Vulnerability Notes
- CVE-2025-41115 - Incorrect privilege assignment
- CVE-2025-11127 - Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation
- CVE-2025-13156 - Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution
- CVE-2025-13322 - WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter
- CVE-2025-11985 - Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
- CVE-2025-11456 - ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload
- CVE-2025-64695 - LogStare Collector Windows Installer Uncontrolled Search Path Element Vulnerability (RCE)
- CVE-2025-64310 - Epson Projector WebConfig Brute Force Authentication Vulnerability
- CVE-2025-64762 - authkit-nextjs may let session cookies be cached in CDNs
- CVE-2025-62164 - VLLM deserialization vulnerability leading to DoS and potential RCE
- CVE-2025-62459 - Microsoft Defender Portal Spoofing Vulnerability
- CVE-2025-62207 - Azure Monitor Elevation of Privilege Vulnerability
- CVE-2025-59245 - Microsoft SharePoint Online Elevation of Privilege Vulnerability
- CVE-2025-36072 - IBM webMethods Integration Deserialization
- CVE-2025-63685 - Quark Cloud Drive DLL Hijacking
- CVE-2025-48986 - Revive Adserver Authorization Bypass Vulnerability
- CVE-2025-10571 - ABB Ability Edgenius Authentication Bypass
- CVE-2025-63888 - ThinkPHP File Template Driver Remote Code Execution Vulnerability