Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-29 CVE-2025-3050 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
network
high complexity
CWE-770
5.3
5.3
2025-05-29 CVE-2025-4967 Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.
network
low complexity
CWE-918
critical
 9.1
9.1
2025-05-29 CVE-2025-5326 A vulnerability was found in zhilink ???(??)?????? ADP Application Developer Platform ??????? 1.0.0 and classified as critical.
network
low complexity
CWE-502
6.3
6.3
2025-05-29 CVE-2025-5324 A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0.
local
low complexity
CWE-401
3.3
3.3
2025-05-29 CVE-2025-4670 The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-29 CVE-2025-5122 The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29 CVE-2025-5286 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29 CVE-2025-4583 The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-05-28 CVE-2025-32803 In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
local
low complexity
 4.0
4.0
2025-05-28 CVE-2025-32801 Kea configuration and API directives can be used to load a malicious hook library.
local
low complexity
 7.8
7.8