Security Vulnerabilities
A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-08-05
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-05
An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
CVSS Score
9.8
EPSS Score
0.004
Published
2025-08-05
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-05
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-05
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-05
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-05
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
CVSS Score
9.4
EPSS Score
0.005
Published
2025-08-05
CVE-2025-54948
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Known exploited
CVSS Score
9.4
EPSS Score
0.185
Published
2025-08-05
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-08-05