In Oracle MySQL Client versions 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0 a low severity vulnerability CVE-2025-50081 was detected in the mysqldump component. This vulnerability allows high-privileged attackers with network access and requiring user interaction to perform unauthorized updates, inserts, deletes, or read access to MySQL Client-accessible data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-50081.
Read more DatabaseIn Oracle MySQL Server versions 8.0.0 through 8.0.42 a medium severity vulnerability CVE-2025-53023 was detected in the Replication component. This vulnerability allows high-privileged attackers with network access to cause a hang or repeatable crash of the MySQL Server, resulting in denial-of-service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53023.
Read more DatabaseIn Oracle MySQL Server versions 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0 a medium severity vulnerability CVE-2025-50087 was detected in the Optimizer component. This vulnerability allows high-privileged attackers with network access to create, delete, or modify critical data without authorization. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-50087.
Read more DatabaseIn SQLite versions prior to 3.50.2 a high severity vulnerability CVE-2025-6965 was detected. This vulnerability, caused by integer truncation when the number of aggregate terms exceeds the number of available columns, may lead to memory corruption. To address this issue, users should upgrade SQLite to versions 3.50.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6965.
Read more DatabaseIn ZITADEL versions from 2.53.0 up to but not including 4.0.0-rc.2, 3.3.2, 2.71.13 and 2.70.14 a high severity vulnerability CVE-2025-53895 was detected. This vulnerability allows any authenticated user to hijack sessions and impersonate other users by updating arbitrary sessions using only the session ID, due to missing authorization checks in the session management API. To address this issue, users should upgrade ZITADEL to versions 4.0.0-rc.2, 3.3.2, 2.71.13 or 2.70.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53895.
Read more Developer ToolsIn Restrict File Access plugin for WordPress versions up to and including 1.1.2 a high severity vulnerability CVE-2025-7667 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server via a forged request due to missing or incorrect nonce validation on the ‘restrict-file-access’ page, which can lead to remote code execution if a critical file such as wp-config.php is deleted. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7667.
Read more CMSIn Companion Auto Update plugin for WordPress versions up to and including 3.9.2 a medium severity vulnerability CVE-2025-4369 was detected. This vulnerability allows admin-level users to inject scripts via the update_delay_days parameter, affecting multi-site setups with unfiltered_html disabled. To address this issue, users should update Companion Auto Update plugin to versions 3.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4369.
Read more CMSIn Strong Testimonials plugin for WordPress versions up to and including 3.2.11 a medium severity vulnerability CVE-2025-7367 was detected. This vulnerability allows authenticated attackers with Author-level access and above to inject arbitrary web scripts via Testimonial Custom Fields due to insufficient input sanitization and output escaping. To address this issue, users should update Strong Testimonials plugin to versions 3.2.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7367.
Read more CMSIn PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23 and 8.4.* before 8.4.10 a medium severity vulnerability CVE-2025-6491 was detected. This vulnerability allows attackers to cause a null pointer dereference by parsing XML data with an overly large (>2GB) XML namespace prefix in SOAP extensions, potentially leading to crashes and impacting server availability. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or 8.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6491.
Read more Web Development