High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| FlowiseAI–Flowise | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6. | 2025-09-22 | 10 | CVE-2025-59528 | https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L132 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L220 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L262-L270 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/nodes/index.ts#L57-L78 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/routes/node-load-methods/index.ts#L5 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/nodes/index.ts#L91-L94 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6 |
| HaruTheme–WooCommerce Designer Pro | Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24. | 2025-09-26 | 10 | CVE-2025-60219 | https://patchstack.com/database/wordpress/plugin/wc-designer-pro/vulnerability/wordpress-woocommerce-designer-pro-plugin-1-9-24-arbitrary-file-upload-vulnerability?_s_id=cve |
| Iron Mountain Archiving Services Inc.–enVision | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection.This issue affects enVision: before 250563. | 2025-09-23 | 10 | CVE-2025-9588 | https://www.usom.gov.tr/bildirim/tr-25-0285 |
| TalentSys Consulting Information Technology Industry Inc.–Inka.Net | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1. | 2025-09-23 | 10 | CVE-2025-9846 | https://www.usom.gov.tr/bildirim/tr-25-0288 |
| eteubert–Podlove Podcast Publisher | The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘move_as_original_file’ function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-09-23 | 9.8 | CVE-2025-10147 | https://www.wordfence.com/threat-intel/vulnerabilities/id/093058f1-c717-424f-9bd5-4838df8d20a1?source=cve https://plugins.trac.wordpress.org/browser/podlove-podcasting-plugin-for-wordpress/tags/4.2.6/lib/model/image.php#L465 https://plugins.trac.wordpress.org/changeset/3364994/ |
| MooMoo–Product Options and Price Calculation Formulas for WooCommerce Uni CPO (Premium) | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the ‘uni_cpo_upload_file’ function in all versions up to, and including, 4.9.54. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-09-23 | 9.8 | CVE-2025-10412 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0c6a45-2c4a-4a23-84e6-7a9759796824?source=cve https://builderius.io/cpo/ |
| Red Hat –Ver. 20.12 and 21.8 | Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user’s accounts. | 2025-09-24 | 9.6 | CVE-2025-10894 | https://access.redhat.com/security/cve/CVE-2025-10894 https://access.redhat.com/security/supply-chain-attacks-NPM-packages RHBZ#2396282 https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware https://www.wiz.io/blog/s1ngularity-supply-chain-attack |
| Cisco–Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. | 2025-09-25 | 9.9 | CVE-2025-20333 | cisco-sa-asaftd-webvpn-z5xP8EUB |
| Cisco–IOS | A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details [“#details”] section of this advisory. | 2025-09-25 | 9 | CVE-2025-20363 | cisco-sa-http-code-exec-WmfP3h3O |
| Qualcomm, Inc.–Snapdragon | Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. | 2025-09-24 | 9.8 | CVE-2025-21483 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| SolarWinds–Web Help Desk | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | 2025-09-23 | 9.8 | CVE-2025-26399 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399 https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm |
| Qualcomm, Inc.–Snapdragon | Memory corruption while selecting the PLMN from SOR failed list. | 2025-09-24 | 9.8 | CVE-2025-27034 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Airship AI–Acropolis | Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9. | 2025-09-22 | 9.8 | CVE-2025-35042 | url url |
| WAGO–Device Sphere | The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it. | 2025-09-24 | 9.8 | CVE-2025-41715 | https://certvde.com/de/advisories/VDE-2025-087 |
| yonisink–Custom Post Type Images | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code Injection. This issue affects Custom Post Type Images: from n/a through 0.5. | 2025-09-22 | 9.6 | CVE-2025-58255 | https://patchstack.com/database/wordpress/plugin/custom-post-types-image/vulnerability/wordpress-custom-post-type-images-plugin-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| FlowiseAI–Flowise | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as OpenAI API keys, AWS credentials, Supabase tokens, and Google Cloud secrets – resulting in a full cross-tenant data exposure. This issue has been patched in the August 2025 Cloud-Hosted Flowise. | 2025-09-22 | 9.6 | CVE-2025-59434 | https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-435c-mg9p-fv22 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0. | 2025-09-23 | 9.1 | CVE-2025-59545 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29 |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0. | 2025-09-25 | 9.9 | CVE-2025-59832 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8×78-6q9g-hv2h https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf |
| srmorete–adb-mcp | ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c. | 2025-09-25 | 9.8 | CVE-2025-59834 | https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355 |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1. | 2025-09-25 | 9.8 | CVE-2025-59841 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-h6pr-4cwv-6cjg https://github.com/FlagForgeCTF/flagForge/commit/304b6c82a4f76871b336404b91e5cdd8a7d7d5bd |
| formbricks–formbricks | Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: “none” header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1. | 2025-09-26 | 9.4 | CVE-2025-59934 | https://github.com/formbricks/formbricks/security/advisories/GHSA-7229-q9pv-j6p4 https://github.com/formbricks/formbricks/pull/6596 https://github.com/formbricks/formbricks/commit/eb1349f205189d5b2d4a95ec42245ca98cf68c82 https://github.com/formbricks/formbricks/blob/843110b0d6c37b5c0da54291616f84c91c55c4fc/apps/web/lib/jwt.ts#L114-L117 |
| webandprint–AR For WordPress | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98. | 2025-09-26 | 9.6 | CVE-2025-60156 | https://patchstack.com/database/wordpress/plugin/ar-for-wordpress/vulnerability/wordpress-ar-for-wordpress-plugin-7-98-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Techspawn–MultiLoca – WooCommerce Multi Locations Inventory Management | The MultiLoca – WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘wcmlim_settings_ajax_handler’ function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-09-24 | 9.8 | CVE-2025-9054 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6a04e6ad-9365-4cb5-a0a0-82e047647d6b?source=cve https://codecanyon.net/item/woocommerce-multi-locations-inventory-management/28949586#item-description__changelog |
| wpsight–WPCasa | The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the ‘api_requests’ function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code. | 2025-09-23 | 9.8 | CVE-2025-9321 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c1001b2b-395a-44ee-827e-6e57f7a50218?source=cve https://plugins.trac.wordpress.org/browser/wpcasa/trunk/includes/class-wpsight-api.php#L48 https://plugins.trac.wordpress.org/changeset/3365172/ |
| Autodesk–Fusion | A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | 2025-09-23 | 8.7 | CVE-2025-10244 | https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0020 |
| wplakeorg–Advanced Views Display Posts, Custom Fields, and More | The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server. | 2025-09-23 | 8.8 | CVE-2025-10380 | https://www.wordfence.com/threat-intel/vulnerabilities/id/52b04517-f0be-4bbf-818c-70a12d76bfec?source=cve https://plugins.trac.wordpress.org/browser/acf-views/tags/3.7.19/src/Template_Engines/Twig.php#L106 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364566%40acf-views&new=3364566%40acf-views&sfp_email=&sfph_mail= |
| Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc.–Yordam Katalog | Path Traversal: ‘dir/../../filename’ vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7. | 2025-09-25 | 8.6 | CVE-2025-10438 | https://www.usom.gov.tr/bildirim/tr-25-0296 |
| Saysis Computer Systems Trade Ltd. Co.–Saysis Web Portal | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1. | 2025-09-25 | 8.6 | CVE-2025-10449 | https://www.usom.gov.tr/bildirim/tr-25-0297 |
| PROLIZ Computer Software Hardware Service Trade Ltd. Co.–OBS (Student Affairs Information System) | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.This issue affects OBS (Student Affairs Information System): before v25.0401. | 2025-09-25 | 8.9 | CVE-2025-10467 | https://www.usom.gov.tr/bildirim/tr-25-0298 |
| B-Link–BL-AC2100 | A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-22 | 8.8 | CVE-2025-10773 | VDB-325129 | B-Link BL-AC2100 Web Management set_delshrpath_cfg delshrpath stack-based overflow VDB-325129 | CTI Indicators (IOB, IOC, IOA) Submit #649901 | LB-LINK AC2100 V1.0.3 Stack-based Buffer Overflow https://github.com/maximdevere/CVE2/blob/main/README.md |
| D-Link–DCS-935L | A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-09-22 | 8.8 | CVE-2025-10779 | VDB-325135 | D-Link DCS-935L HNAP1 sub_402280 stack-based overflow VDB-325135 | CTI Indicators (IOB, IOC, IOA) Submit #653690 | D-Link DCS-935L DCS-935L_A1_FW_1.13.01 Stack-based Buffer Overflow Submit #653691 | D-Link DCS-935L DCS-935L_A1_FW_1.13.01 Stack-based Buffer Overflow (Duplicate) https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-1.pdf https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-2.pdf https://www.dlink.com/ |
| D-Link–DIR-513 | A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-09-22 | 8.8 | CVE-2025-10792 | VDB-325149 | D-Link DIR-513 formWPS buffer overflow VDB-325149 | CTI Indicators (IOB, IOC, IOA) Submit #654049 | D-Link DIR-513 A1FW110 Buffer Overflow https://github.com/panda666-888/vuls/blob/main/d-link/dir-513/formWPS.md https://github.com/panda666-888/vuls/blob/main/d-link/dir-513/formWPS.md#poc https://www.dlink.com/ |
| Tenda–AC23 | A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-09-22 | 8.8 | CVE-2025-10803 | VDB-325161 | Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow VDB-325161 | CTI Indicators (IOB, IOC, IOA) Submit #654237 | Tenda AC23 <= V16.03.07.52 Buffer Overflow https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md https://www.tenda.com.cn/ |
| Tenda–AC20 | A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | 2025-09-22 | 8.8 | CVE-2025-10815 | VDB-325173 | Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow VDB-325173 | CTI Indicators (IOB, IOC, IOA) Submit #654460 | tenda AC20 <= V16.03.08.12 (latest) Buffer Overflow https://github.com/Juana-2u/Tenda-AC20 https://www.tenda.com.cn/ |
| Tenda–AC21 | A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | 2025-09-23 | 8.8 | CVE-2025-10838 | VDB-325200 | Tenda AC21 WifiExtraSet sub_45BB10 buffer overflow VDB-325200 | CTI Indicators (IOB, IOC, IOA) Submit #657126 | Tenda AC21 ≤V16.03.08.16 Buffer Overflow https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC21/Tenda%20AC21%20Buffer%20overflow.md https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC21/Tenda%20AC21%20Buffer%20overflow.md#poc https://www.tenda.com.cn/ |
| Python – – txtai arbitrary file write ver. 0 thru 9.0 | The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhere in the filesystem when txtai is used to load untrusted embedding indices | 2025-09-22 | 8.1 | CVE-2025-10854 | https://github.com/neuml/txtai/issues/965 https://research.jfrog.com/vulnerabilities/txtai-arbitrary-file-write-jfsa-2025-001471363/ |
| Magnetism Studios–Endurance | A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used. | 2025-09-24 | 8.4 | CVE-2025-10906 | VDB-325691 | Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication VDB-325691 | CTI Indicators (IOB, IOC, IOA) Submit #653994 | Magnetism Studios Endurance 3.3.0 Local Privilege Escalation https://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md https://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md#proof-of-concept |
| H3C–Magic B3 | A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 8.8 | CVE-2025-10942 | VDB-325812 | H3C Magic B3 aspForm AddMacList buffer overflow VDB-325812 | CTI Indicators (IOB, IOC, IOA) Submit #651813 | H3C Magic B3 <=100R002 Buffer Overflow https://github.com/lin-3-start/lin-cve/blob/main/H3C%2BMagic%2BB3/H3C%20routers%20Buffer%20overflow.md https://github.com/lin-3-start/lin-cve/blob/main/H3C%2BMagic%2BB3/H3C%20routers%20Buffer%20overflow.md#poc |
| MikroTik–RouterOS | A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 8.8 | CVE-2025-10948 | VDB-325818 | MikroTik RouterOS libjson.so print parse_json_element buffer overflow VDB-325818 | CTI Indicators (IOB, IOC, IOA) Submit #652387 | MikroTik RouterOS 7 Memory Corruption https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc#technical-proof-of-concept |
| UTT–1200GW | A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 8.8 | CVE-2025-10953 | VDB-325824 | UTT 1200GW/1250GW formApMail buffer overflow VDB-325824 | CTI Indicators (IOB, IOC, IOA) Submit #652687 | UTT 进取 1200GW <=v3.0.0-170831 Buffer Overflow Submit #652688 | UTT 进取 1250GW <=v2v3.2.2-200710 Buffer Overflow (Duplicate) https://github.com/cymiao1978/cve/blob/main/8.md https://github.com/cymiao1978/cve/blob/main/9.md |
| Tenda–AC21 | A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | 2025-09-28 | 8.8 | CVE-2025-11091 | VDB-326173 | Tenda AC21 SetStaticRouteCfg sscanf buffer overflow VDB-326173 | CTI Indicators (IOB, IOC, IOA) Submit #661806 | Shenzhen Tenda Technology Co.,Ltd. AC21 <= V16.03.08.16 Buffer Overflow https://github.com/maximdevere/CVE2/issues/2 https://www.tenda.com.cn/ |
| Tenda–CH22 | A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-28 | 8.8 | CVE-2025-11117 | VDB-326198 | Tenda CH22 GstDhcpSetSer formWrlExtraGet buffer overflow VDB-326198 | CTI Indicators (IOB, IOC, IOA) Submit #662927 | Tenda CH22 V1.0.0.1 Buffer overflow vulnerability https://github.com/zhaoyinshan/CVE/issues/2 https://www.tenda.com.cn/ |
| Tenda–AC8 | A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-09-28 | 8.8 | CVE-2025-11120 | VDB-326201 | Tenda AC8 SetServerConfig formSetServerConfig buffer overflow VDB-326201 | CTI Indicators (IOB, IOC, IOA) Submit #664065 | Shenzhen Tenda Technology Co., Ltd. Tenda AC8v4 Router Tenda AC8v4 (V16.03.34.06) Buffer Overflow https://github.com/alc9700jmo/CVE/issues/19 https://www.tenda.com.cn/ |
| Tenda–AC18 | A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | 2025-09-28 | 8.8 | CVE-2025-11122 | VDB-326203 | Tenda AC18 WizardHandle stack-based overflow VDB-326203 | CTI Indicators (IOB, IOC, IOA) Submit #664194 | Tenda AC18 V15.03.05.19(6318) Buffer Overflow Submit #664195 | Tenda AC18 V15.03.05.19(6318) Buffer Overflow (Duplicate) https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/WizardHandle.md https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/WizardHandle2.md https://www.tenda.com.cn/ |
| Tenda–AC18 | A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. | 2025-09-28 | 8.8 | CVE-2025-11123 | VDB-326204 | Tenda AC18 saveAutoQos stack-based overflow VDB-326204 | CTI Indicators (IOB, IOC, IOA) Submit #664197 | Tenda AC18 V15.03.05.19(6318) Buffer Overflow https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/saveAutoQos.md https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/saveAutoQos.md#poc https://www.tenda.com.cn/ |
| Cisco–IOS | A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device. | 2025-09-24 | 8.1 | CVE-2025-20160 | cisco-sa-ios-tacacs-hdB7thJw |
| Cisco–Cisco IOS XE Software | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. | 2025-09-24 | 8.6 | CVE-2025-20315 | cisco-sa-nbar-dos-LAvwTmeT |
| Cisco–Cisco IOS XE Software | A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2025-09-24 | 8.8 | CVE-2025-20334 | cisco-sa-ios-xe-cmd-inject-rPJM8BGL |
| Qualcomm, Inc.–Snapdragon | Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. | 2025-09-24 | 8.2 | CVE-2025-21484 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. | 2025-09-24 | 8.2 | CVE-2025-21487 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set. | 2025-09-24 | 8.2 | CVE-2025-21488 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| gopiplus@hotmail.com–Wp tabber widget | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in gopiplus@hotmail.com Wp tabber widget allows SQL Injection. This issue affects Wp tabber widget: from n/a through 4.0. | 2025-09-22 | 8.5 | CVE-2025-53468 | https://patchstack.com/database/wordpress/plugin/wp-tabber-widget/vulnerability/wordpress-wp-tabber-widget-plugin-4-0-sql-injection-vulnerability?_s_id=cve |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys. | 2025-09-23 | 8.3 | CVE-2025-55069 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| pebas–CouponXxL | Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL allows Privilege Escalation. This issue affects CouponXxL: from n/a through 4.5.0. | 2025-09-22 | 8.8 | CVE-2025-58013 | https://patchstack.com/database/wordpress/theme/couponxxl/vulnerability/wordpress-couponxxl-theme-4-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Anps–Constructo | Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. | 2025-09-22 | 8.8 | CVE-2025-58244 | https://patchstack.com/database/wordpress/theme/constructo/vulnerability/wordpress-constructo-theme-4-3-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| ApusTheme–Findgo | Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Authentication Bypass. This issue affects Findgo: from n/a through 1.3.55. | 2025-09-22 | 8.8 | CVE-2025-58250 | https://patchstack.com/database/wordpress/theme/fingo/vulnerability/wordpress-findgo-theme-1-3-55-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| quadlayers–Perfect Brands for WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection. This issue affects Perfect Brands for WooCommerce: from n/a through 3.6.0. | 2025-09-22 | 8.5 | CVE-2025-58686 | https://patchstack.com/database/wordpress/plugin/perfect-woocommerce-brands/vulnerability/wordpress-perfect-brands-for-woocommerce-plugin-3-6-0-sql-injection-vulnerability?_s_id=cve |
| FrontFin–mesh-web-sdk | Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically indistinguishable from a real page at the rendering level and allows access to the parent page DOM, storage, session, and cookies. If the attacker can specify customIframeId, they can hijack the source of existing iframes. This issue has been patched in version 3.3.2. | 2025-09-22 | 8.2 | CVE-2025-59430 | https://github.com/FrontFin/mesh-web-sdk/security/advisories/GHSA-vh3f-qppr-j97f https://github.com/FrontFin/mesh-web-sdk/pull/124 https://github.com/FrontFin/mesh-web-sdk/commit/7f22148516d58e21a8b7670dde927d614c0d15c2 https://github.com/FrontFin/mesh-web-sdk/blob/cf013b85ab95d64c63cbe46d6cb14695474924e7/packages/link/src/Link.ts#L441 |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm. | 2025-09-23 | 8.3 | CVE-2025-59484 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| purethemes–WorkScout-Core | Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery. This issue affects WorkScout-Core: from n/a through n/a. | 2025-09-22 | 8.8 | CVE-2025-59572 | https://patchstack.com/database/wordpress/plugin/workscout-core/vulnerability/wordpress-workscout-core-plugin-1-7-06-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Zenitel–ICX500 | This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. | 2025-09-25 | 8.8 | CVE-2025-59814 | Zenitel Zenitel |
