CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-10641
High

In the Bluetooth Classic Hands-Free Profile (HFP) implementation in Zephyr OS, an out-of-bounds write vulnerability was found. During processing of AT+CIND: response from an Audio Gateway (AG) device, the cind_handle_values() function writes data to the ind_table[] array without verifying that the index does not exceed its size (20 elements). A remote, malicious or compromised Bluetooth peer can send a response with more than 20 entries, causing a write beyond the array and memory corruption.

CVE-2025-69189
High

The EMV JobBank has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2025-69175
High

There is an unauthenticated local file inclusion vulnerability in Line Agency versions <= 1.3.1.

CVE-2025-69174
High

Versions of Etude up to 1.6 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69170
High

There is an unauthenticated local file inclusion vulnerability in Eventicity versions <= 1.5.

CVE-2025-69166
High

Gunslinger versions up to 1.7 are vulnerable to unauthenticated local file inclusion.

CVE-2025-69164
High

There is an unauthenticated local file inclusion vulnerability in Skyward versions <= 1.10.

CVE-2025-69158
High

Versions of Granola <= 1.13 are vulnerable to unauthenticated local file inclusion, which may lead to the exposure of sensitive data.

CVE-2025-69157
High

Versions of Gamic <= 1.15 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69144
High

There is a vulnerability in Preservation <= 1.10 that allows unauthenticated local file inclusion.

CVE-2025-69140
High

Versions of SweetDate Core below 1.1.5 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2025-69130
High

In versions of the Entrepreneur - Booking for Small Businesses WordPress theme up to 3.1.3, there is a PHP Object Injection vulnerability related to subscribers.

CVE-2025-69128
High

CVE-2025-69128 describes an improper limitation of a pathname to a restricted directory, allowing Path Traversal in the EMV JobCareer application. This issue affects JobCareer versions from n/a through 7.3.

CVE-2025-69126
High

There is a vulnerability in Fortius <= 2.3.0 versions that allows unauthenticated local file inclusion.

CVE-2025-69123
High

Versions of Snow Club up to 1.1 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69120
High

There is an unauthenticated local file inclusion vulnerability in Dazzle <= 1.0.0 versions.

CVE-2025-69115
High

The LuxMed | Medicine & Healthcare Doctor WordPress theme versions up to 1.2.2 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to sensitive data on the server.

CVE-2025-69106
High

There is an unauthenticated local file inclusion vulnerability in Imba versions up to 1.5.0.

CVE-2025-68524
High

Versions of Avante below 3.0.5 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2025-66391
High

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, allowing an attacker to reset a user's password by sending a one-time password to an attacker-controlled email address.

PreviousPage 92 of 3314Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS