In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 05-06, 2025.
During this period, The National Vulnerability Database published 116, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 15
Medium: 45
Low: 2
Severity Not Assigned: 45
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-53544
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0.
References: https://github.com/TriliumNext/Trilium/pull/6243/commits/04c8f8a1234e8c9f4a87da187180375227b21223
https://github.com/TriliumNext/Trilium/releases/tag/v0.97.0
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-54119
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
References: https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
https://github.com/ADOdb/ADOdb/issues/1083
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-54130
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
References: https://github.com/cursor/cursor/security/advisories/GHSA-vqv7-vq92-x87f
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-54135
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
References: https://github.com/cursor/cursor/security/advisories/GHSA-4cxx-hrm3-49rm
CWE-ID: CWE-78 CWE-829
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-54780
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
References: https://github.com/cconard96/glpi-screenshot-plugin/commit/49215b53a05dc792719b69c098df80100208c2c8
https://github.com/cconard96/glpi-screenshot-plugin/security/advisories/GHSA-x6mp-jhxw-9xrp
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-54802
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
References: https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
https://github.com/pyload/pyload/pull/4596
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-54865
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
References: https://github.com/FTB-Gamepedia/Tilesheets/blob/8debbf8ee6ddb02bf9c756bab5c085b007d72c50/special/SheetManager.php#L255
https://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-54868
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
References: https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-54982
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
References: https://help.zscaler.com/zia/about-identity-providers
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-7050
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.
References: https://wpcloudplugins.gitbook.io/docs/other/changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/de0c8922-b290-4582-9079-e79da684bcff?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-41698
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
References: https://certvde.com/en/advisories/VDE-2025-028
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-5061
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.
References: https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/class-wpie-upload-validate.php#L24
https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/class-wpie-upload-validate.php#L89
https://plugins.trac.wordpress.org/changeset/3323402/
https://plugins.trac.wordpress.org/changeset/3338701/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c0f3248-fef6-48a5-b2e1-f2778528fba1?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-6207
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/class-wpie-common-action.php#L386
https://plugins.trac.wordpress.org/changeset/3323402/
https://www.wordfence.com/threat-intel/vulnerabilities/id/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-54948
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
References: https://success.trendmicro.com/en-US/solution/KA-0020652
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-54987
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
References: https://success.trendmicro.com/en-US/solution/KA-0020652
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-29745
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
References: https://packetstorm.news/files/id/188736/
https://www.youtube.com/watch?v=LxaYtxdJLM4
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-50706
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
References: https://xinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981
https://xinyisleep.github.io/CVE-2025-50706.md
https://xinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-50707
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
References: https://xinyisleep.github.io/2024-07-15/Thinkphp3.%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-39045
https://xinyisleep.github.io/CVE-2025-50707.md
https://xinyisleep.github.io/2024-07-15/Thinkphp3.%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-39045
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-43979
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
References: https://github.com/actuator/cve/blob/main/Firstnum/CVE-2025-43979.txt
https://github.com/actuator/cve/tree/main/Firstnum
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-46658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
References: https://gist.github.com/Jowu73/005ca4f85b27fb272a4e62e373341fa5
https://www.4cstrategies.com/solutions/exonaut/
CWE-ID: CWE-209
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-43978
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
References: https://github.com/actuator/cve/blob/main/Jointelli/CVE-2025-43978.txt
https://github.com/actuator/cve/tree/main/Jointelli
https://www.jointelli.com/cpe/5g-cpe-evo-4.html
https://www.jointelli.com/product/25H01
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-54253
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
References: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
CWE-ID: CWE-16
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-54254
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
References: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-51628
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
References: http://agenzia.com
http://eccobook.com
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 05-06, 2025.
During this period, The National Vulnerability Database published 116, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 15
Medium: 45
Low: 2
Severity Not Assigned: 45
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-53544
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0.
References: https://github.com/TriliumNext/Trilium/pull/6243/commits/04c8f8a1234e8c9f4a87da187180375227b21223
https://github.com/TriliumNext/Trilium/releases/tag/v0.97.0
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-54119
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
References: https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
https://github.com/ADOdb/ADOdb/issues/1083
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-54130
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
References: https://github.com/cursor/cursor/security/advisories/GHSA-vqv7-vq92-x87f
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-54135
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
References: https://github.com/cursor/cursor/security/advisories/GHSA-4cxx-hrm3-49rm
CWE-ID: CWE-78 CWE-829
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-54780
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
References: https://github.com/cconard96/glpi-screenshot-plugin/commit/49215b53a05dc792719b69c098df80100208c2c8
https://github.com/cconard96/glpi-screenshot-plugin/security/advisories/GHSA-x6mp-jhxw-9xrp
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-54802
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
References: https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
https://github.com/pyload/pyload/pull/4596
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-54865
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
References: https://github.com/FTB-Gamepedia/Tilesheets/blob/8debbf8ee6ddb02bf9c756bab5c085b007d72c50/special/SheetManager.php#L255
https://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-54868
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
References: https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-54982
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
References: https://help.zscaler.com/zia/about-identity-providers
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-7050
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.
References: https://wpcloudplugins.gitbook.io/docs/other/changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/de0c8922-b290-4582-9079-e79da684bcff?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-41698
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
References: https://certvde.com/en/advisories/VDE-2025-028
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-5061
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.
References: https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/class-wpie-upload-validate.php#L24
https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/class-wpie-upload-validate.php#L89
https://plugins.trac.wordpress.org/changeset/3323402/
https://plugins.trac.wordpress.org/changeset/3338701/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c0f3248-fef6-48a5-b2e1-f2778528fba1?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-6207
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/class-wpie-common-action.php#L386
https://plugins.trac.wordpress.org/changeset/3323402/
https://www.wordfence.com/threat-intel/vulnerabilities/id/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-54948
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
References: https://success.trendmicro.com/en-US/solution/KA-0020652
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-54987
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
References: https://success.trendmicro.com/en-US/solution/KA-0020652
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-29745
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
References: https://packetstorm.news/files/id/188736/
https://www.youtube.com/watch?v=LxaYtxdJLM4
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-50706
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
References: https://xinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981
https://xinyisleep.github.io/CVE-2025-50706.md
https://xinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-50707
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
References: https://xinyisleep.github.io/2024-07-15/Thinkphp3.%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-39045
https://xinyisleep.github.io/CVE-2025-50707.md
https://xinyisleep.github.io/2024-07-15/Thinkphp3.%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-39045
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-43979
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
References: https://github.com/actuator/cve/blob/main/Firstnum/CVE-2025-43979.txt
https://github.com/actuator/cve/tree/main/Firstnum
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-46658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
References: https://gist.github.com/Jowu73/005ca4f85b27fb272a4e62e373341fa5
https://www.4cstrategies.com/solutions/exonaut/
CWE-ID: CWE-209
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-43978
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
References: https://github.com/actuator/cve/blob/main/Jointelli/CVE-2025-43978.txt
https://github.com/actuator/cve/tree/main/Jointelli
https://www.jointelli.com/cpe/5g-cpe-evo-4.html
https://www.jointelli.com/product/25H01
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-54253
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
References: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
CWE-ID: CWE-16
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-54254
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
References: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-51628
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
References: http://agenzia.com
http://eccobook.com
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found