| Zenitel–ICX500 | This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity. | 2025-09-25 | 8.4 | CVE-2025-59815 | Zenitel Zenitel |
| Zenitel–TCIS-3+ | This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity. | 2025-09-25 | 8.4 | CVE-2025-59817 | Zenitel |
| StarCitizenWiki–mediawiki-extensions-EmbedVideo | The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3. | 2025-09-25 | 8.6 | CVE-2025-59839 | https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/security/advisories/GHSA-4j5h-mvj3-m48v https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/commit/4e075d3dc9a15a3ee53f449a684d5ab847e52f01 https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/ext.embedVideo.videolink.js#L5-L20 https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/modules/iframe.js#L139-L155 |
| apollographql–embeddable-explorer | Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3. | 2025-09-26 | 8.2 | CVE-2025-59845 | https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1. | 2025-09-27 | 8.6 | CVE-2025-59932 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw |
| LabRedesCefetRJ–WeGIA | WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply prepared statements methods, sanitization, and validations on theid_produto parameter. This issue has been patched in version 3.5.0. | 2025-09-27 | 8.8 | CVE-2025-59939 | https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jx9m-pgf8-v489 |
| Syslifters–sysreptor | SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83. | 2025-09-27 | 8.1 | CVE-2025-59945 | https://github.com/Syslifters/sysreptor/security/advisories/GHSA-r6hm-59cq-gjg6 https://github.com/Syslifters/sysreptor/commit/de8b5d89d0644479ee0da0a113c6bcc2436ba7f4 |
| Unitree–Go2 | Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta). | 2025-09-26 | 8.2 | CVE-2025-60017 | https://spectrum.ieee.org/unitree-robot-exploit https://github.com/Bin4ry/UniPwn https://news.ycombinator.com/item?id=45381590 |
| LambertGroup–LambertGroup – AllInOne – Banner with Playlist | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup LambertGroup – AllInOne – Banner with Playlist allows Blind SQL Injection. This issue affects LambertGroup – AllInOne – Banner with Playlist: from n/a through 3.8. | 2025-09-26 | 8.5 | CVE-2025-60107 | https://patchstack.com/database/wordpress/plugin/all-in-one-bannerwithplaylist/vulnerability/wordpress-lambertgroup-allinone-banner-with-playlist-plugin-3-8-sql-injection-vulnerability?_s_id=cve |
| LambertGroup–LambertGroup – AllInOne – Banner with Thumbnails | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup LambertGroup – AllInOne – Banner with Thumbnails allows Blind SQL Injection. This issue affects LambertGroup – AllInOne – Banner with Thumbnails: from n/a through 3.8. | 2025-09-26 | 8.5 | CVE-2025-60108 | https://patchstack.com/database/wordpress/plugin/all-in-one-thumbnailsbanner/vulnerability/wordpress-lambertgroup-allinone-banner-with-thumbnails-plugin-3-8-sql-injection-vulnerability?_s_id=cve |
| LambertGroup–LambertGroup – AllInOne – Content Slider | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup LambertGroup – AllInOne – Content Slider allows Blind SQL Injection. This issue affects LambertGroup – AllInOne – Content Slider: from n/a through 3.8. | 2025-09-26 | 8.5 | CVE-2025-60109 | https://patchstack.com/database/wordpress/plugin/all-in-one-contentslider/vulnerability/wordpress-lambertgroup-allinone-content-slider-plugin-3-8-sql-injection-vulnerability?_s_id=cve |
| LambertGroup–AllInOne – Banner Rotator | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup AllInOne – Banner Rotator allows SQL Injection. This issue affects AllInOne – Banner Rotator: from n/a through 3.8. | 2025-09-26 | 8.5 | CVE-2025-60110 | https://patchstack.com/database/wordpress/plugin/all-in-one-bannerrotator/vulnerability/wordpress-allinone-banner-rotator-plugin-3-8-sql-injection-vulnerability?_s_id=cve |
| javothemes–Javo Core | Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication Bypass. This issue affects Javo Core: from n/a through 3.0.0.266. | 2025-09-26 | 8.8 | CVE-2025-60111 | https://patchstack.com/database/wordpress/plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Potenzaglobalsolutions–PGS Core | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Potenzaglobalsolutions PGS Core allows SQL Injection. This issue affects PGS Core: from n/a through 5.9.0. | 2025-09-26 | 8.5 | CVE-2025-60118 | https://patchstack.com/database/wordpress/plugin/pgs-core/vulnerability/wordpress-pgs-core-plugin-5-9-0-sql-injection-vulnerability?_s_id=cve |
| PluginOps–Testimonial Slider | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6. | 2025-09-26 | 8.8 | CVE-2025-60126 | https://patchstack.com/database/wordpress/plugin/testimonial-add/vulnerability/wordpress-testimonial-slider-plugin-3-5-8-6-local-file-inclusion-vulnerability?_s_id=cve |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover. | 2025-09-26 | 8.7 | CVE-2025-9642 | GitLab Issue #566505 HackerOne Bug Bounty Report #3297413 |
| Netcad Software Inc.–Netigma | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8. | 2025-09-23 | 8.9 | CVE-2025-9798 | https://www.usom.gov.tr/bildirim/tr-25-0286 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in Libtiff. This vulnerability is a “write-what-where” condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file’s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. | 2025-09-23 | 8.8 | CVE-2025-9900 | https://access.redhat.com/security/cve/CVE-2025-9900 RHBZ#2392784 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file |
| Dell–BSAFE Micro Edition Suite | Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | 2025-09-25 | 7.5 | CVE-2024-48014 | https://www.dell.com/support/kbdoc/en-us/000256131/dsa-2024-459-dell-bsafe-micro-edition-suite-security-update |
| gamerz–WP-DownloadManager | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-09-26 | 7.2 | CVE-2025-10747 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve https://wordpress.org/plugins/wp-downloadmanager/ https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail= |
| Campcodes–Online Learning Management System | A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | 2025-09-22 | 7.3 | CVE-2025-10781 | VDB-325137 | Campcodes Online Learning Management System edit_class.php sql injection VDB-325137 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653780 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/zzb1388/cve/issues/88 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-09-22 | 7.3 | CVE-2025-10782 | VDB-325138 | Campcodes Online Learning Management System class.php sql injection VDB-325138 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653781 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/zzb1388/cve/issues/87 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | 2025-09-22 | 7.3 | CVE-2025-10783 | VDB-325139 | Campcodes Online Learning Management System add_subject.php sql injection VDB-325139 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653782 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/zzb1388/cve/issues/86 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-09-22 | 7.3 | CVE-2025-10784 | VDB-325140 | Campcodes Online Learning Management System edit_subject.php sql injection VDB-325140 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653783 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/zzb1388/cve/issues/85 https://www.campcodes.com/ |
| Campcodes–Grocery Sales and Inventory System | A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | 2025-09-22 | 7.3 | CVE-2025-10785 | VDB-325141 | Campcodes Grocery Sales and Inventory System manage_user.php sql injection VDB-325141 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653784 | campcodes Grocery Sales and Inventory System V1.0 SQL injection Submit #653786 | campcodes Grocery Sales and Inventory System V1.0 SQL injection (Duplicate) https://github.com/zzb1388/cve/issues/84 https://github.com/zzb1388/cve/issues/89 https://www.campcodes.com/ |
| Campcodes–Grocery Sales and Inventory System | A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_user. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | 2025-09-22 | 7.3 | CVE-2025-10786 | VDB-325142 | Campcodes Grocery Sales and Inventory System ajax.php sql injection VDB-325142 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653785 | campcodes Grocery Sales and Inventory System V1.0 SQL injection https://github.com/zzb1388/cve/issues/83 https://www.campcodes.com/ |
| SourceCodester–Online Hotel Reservation System | A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-22 | 7.3 | CVE-2025-10788 | VDB-325145 | SourceCodester Online Hotel Reservation System deleteroominventory.php sql injection VDB-325145 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653877 | SourceCodester Online Hotel Reservation System 1.0 SQL Injection https://github.com/peri0d/my_cve/blob/main/Online-Hotel-Reservation-System-In-PHP-With-Source-Code-deleteroominventory.php-sql-injection.md https://www.sourcecodester.com/ |
