 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability | | |
| CVE-2025-52790 | WordPress WP-DownloadCounter plugin <= 1.01 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52791 | WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52792 | WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52793 | WordPress Esselink.nu Settings plugin <= 2.94 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52795 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52796 | WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52798 | WordPress JobSearch <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52799 | WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52802 | WordPress Import YouTube videos as WP Posts plugin <= 2.1 - Broken Access Control Vulnerability | | |
| CVE-2025-52805 | WordPress Leyka <= 3.31.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52807 | WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability | | |
| CVE-2025-52808 | WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-52809 | WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-52810 | WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-52811 | WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability | | |
| CVE-2025-52812 | WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability | | |
| CVE-2025-52813 | WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability | | |
| CVE-2025-52814 | WordPress BRW plugin <= 1.7.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52815 | WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52816 | WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.0 - Broken Access Control Vulnerability | | |
| CVE-2025-52818 | WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability | | |
| CVE-2025-52821 | WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability | | |
| CVE-2025-52822 | WordPress WP Roadmap plugin <= 2.1.3 - SQL Injection Vulnerability | | |
| CVE-2025-52824 | WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability | | |
| CVE-2025-52825 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52826 | WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-52827 | WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-52828 | WordPress Red Art <= 3.7 - PHP Object Injection Vulnerability | | |
| CVE-2025-52829 | WordPress DirectIQ Email Marketing plugin <= 2.0 - SQL Injection Vulnerability | | |
| CVE-2025-52830 | WordPress bSecure – Your Universal Checkout <= 1.7.9 - SQL Injection Vulnerability | | |
| CVE-2025-52831 | WordPress Video List Manager <= 1.7 - SQL Injection Vulnerability | | |
| CVE-2025-52832 | WordPress NGG Smart Image Search <= 3.4.1 - SQL Injection Vulnerability | S | |
| CVE-2025-52833 | WordPress LMS <= 9.1 - SQL Injection Vulnerability | | |
| CVE-2025-52834 | WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability | | |
| CVE-2025-52837 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Followi... | | |
| CVE-2025-52841 | Laundry 2.3.0 - Account Takeover via CSRF | E | |
| CVE-2025-52842 | Laundry 2.3.0 - Account Takeover via Reflected XSS | E | |
| CVE-2025-52875 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible... | | |
| CVE-2025-52876 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible... | | |
| CVE-2025-52877 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible... | | |
| CVE-2025-52878 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permission... | | |
| CVE-2025-52879 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible... | | |
| CVE-2025-52880 | Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File | | |
| CVE-2025-52882 | Claude Code IDE extensions allow websocket connections from arbitrary origins | | |
| CVE-2025-52883 | Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted | | |
| CVE-2025-52884 | risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment | | |
| CVE-2025-52886 | Poppler Use After Free Vulnerability | | |
| CVE-2025-52887 | cpp-httplib has unlimited number of http header fields, which causes memory leak | | |
| CVE-2025-52888 | Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction | | |
| CVE-2025-52889 | Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs | E | |
| CVE-2025-52890 | Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs | E | |
| CVE-2025-52891 | ModSecurity empty XML tag causes segmentation fault | | |
| CVE-2025-52893 | OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data | | |
| CVE-2025-52894 | OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation | | |
| CVE-2025-52895 | Frappe possibility of SQL injection due to improper validations | S | |
| CVE-2025-52896 | Frappe authenticated XSS via data import | S | |
| CVE-2025-52898 | Frappe account takeover via password reset token leakage | S | |
| CVE-2025-52900 | File Browser has Insecure File Permissions | E S | |
| CVE-2025-52901 | File Browser allows sensitive data to be transferred in URL | E S | |
| CVE-2025-52902 | File Browser has Stored Cross-Site Scripting vulnerability | E S | |
