Security Vulnerabilities - CVEs Published In 2025
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module.
Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-08-06
Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-06
Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-08-06
Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-08-06
Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-08-06
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-05
Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-05
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS Score
10.0
EPSS Score
0.006
Published
2025-08-05
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-08-05
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
CVSS Score
9.8
EPSS Score
0.004
Published
2025-08-05