| SourceCodester–Online Hotel Reservation System | A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | 2025-09-22 | 7.3 | CVE-2025-10789 | VDB-325146 | SourceCodester Online Hotel Reservation System deleteslide.php sql injection VDB-325146 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653881 | SourceCodester Online Hotel Reservation System V1.0 SQL Injection https://gold-textbook-8ff.notion.site/Online-Hotel-Reservation-System-In-PHP-With-Source-Code-deleteslide-php-sql-injection-26d85e97f353807585d7e600b31d339e https://www.sourcecodester.com/ |
| code-projects–Online Bidding System | A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | 2025-09-22 | 7.3 | CVE-2025-10791 | VDB-325148 | code-projects Online Bidding System index.php sql injection VDB-325148 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654046 | code-projects Online Bidding System 1.0 SQL Injection https://github.com/K1nakoo/cve/blob/main/26/report.md https://code-projects.org/ |
| code-projects–E-Commerce Website | A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | 2025-09-22 | 7.3 | CVE-2025-10793 | VDB-325150 | code-projects E-Commerce Website admin_account_delete.php sql injection VDB-325150 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654058 | code-projects E-Commerce Website 1.0 SQL Injection https://github.com/K1nakoo/cve/blob/main/31/report.md https://code-projects.org/ |
| code-projects–Online Bidding System | A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-09-22 | 7.3 | CVE-2025-10795 | VDB-325152 | code-projects Online Bidding System bidupdate.php sql injection VDB-325152 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654077 | code-projects Online Bidding System 1.0 SQL Injection https://github.com/jackhong1236/cve_0/blob/main/12/tmp25/report.md https://code-projects.org/ |
| code-projects–Hostel Management System | A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | 2025-09-22 | 7.3 | CVE-2025-10796 | VDB-325153 | code-projects Hostel Management System login.php sql injection VDB-325153 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654090 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/lishuyuan12138/CVE/issues/1 https://code-projects.org/ |
| code-projects–Hostel Management System | A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument log_email causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-22 | 7.3 | CVE-2025-10797 | VDB-325154 | code-projects Hostel Management System index.php sql injection VDB-325154 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654091 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/Waibibabo1239/CVE/issues/1 https://code-projects.org/ |
| code-projects–Hostel Management System | A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | 2025-09-22 | 7.3 | CVE-2025-10798 | VDB-325155 | code-projects Hostel Management System index.php sql injection VDB-325155 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654092 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/598600/CVE/issues/1 https://code-projects.org/ |
| code-projects–Hostel Management System | A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | 2025-09-22 | 7.3 | CVE-2025-10799 | VDB-325156 | code-projects Hostel Management System index.php sql injection VDB-325156 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654104 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/yangzhenyu6/CVE/issues/1 https://code-projects.org/ |
| itsourcecode–Online Discussion Forum | A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | 2025-09-22 | 7.3 | CVE-2025-10800 | VDB-325157 | itsourcecode Online Discussion Forum index.php sql injection VDB-325157 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654152 | Itsourcecode Online Discussion Forum Project V1.0 SQL injection Submit #654153 | Itsourcecode Online Discussion Forum Project V1.0 SQL injection (Duplicate) https://github.com/JunGu-W/cve/issues/14 https://github.com/JunGu-W/cve/issues/15 https://itsourcecode.com/ |
| SourceCodester–Pet Grooming Management Software | A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | 2025-09-22 | 7.3 | CVE-2025-10801 | VDB-325158 | SourceCodester Pet Grooming Management Software edit_tax.php sql injection VDB-325158 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654161 | SourceCodester Pet Grooming Management Software 1.0 SQL Injection Submit #655882 | SourceCodester Pet Grooming Management Software 1.0 SQL Injection (Duplicate) https://github.com/YunyiLiu31/sql-injection-vulnerability https://www.sourcecodester.com/ |
| code-projects–Online Bidding System | A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | 2025-09-22 | 7.3 | CVE-2025-10802 | VDB-325160 | code-projects Online Bidding System remove.php sql injection VDB-325160 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654164 | code-projects Online Bidding System 1.0 SQL injection https://github.com/peri0d/my_cve/blob/main/ONLINE-BIDDING-SYSTEM-Project-V1.0-remove.php-SQL-injection.md https://code-projects.org/ |
| Campcodes–Farm Management System | A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | 2025-09-22 | 7.3 | CVE-2025-10808 | VDB-325166 | Campcodes Farm Management System uploadProduct.php sql injection VDB-325166 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654382 | Campcodes Farm Management System v1.0 SQL Injection https://github.com/EvnYeung/cve/issues/1 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | 2025-09-22 | 7.3 | CVE-2025-10809 | VDB-325167 | Campcodes Online Learning Management System department.php sql injection VDB-325167 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654434 | campcodes Online Learning Management System V1.0 SQL injection Submit #657034 | campcodes Online Learning Management System V1.0 SQL injection (Duplicate) https://github.com/luyisi-7/CVE/issues/2 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | 2025-09-22 | 7.3 | CVE-2025-10810 | VDB-325168 | Campcodes Online Learning Management System edit_user.php sql injection VDB-325168 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654435 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/luyisi-7/CVE/issues/1 https://www.campcodes.com/ |
| code-projects–Hostel Management System | A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | 2025-09-22 | 7.3 | CVE-2025-10811 | VDB-325169 | code-projects Hostel Management System index.php sql injection VDB-325169 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654436 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/27 https://code-projects.org/ |
| code-projects–Hostel Management System | A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-09-22 | 7.3 | CVE-2025-10812 | VDB-325170 | code-projects Hostel Management System index.php sql injection VDB-325170 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654437 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/28 https://code-projects.org/ |
| code-projects–Hostel Management System | A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | 2025-09-22 | 7.3 | CVE-2025-10813 | VDB-325171 | code-projects Hostel Management System index.php sql injection VDB-325171 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654438 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/29 https://code-projects.org/ |
| Jinher–OA | A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-09-22 | 7.3 | CVE-2025-10816 | VDB-325174 | Jinher OA XML text xml external entity reference VDB-325174 | CTI Indicators (IOB, IOC, IOA) Submit #654466 | Jinher OA V2.0 XML External Entity Reference https://github.com/1296299554/CVE/issues/1 |
| Campcodes–Online Learning Management System | A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-09-22 | 7.3 | CVE-2025-10817 | VDB-325175 | Campcodes Online Learning Management System admin_user.php sql injection VDB-325175 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654545 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/244556089/cve/issues/1 https://www.campcodes.com/ |
| Campcodes–Computer Sales and Inventory System | A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-09-23 | 7.3 | CVE-2025-10829 | VDB-325186 | Campcodes Computer Sales and Inventory System sup_edit1.php sql injection VDB-325186 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #655906 | Campcodes Computer Sales and Inventory System V1.0 SQL Injection https://github.com/Michsta/CVE/issues/1 https://www.campcodes.com/ |
| Campcodes–Computer Sales and Inventory System | A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/inv_edit1.php. Executing manipulation of the argument idd can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | 2025-09-23 | 7.3 | CVE-2025-10830 | VDB-325187 | Campcodes Computer Sales and Inventory System inv_edit1.php sql injection VDB-325187 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #655993 | Campcodes Computer Sales and Inventory System V1.0 SQL Injection https://github.com/Michsta/CVE/issues/2 https://www.campcodes.com/ |
| Campcodes–Computer Sales and Inventory System | A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/pro_edit1.php. The manipulation of the argument prodcode leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-09-23 | 7.3 | CVE-2025-10831 | VDB-325188 | Campcodes Computer Sales and Inventory System pro_edit1.php sql injection VDB-325188 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656016 | Campcodes Computer Sales and Inventory System V1.0 SQL Injection https://github.com/Michsta/CVE/issues/3 https://www.campcodes.com/ |
