NA - CVE-2025-53836 - XWiki Rendering is a generic rendering system...
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior...
NA - CVE-2025-53839 - DRACOON is a file sharing service, and the...
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0...
NA - CVE-2025-53885 - Directus is a real-time API and App dashboard...
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it...
NA - CVE-2025-53886 - Directus is a real-time API and App dashboard...
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all...
NA - CVE-2025-53887 - Directus is a real-time API and App dashboard...
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used...
NA - CVE-2025-53889 - Directus is a real-time API and App dashboard...
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating...
NA - CVE-2025-53890 - pyload is an open-source Download Manager...
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to...
NA - CVE-2025-53891 - The timelineofficial/Time-Line- repository...
The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files (instruction/message media)...
High - CVE-2025-6265 - A path traversal vulnerability in the...
A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges...
Critical - CVE-2025-5393 - The Alone – Charity Multipurpose Non-profit...
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the...