Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-21 | CVE-2025-43966 | NULL Pointer Dereference vulnerability in Struktur Libheif libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. | 7.5 |
| 2025-04-21 | CVE-2025-43967 | NULL Pointer Dereference vulnerability in Struktur Libheif libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. | 7.5 |
| 2025-04-20 | CVE-2025-43929 | Origin Validation Error vulnerability in Kovidgoyal Kitty open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter). | 7.8 |
| 2025-04-20 | CVE-2025-43919 | Path Traversal vulnerability in GNU Mailman GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. | 7.5 |
| 2025-04-20 | CVE-2025-43920 | OS Command Injection vulnerability in GNU Mailman GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. | 8.1 |
| 2025-04-19 | CVE-2025-3820 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. | 8.8 |
| 2025-04-19 | CVE-2025-3817 | Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. | 8.8 |
| 2025-04-19 | CVE-2025-3802 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). | 8.8 |
| 2025-04-19 | CVE-2025-3803 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). | 8.8 |
| 2025-04-19 | CVE-2025-3800 | A vulnerability has been found in WCMS 11 and classified as critical. | 7.3 |