| SourceCodester–Pet Grooming Management Software | A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | 2025-09-23 | 7.3 | CVE-2025-10832 | VDB-325189 | SourceCodester Pet Grooming Management Software fetch_product_details.php sql injection VDB-325189 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656004 | SourceCodester Pet grooming management 1.0 SQL Injection https://github.com/lalalalalalala555/Pet-grooming-management-v1.0-sql-injection/blob/main/report.md https://www.sourcecodester.com/ |
| 1000projects–Bookstore Management System | A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-23 | 7.3 | CVE-2025-10833 | VDB-325190 | 1000projects Bookstore Management System login.php sql injection VDB-325190 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656419 | 1000Projects.org Bookstore Management System PHP MySQL Project 1 SQL Injection https://github.com/xingrenlvke/cve/issues/1 |
| itsourcecode–Open Source Job Portal | A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. This affects an unknown function of the file /jobportal/admin/login.php. Such manipulation of the argument user_email leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-09-23 | 7.3 | CVE-2025-10834 | VDB-325191 | itsourcecode Open Source Job Portal login.php sql injection VDB-325191 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656829 | itsourcecode Open Source Job Portal V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/30 https://itsourcecode.com/ |
| SourceCodester–Pet Grooming Management Software | A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-09-23 | 7.3 | CVE-2025-10836 | VDB-325193 | SourceCodester Pet Grooming Management Software print1.php sql injection VDB-325193 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656889 | SourceCodester Pet grooming management 1.0 SQL Injection https://github.com/xiaoliyu-1/Pet-grooming-management-print1.php-v.1.0-sql-injection/blob/main/report.md https://www.sourcecodester.com/ |
| code-projects–Online Bidding System | A security vulnerability has been detected in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/weweee.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-23 | 7.3 | CVE-2025-10841 | VDB-325203 | code-projects Online Bidding System weweee.php sql injection VDB-325203 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657195 | code-projects Online Bidding System V1.0 SQL injection https://github.com/fengzipan/cve/blob/master/tmp30/tmp30/report.md https://code-projects.org/ |
| code-projects–Online Bidding System | A vulnerability was detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/wew.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-09-23 | 7.3 | CVE-2025-10842 | VDB-325204 | code-projects Online Bidding System wew.php sql injection VDB-325204 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657196 | code-projects Online Bidding System – V1.0 SQL injection https://github.com/fengzipan/cve/blob/main/tmp29/tmp29/report.md https://code-projects.org/ |
| Reservation–Online Hotel Reservation System | A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-09-23 | 7.3 | CVE-2025-10843 | VDB-325205 | Reservation Online Hotel Reservation System paypalpayout.php sql injection VDB-325205 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657389 | code-projects Online Hotel Reservation System 1 SQL Injection https://github.com/xingrenlvke/cve/issues/10 |
| Campcodes–Gym Management System | A security flaw has been discovered in Campcodes Gym Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | 2025-09-23 | 7.3 | CVE-2025-10851 | VDB-325210 | Campcodes Gym Management System ajax.php sql injection VDB-325210 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657939 | https://www.campcodes.com gym-management-system 1.0 SQL Injection https://www.yuque.com/yuqueyonghuexlgkz/zepczx/esau5fkdf0upv8s6?singleDoc https://www.campcodes.com/ |
| Campcodes–Point of Sale System POS | A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-09-23 | 7.3 | CVE-2025-10857 | VDB-325228 | Campcodes Point of Sale System POS login.php sql injection VDB-325228 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657940 | https://www.campcodes.com complete-point-of-sale-system-pos-using-php-mysql-source-code 1.0 SQL Injection https://www.yuque.com/yuqueyonghuexlgkz/zepczx/un2cmghguhg4aogn?singleDoc https://www.campcodes.com/ |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. | 2025-09-26 | 7.5 | CVE-2025-10858 | GitLab Issue #570034 |
| Topaz–SERVCore Teller | A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 7.8 | CVE-2025-10941 | VDB-325811 | Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission VDB-325811 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651434 | Topaz SERVCore® Teller Installer V2.14.0-RC2 [2.14.1] Local Privilege Escalation https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20Local%20Privilege%20Escalation%20via%20Insecure%20Directory%20Permissions%20in%20SERVCore%20Teller%20Installer.txt |
| geyang–ml-logger | A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-09-25 | 7.3 | CVE-2025-10951 | VDB-325821 | geyang ml-logger server.py log_handler path traversal VDB-325821 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652462 | geyang ml-logger latest Unrestricted Upload https://github.com/geyang/ml-logger/issues/73 |
| MuFen-mker–PHP-Usermm | A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 7.3 | CVE-2025-10967 | VDB-325834 | MuFen-mker PHP-Usermm chkuser.php sql injection VDB-325834 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653138 | github.com PHP User Management System V1.0 SQL Injection https://github.com/Miker132/CVE-/issues/3 |
| JackieDYH–Resume-management-system | A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument userid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 7.3 | CVE-2025-10973 | VDB-325844 | JackieDYH Resume-management-system show.php sql injection VDB-325844 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653139 | github.com PHP Resume Management System V1.0 SQL Injection https://github.com/Miker132/CVE-/issues/5 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. | 2025-09-26 | 7.5 | CVE-2025-11021 | https://access.redhat.com/security/cve/CVE-2025-11021 RHBZ#2399627 |
| Tutorials-Website–Employee Management System | A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | 2025-09-26 | 7.3 | CVE-2025-11030 | VDB-325969 | Tutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorization VDB-325969 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657210 | https://github.com/tutorials-website Employee Management System(EMS Version-1.0) 1.0 broken access control https://drive.google.com/file/d/1N5ApKiYw-yKNhVERr4m3ruooiANgpFRo/view?usp=sharing |
| kidaze–CourseSelectionSystem | A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | 2025-09-26 | 7.3 | CVE-2025-11032 | VDB-325979 | kidaze CourseSelectionSystem COUNT3s6.php sql injection VDB-325979 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657950 | github.com Course Selection System v1.0 SQL Injection https://github.com/limingserverll-wq/cve/issues/3 |
| kidaze–CourseSelectionSystem | A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-09-26 | 7.3 | CVE-2025-11033 | VDB-325980 | kidaze CourseSelectionSystem COUNT3s7.php sql injection VDB-325980 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657951 | github.com Course Selection System v1.0 SQL Injection https://github.com/limingserverll-wq/cve/issues/4 |
| code-projects–E-Commerce Website | A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | 2025-09-26 | 7.3 | CVE-2025-11036 | VDB-325983 | code-projects E-Commerce Website admin_account_update.php sql injection VDB-325983 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658274 | code-projects E-Commerce Website 1.0 SQL Injection https://github.com/aCas1o/cve_report03/blob/main/report.md https://code-projects.org/ |
| code-projects–E-Commerce Website | A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-09-26 | 7.3 | CVE-2025-11037 | VDB-325984 | code-projects E-Commerce Website admin_index_search.php sql injection VDB-325984 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658275 | code-projects E-Commerce Website 1.0 SQL Injection https://github.com/aCas1o/cve_report04/blob/main/report.md https://code-projects.org/ |
| Campcodes–Computer Sales and Inventory System | A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | 2025-09-26 | 7.3 | CVE-2025-11039 | VDB-325986 | Campcodes Computer Sales and Inventory System us_edit1.php sql injection VDB-325986 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658678 | Campcodes Computer Sales and Inventory System V1.0 SQL Injection https://github.com/DavCloudz/cve/issues/1 https://www.campcodes.com/ |
| code-projects–Hostel Management System | A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | 2025-09-26 | 7.3 | CVE-2025-11040 | VDB-325987 | code-projects Hostel Management System index.php sql injection VDB-325987 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658744 | itsourcecode Hostel Management System V1.0 SQL Injection https://github.com/iflame28/CVE/issues/3 https://code-projects.org/ |