| CVE-2025-52903 | File Browser Allows Execution of Shell Commands That Can Spawn Other Commands | E | |
| CVE-2025-52904 | File Browser: Command Execution not Limited to Scope | E | |
| CVE-2025-52916 | Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration... | | |
| CVE-2025-52917 | The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosu... | | |
| CVE-2025-52918 | Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowin... | | |
| CVE-2025-52919 | In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certifi... | | |
| CVE-2025-52920 | Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the ... | | |
| CVE-2025-52921 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the... | | |
| CVE-2025-52922 | Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated at... | | |
| CVE-2025-52923 | Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.... | | |
| CVE-2025-52925 | In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken w... | | |
| CVE-2025-52926 | In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the intera... | | |
| CVE-2025-52934 | Rejected reason: Not a vulnerability.... | R | |
| CVE-2025-52935 | Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly | S | |
| CVE-2025-52936 | Improper Link Resolution Before File Access vulnerability in yrutschle/sslh | S | |
| CVE-2025-52937 | Vulnerability in PointCloudLibrary PCL | S | |
| CVE-2025-52938 | Potential heap-based buffer over-read vulnerability in NotepadNext | S | |
| CVE-2025-52939 | Potential heap-buffer overflow vulnerability in NotepadNext | S | |
| CVE-2025-52946 | Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash | S | |
| CVE-2025-52947 | Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash | S | |
| CVE-2025-52948 | Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled | S | |
| CVE-2025-52949 | Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash | S | |
| CVE-2025-52950 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface | S | |
| CVE-2025-52951 | Junos OS: IPv6 firewall filter fails to match payload-protocol | S | |
| CVE-2025-52952 | Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash | S | |
| CVE-2025-52953 | Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset | S | |
| CVE-2025-52954 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system | S | |
| CVE-2025-52955 | Junos OS: When jflow/sflow is configured continuous logical interface flaps causes rpd crash and restart | S | |
| CVE-2025-52958 | Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash | S | |
| CVE-2025-52963 | Junos OS: A low-privileged user can disable an interface | S | |
| CVE-2025-52964 | Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured | S | |
| CVE-2025-52967 | gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.... | | |
| CVE-2025-52968 | xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can ... | | |
| CVE-2025-52969 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-52971 | Rejected reason: Not used... | R | |
| CVE-2025-52972 | Rejected reason: Not used... | R | |
| CVE-2025-52973 | Rejected reason: Not used... | R | |
| CVE-2025-52974 | Rejected reason: Not used... | R | |
| CVE-2025-52975 | Rejected reason: Not used... | R | |
| CVE-2025-52976 | Rejected reason: Not used... | R | |
| CVE-2025-52977 | Rejected reason: Not used... | R | |
| CVE-2025-52978 | Rejected reason: Not used... | R | |
| CVE-2025-52979 | Rejected reason: Not used... | R | |
| CVE-2025-52980 | Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message | S | |
| CVE-2025-52981 | Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash | S | |
| CVE-2025-52982 | Junos OS: MX Series: When specific SIP packets are processed the MS-MPC will crash | S | |
| CVE-2025-52983 | Junos OS: After removing ssh public key authentication root can still log in | S | |
| CVE-2025-52984 | Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes | S | |
| CVE-2025-52985 | Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching | S | |
| CVE-2025-52986 | Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks | S | |
| CVE-2025-52988 | Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout' | S | |
| CVE-2025-52989 | Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration | S | |
| CVE-2025-52991 | The Nix, Lix, and Guix package managers default to using temporary build directories in a world-read... | | |
| CVE-2025-52992 | The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fai... | | |
| CVE-2025-52993 | A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitr... | | |
| CVE-2025-52994 | gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a craft... | | |
| CVE-2025-52995 | File Browser vulnerable to command execution allowlist bypass | E S | |
| CVE-2025-52996 | File Browser's Password Protection of Links Vulnerable to Bypass | E | |
| CVE-2025-52997 | File Browser Insecurely Handles Passwords | E S | |
| CVE-2025-52999 | jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data | |