| WAYOS–LQ_04 | A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | 2025-09-26 | 7.3 | CVE-2025-11045 | VDB-326082 | WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection VDB-326082 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658913 | https://web.wayos.com/ WayOS LQ-09-22.23.17v LQ-09-22.03.17 Command Injection Submit #661153 | https://web.wayos.com Wayos LQ_07_A2-22.03.17V LQ_07_A2-22.03.17V Command Injection (Duplicate) Submit #661168 | https://web.wayos.com/ Wayos LQ-05_A2-22.03.17V LQ-05_A2-22.03.17V Integer Overflow to Buffer Overflow (Duplicate) Submit #661177 | https://web.wayos.com/ Wayos LQ_06-22.03.17V LQ_06-22.03.17V Command Injection (Duplicate) Submit #661178 | https://web.wayos.com/ Wayos LQ_04-22.03.17V LQ_04-22.03.17V Command Injection (Duplicate) https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py3shgm1z88g9xp2?singleDoc https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ogyduynf84q89x99?singleDoc |
| Tencent–WeKnora | A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: “We have confirmed that the issue mentioned in the report does not exist in the latest releases”. | 2025-09-26 | 7.3 | CVE-2025-11046 | VDB-326083 | Tencent WeKnora test testEmbeddingModel server-side request forgery VDB-326083 | CTI Indicators (IOB, IOC, IOA) Submit #658926 | Tencent WeKnora v0.1.0 Server-Side Request Forgery https://github.com/Hebing123/cve/issues/90 |
| kidaze–CourseSelectionSystem | A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-09-27 | 7.3 | CVE-2025-11052 | VDB-326092 | kidaze CourseSelectionSystem COUNT3s5.php sql injection VDB-326092 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659370 | GitHub CourseSelectionSystem V1.0 SQL Injection https://github.com/xxxmingyue/cve/issues/1 |
| PHPGurukul–Small CRM | A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-09-27 | 7.3 | CVE-2025-11053 | VDB-326093 | PHPGurukul Small CRM forgot-password.php sql injection VDB-326093 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659439 | phpgurukul Small CRM 4.0 SQL Injection https://github.com/underatted/CVE/issues/2 https://phpgurukul.com/ |
| SourceCodester–Online Hotel Reservation System | A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | 2025-09-27 | 7.3 | CVE-2025-11055 | VDB-326095 | SourceCodester Online Hotel Reservation System updateaddress.php sql injection VDB-326095 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659456 | SourceCodester Online Hotel Reservation System V1.0 SQL injection https://github.com/diy777/cve/issues/4 https://www.sourcecodester.com/ |
| SourceCodester–Pet Grooming Management Software | A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/print_inv.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | 2025-09-27 | 7.3 | CVE-2025-11057 | VDB-326097 | SourceCodester Pet Grooming Management Software print_inv.php sql injection VDB-326097 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659479 | sourcecodester Pet grooming management software 1.0 SQL Injection https://github.com/underatted/CVE/issues/4 https://www.sourcecodester.com/ |
| Campcodes–Online Learning Management System | A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/edit_student.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | 2025-09-27 | 7.3 | CVE-2025-11061 | VDB-326098 | Campcodes Online Learning Management System edit_student.php sql injection VDB-326098 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659638 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/luyisi-7/CVE/issues/5 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | 2025-09-27 | 7.3 | CVE-2025-11062 | VDB-326099 | Campcodes Online Learning Management System save_student.php sql injection VDB-326099 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659639 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/luyisi-7/CVE/issues/4 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | 2025-09-27 | 7.3 | CVE-2025-11063 | VDB-326100 | Campcodes Online Learning Management System edit_department.php sql injection VDB-326100 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659640 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/luyisi-7/CVE/issues/3 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Impacted is an unknown function of the file /admin/teachers.php. The manipulation of the argument department results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-09-27 | 7.3 | CVE-2025-11064 | VDB-326101 | Campcodes Online Learning Management System teachers.php sql injection VDB-326101 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659668 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/luyisi-7/CVE/issues/6 https://www.campcodes.com/ |
| code-projects–Online Bidding System | A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-09-27 | 7.3 | CVE-2025-11066 | VDB-326105 | code-projects Online Bidding System bidlist.php sql injection VDB-326105 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659642 | code-projects Online Bidding System 1.0 SQL Injection https://github.com/Edenchen321/-/blob/main/report.md https://code-projects.org/ |
| Projectworlds–Online Shopping System | A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | 2025-09-27 | 7.3 | CVE-2025-11070 | VDB-326109 | Projectworlds Online Shopping System cart_add.php sql injection VDB-326109 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659660 | projectworlds Online Shopping System 1.0 SQL Injection https://github.com/underatted/CVE/issues/5 |
| code-projects–Project Monitoring System | A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | 2025-09-27 | 7.3 | CVE-2025-11074 | VDB-326114 | code-projects Project Monitoring System login.php sql injection VDB-326114 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659993 | code-projects Project Monitoring System 1.0 SQL Injection https://github.com/asd1238525/cve/blob/main/SQL5.md https://code-projects.org/ |
| Campcodes–Online Learning Management System | A vulnerability has been found in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/de_activate.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-09-27 | 7.3 | CVE-2025-11075 | VDB-326115 | Campcodes Online Learning Management System de_activate.php sql injection VDB-326115 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #660854 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/xiaolonr/cve/issues/2 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A vulnerability was found in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_teacher.php. Performing manipulation of the argument department results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | 2025-09-27 | 7.3 | CVE-2025-11076 | VDB-326116 | Campcodes Online Learning Management System edit_teacher.php sql injection VDB-326116 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #660855 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/xiaolonr/cve/issues/1 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/add_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-27 | 7.3 | CVE-2025-11077 | VDB-326117 | Campcodes Online Learning Management System add_content.php sql injection VDB-326117 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661155 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/AbcDzfq/testdeom/issues/1 https://www.campcodes.com/ |
| kidaze–CourseSelectionSystem | A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-09-28 | 7.3 | CVE-2025-11089 | VDB-326171 | kidaze CourseSelectionSystem COUNT3s4.php sql injection VDB-326171 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661282 | github.com CourseSelectionSystem V1.0 SQL Injection https://github.com/evilthan9/cve/issues/2 |
| code-projects–E-Commerce Website | A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument prod_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-28 | 7.3 | CVE-2025-11094 | VDB-326175 | code-projects E-Commerce Website admin_product_details.php sql injection VDB-326175 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659820 | code-projects E-Commerce Website V1.0 SQL Injection https://github.com/wolfsecurity2/CVE/tree/main/tmp34 https://code-projects.org/ |
| itsourcecode–Open Source Job Portal | A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/company/index.php?view=edit. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-09-28 | 7.3 | CVE-2025-11101 | VDB-326182 | itsourcecode Open Source Job Portal index.php sql injection VDB-326182 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662326 | itsourcecode Open Source Job Portal V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/37 https://itsourcecode.com/ |
| Campcodes–Online Learning Management System | A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/edit_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-09-28 | 7.3 | CVE-2025-11102 | VDB-326183 | Campcodes Online Learning Management System edit_content.php sql injection VDB-326183 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662352 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/hbesljx/vul/issues/1 https://www.campcodes.com/ |
| code-projects–Simple Scheduling System | A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | 2025-09-28 | 7.3 | CVE-2025-11105 | VDB-326186 | code-projects Simple Scheduling System addsubject.php sql injection VDB-326186 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662442 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/2 https://code-projects.org/ |
| code-projects–Simple Scheduling System | A vulnerability has been found in code-projects Simple Scheduling System 1.0. This vulnerability affects unknown code of the file /schedulingsystem/addfaculty.php. Such manipulation of the argument falname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | 2025-09-28 | 7.3 | CVE-2025-11106 | VDB-326187 | code-projects Simple Scheduling System addfaculty.php sql injection VDB-326187 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662443 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/3 https://code-projects.org/ |
| code-projects–Simple Scheduling System | A vulnerability was found in code-projects Simple Scheduling System 1.0. This issue affects some unknown processing of the file /schedulingsystem/addcourse.php. Performing manipulation of the argument corcode results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | 2025-09-28 | 7.3 | CVE-2025-11107 | VDB-326188 | code-projects Simple Scheduling System addcourse.php sql injection VDB-326188 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662444 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/4 https://code-projects.org/ |
| code-projects–Simple Scheduling System | A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | 2025-09-28 | 7.3 | CVE-2025-11108 | VDB-326189 | code-projects Simple Scheduling System addroom.php sql injection VDB-326189 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662445 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/5 https://code-projects.org/ |
| Campcodes–Computer Sales and Inventory System | A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | 2025-09-28 | 7.3 | CVE-2025-11109 | VDB-326190 | Campcodes Computer Sales and Inventory System us_edit.php sql injection VDB-326190 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662455 | Computer Sales and Inventory System V1.0 SQL Injection https://github.com/DrNbnonono/CVE/issues/1 https://www.campcodes.com/ |
| Campcodes–Online Learning Management System | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-09-28 | 7.3 | CVE-2025-11110 | VDB-326191 | Campcodes Online Learning Management System school_year.php sql injection VDB-326191 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662467 | campcodes Online Learning Management System V1.0 SQL injection https://github.com/JKyukino/cve/issues/1 https://www.campcodes.com/ |
| Campcodes–Advanced Online Voting Management System | A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-09-28 | 7.3 | CVE-2025-11111 | VDB-326192 | Campcodes Advanced Online Voting Management System candidates_edit.php sql injection VDB-326192 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662468 | Campcodes Advanced Online Voting Management System 1.0 SQL Injection https://github.com/Clw309/CVE/issues/1 https://www.campcodes.com/ |
| code-projects–Simple Scheduling System | A vulnerability has been found in code-projects Simple Scheduling System 1.0. Affected by this issue is some unknown functionality of the file /addtime.php. The manipulation of the argument starttime/endtime leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-09-28 | 7.3 | CVE-2025-11115 | VDB-326196 | code-projects Simple Scheduling System addtime.php sql injection VDB-326196 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662700 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/41 https://code-projects.org/ |
| code-projects–Simple Scheduling System | A vulnerability was found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /add.home.php. The manipulation of the argument faculty results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. Other parameters might be affected as well. | 2025-09-28 | 7.3 | CVE-2025-11116 | VDB-326197 | code-projects Simple Scheduling System add.home.php sql injection VDB-326197 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662701 | code-projects Simple Scheduling System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/42 https://code-projects.org/ |
| CodeAstro–Student Grading System | A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | 2025-09-28 | 7.3 | CVE-2025-11118 | VDB-326199 | CodeAstro Student Grading System adminLogin.php sql injection VDB-326199 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #663115 | CodeAstro Student Grading System Project 1.0 SQL Injection https://github.com/Clw309/CVE/issues/2 https://codeastro.com/ |
| Cisco–Cisco IOS XE Software | A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition. | 2025-09-24 | 7.4 | CVE-2025-20311 | cisco-sa-cat9k-PtmD7bgy |
| Cisco–Cisco IOS XE Software | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system. | 2025-09-24 | 7.7 | CVE-2025-20312 | cisco-sa-snmpwred-x3MJyf5M |
| Cisco–IOS | A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2025-09-24 | 7.7 | CVE-2025-20327 | cisco-sa-ios-invalid-url-dos-Nvxszf6u |
| Cisco–IOS | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. | 2025-09-24 | 7.7 | CVE-2025-20352 | cisco-sa-snmp-x4LPhte |
| Qualcomm, Inc.–Snapdragon | Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. | 2025-09-24 | 7.8 | CVE-2025-21476 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while performing private key encryption in trusted application. | 2025-09-24 | 7.8 | CVE-2025-21481 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Cryptographic issue while performing RSA PKCS padding decoding. | 2025-09-24 | 7.1 | CVE-2025-21482 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| NVIDIA–Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-09-24 | 7.8 | CVE-2025-23348 | https://nvd.nist.gov/vuln/detail/CVE-2025-23348 https://www.cve.org/CVERecord?id=CVE-2025-23348 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 |
| NVIDIA–Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-09-24 | 7.8 | CVE-2025-23349 | https://nvd.nist.gov/vuln/detail/CVE-2025-23349 https://www.cve.org/CVERecord?id=CVE-2025-23349 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 |
| NVIDIA–Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering. | 2025-09-24 | 7.8 | CVE-2025-23353 | https://nvd.nist.gov/vuln/detail/CVE-2025-23353 https://www.cve.org/CVERecord?id=CVE-2025-23353 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 |
| NVIDIA–Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering. | 2025-09-24 | 7.8 | CVE-2025-23354 | https://nvd.nist.gov/vuln/detail/CVE-2025-23354 https://www.cve.org/CVERecord?id=CVE-2025-23354 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 |
| Qualcomm, Inc.–Snapdragon | memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. | 2025-09-24 | 7.8 | CVE-2025-27032 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers. | 2025-09-24 | 7.8 | CVE-2025-27037 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing message in guest VM. | 2025-09-24 | 7.8 | CVE-2025-27077 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Unitree–Go2 | Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches. | 2025-09-26 | 7.3 | CVE-2025-35027 | https://takeonme.org/cves/cve-2025-35027 https://github.com/Bin4ry/UniPwn https://spectrum.ieee.org/unitree-robot-exploit https://x.com/committeeonccp/status/1971250635548033311 https://www.cve.org/cverecord?id=CVE-2025-60017 https://www.cve.org/cverecord?id=CVE-2025-60250 |
| Airship AI–Acropolis | Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9. | 2025-09-22 | 7.5 | CVE-2025-35041 | url url |
| IBM–webMethods Integration | IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source. | 2025-09-22 | 7.5 | CVE-2025-36202 | https://www.ibm.com/support/pages/node/7245720 |
| IBM–Aspera HTTP Gateway | IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. | 2025-09-26 | 7.5 | CVE-2025-36274 | https://www.ibm.com/support/pages/node/7246284 |
| Dell–Wireless 5932e | Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution. | 2025-09-25 | 7.8 | CVE-2025-43993 | https://www.dell.com/support/kbdoc/en-us/000372605/dsa-2025-363 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing data sent by FE driver. | 2025-09-24 | 7.8 | CVE-2025-47314 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while handling repeated memory unmap requests from guest VM. | 2025-09-24 | 7.8 | CVE-2025-47315 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption due to double free when multiple threads race to set the timestamp store. | 2025-09-24 | 7.8 | CVE-2025-47316 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption due to global buffer overflow when a test command uses an invalid payload type. | 2025-09-24 | 7.8 | CVE-2025-47317 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Transient DOS while parsing the EPTM test control message to get the test pattern. | 2025-09-24 | 7.5 | CVE-2025-47318 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Transient DOS while handling command data during power control processing. | 2025-09-24 | 7.5 | CVE-2025-47326 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while encoding the image data. | 2025-09-24 | 7.8 | CVE-2025-47327 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Transient DOS while processing power control requests with invalid antenna or stream values. | 2025-09-24 | 7.5 | CVE-2025-47328 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while handling invalid inputs in application info setup. | 2025-09-24 | 7.8 | CVE-2025-47329 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| undsgn–Uncode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in undsgn Uncode allows Reflected XSS. This issue affects Uncode: from n/a through n/a. | 2025-09-26 | 7.1 | CVE-2025-48107 | https://patchstack.com/database/wordpress/theme/uncode/vulnerability/wordpress-uncode-theme-2-9-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1. | 2025-09-24 | 7.2 | CVE-2025-48868 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch. | 2025-09-24 | 7.5 | CVE-2025-48869 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w |
| Metagauss–ProfileGrid | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Metagauss ProfileGrid allows Reflected XSS. This issue affects ProfileGrid : from n/a through 5.9.5.7. | 2025-09-26 | 7.1 | CVE-2025-4957 | https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Pluginwale–Easy Pricing Table WP | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3. | 2025-09-22 | 7.5 | CVE-2025-53450 | https://patchstack.com/database/wordpress/plugin/easy-pricing-table-wp/vulnerability/wordpress-easy-pricing-table-wp-plugin-1-1-3-local-file-inclusion-vulnerability?_s_id=cve |
| raoinfotech–GSheets Connector | Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection. This issue affects GSheets Connector: from n/a through 1.1.1. | 2025-09-22 | 7.2 | CVE-2025-53465 | https://patchstack.com/database/wordpress/plugin/sheetlink/vulnerability/wordpress-gsheets-connector-plugin-1-1-1-php-object-injection-vulnerability?_s_id=cve |
| Microsoft–OmniParser | Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | 2025-09-24 | 7.3 | CVE-2025-55322 | OmniParser Remote Code Execution Vulnerability |
| ERA404–LinkedInclude | Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4. | 2025-09-22 | 7.1 | CVE-2025-57918 | https://patchstack.com/database/wordpress/plugin/linkedinclude/vulnerability/wordpress-linkedinclude-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| ConveyThis–Language Translate Widget for WordPress ConveyThis | Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264. | 2025-09-22 | 7.2 | CVE-2025-57919 | https://patchstack.com/database/wordpress/plugin/conveythis-translate/vulnerability/wordpress-language-translate-widget-for-wordpress-conveythis-plugin-264-php-object-injection-vulnerability?_s_id=cve |
| immonex–immonex Kickstart Team | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in immonex immonex Kickstart Team allows PHP Local File Inclusion. This issue affects immonex Kickstart Team: from n/a through 1.6.9. | 2025-09-22 | 7.5 | CVE-2025-57925 | https://patchstack.com/database/wordpress/plugin/immonex-kickstart-team/vulnerability/wordpress-immonex-kickstart-team-plugin-1-6-9-local-file-inclusion-vulnerability?_s_id=cve |
| e4jvikwp–VikRestaurants Table Reservations and Take-Away | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Reflected XSS. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.4. | 2025-09-22 | 7.1 | CVE-2025-57968 | https://patchstack.com/database/wordpress/plugin/vikrestaurants/vulnerability/wordpress-vikrestaurants-table-reservations-and-take-away-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wpdesk–Flexible PDF Invoices for WooCommerce & WordPress | Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress allows Cross Site Request Forgery. This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through 6.0.13. | 2025-09-22 | 7.1 | CVE-2025-57977 | https://patchstack.com/database/wordpress/plugin/flexible-invoices/vulnerability/wordpress-flexible-pdf-invoices-for-woocommerce-wordpress-plugin-6-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| scriptsbundle–Nokri | Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri allows Cross Site Request Forgery. This issue affects Nokri: from n/a through 1.6.4. | 2025-09-22 | 7.1 | CVE-2025-58259 | https://patchstack.com/database/wordpress/theme/nokri/vulnerability/wordpress-nokri-theme-1-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| PressPage Entertainment Inc–Mavis HTTPS to HTTP Redirection | Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection allows Stored XSS. This issue affects Mavis HTTPS to HTTP Redirection: from n/a through 1.4.3. | 2025-09-22 | 7.1 | CVE-2025-58261 | https://patchstack.com/database/wordpress/plugin/mavis-https-to-http-redirect/vulnerability/wordpress-mavis-https-to-http-redirection-plugin-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| wpdirectorykit–Sweet Energy Efficiency | Cross-Site Request Forgery (CSRF) vulnerability in wpdirectorykit Sweet Energy Efficiency allows Stored XSS. This issue affects Sweet Energy Efficiency: from n/a through 1.0.6. | 2025-09-22 | 7.1 | CVE-2025-58262 | https://patchstack.com/database/wordpress/plugin/sweet-energy-efficiency/vulnerability/wordpress-sweet-energy-efficiency-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Aftabul Islam–Stock Message | Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message allows Stored XSS. This issue affects Stock Message: from n/a through 1.1.0. | 2025-09-22 | 7.1 | CVE-2025-58267 | https://patchstack.com/database/wordpress/plugin/stock-message/vulnerability/wordpress-stock-message-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| WPMK–WPMK PDF Generator | Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator allows Stored XSS. This issue affects WPMK PDF Generator: from n/a through 1.0.1. | 2025-09-22 | 7.1 | CVE-2025-58268 | https://patchstack.com/database/wordpress/plugin/wpmk-pdf-generator/vulnerability/wordpress-wpmk-pdf-generator-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| NIX Solutions Ltd–NIX Anti-Spam Light | Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Cross Site Request Forgery. This issue affects NIX Anti-Spam Light: from n/a through 0.0.4. | 2025-09-22 | 7.1 | CVE-2025-58270 | https://patchstack.com/database/wordpress/plugin/nix-anti-spam-light/vulnerability/wordpress-nix-anti-spam-light-plugin-0-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Delta Electronics–CNCSoft-G2 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-09-24 | 7.8 | CVE-2025-58317 | https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf |
| Delta Electronics–CNCSoft-G2 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-09-24 | 7.8 | CVE-2025-58319 | https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf |
| EdwardBock–Grid | Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid allows Stored XSS. This issue affects Grid: from n/a through 2.3.1. | 2025-09-22 | 7.1 | CVE-2025-58657 | https://patchstack.com/database/wordpress/plugin/grid/vulnerability/wordpress-grid-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| awesomesupport–Awesome Support | Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection. This issue affects Awesome Support: from n/a through 6.3.4. | 2025-09-22 | 7.2 | CVE-2025-58662 | https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-6-3-4-deserialization-of-untrusted-data-vulnerability?_s_id=cve |
| Shankaranand Maurya–WP Content Protection | Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection allows Stored XSS. This issue affects WP Content Protection: from n/a through 1.3. | 2025-09-22 | 7.1 | CVE-2025-58670 | https://patchstack.com/database/wordpress/plugin/wp-content-protection/vulnerability/wordpress-wp-content-protection-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| morganrichards–Auction Feed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in morganrichards Auction Feed allows Stored XSS. This issue affects Auction Feed: from n/a through 1.1.3. | 2025-09-22 | 7.1 | CVE-2025-58671 | https://patchstack.com/database/wordpress/plugin/auction-feed/vulnerability/wordpress-auction-feed-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| extendyourweb–HORIZONTAL SLIDER | Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4. | 2025-09-22 | 7.1 | CVE-2025-58676 | https://patchstack.com/database/wordpress/plugin/horizontal-slider/vulnerability/wordpress-horizontal-slider-plugin-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| puravida1976–ShrinkTheWeb (STW) Website Previews | Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS. This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through 2.8.5. | 2025-09-22 | 7.1 | CVE-2025-58677 | https://patchstack.com/database/wordpress/plugin/shrinktheweb-website-preview-plugin/vulnerability/wordpress-shrinktheweb-stw-website-previews-plugin-2-8-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| WP CMS Ninja–Current Age Plugin | Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6. | 2025-09-22 | 7.1 | CVE-2025-58687 | https://patchstack.com/database/wordpress/plugin/current-age/vulnerability/wordpress-current-age-plugin-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Casengo–Casengo Live Chat Support | Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4. | 2025-09-22 | 7.1 | CVE-2025-58688 | https://patchstack.com/database/wordpress/plugin/the-casengo-chat-widget/vulnerability/wordpress-casengo-live-chat-support-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| ptibogxiv–Doliconnect | Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7. | 2025-09-22 | 7.1 | CVE-2025-58690 | https://patchstack.com/database/wordpress/plugin/doliconnect/vulnerability/wordpress-doliconnect-plugin-9-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| loopus–WP Attractive Donations System | Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a. | 2025-09-22 | 7.1 | CVE-2025-58956 | https://patchstack.com/database/wordpress/plugin/wp-attractive-donations-system-easy-stripe-paypal-donations/vulnerability/wordpress-wp-attractive-donations-system-plugin-1-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| hashthemes–Easy Elementor Addons | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8. | 2025-09-22 | 7.5 | CVE-2025-58973 | https://patchstack.com/database/wordpress/plugin/easy-elementor-addons/vulnerability/wordpress-easy-elementor-addons-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve |
| SeaTheme–BM Content Builder | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a. | 2025-09-26 | 7.7 | CVE-2025-59002 | https://patchstack.com/database/wordpress/plugin/bm-builder/vulnerability/wordpress-bm-content-builder-plugin-3-16-3-3-arbitrary-file-deletion-vulnerability?_s_id=cve |
| Maciej Bis–Permalink Manager Lite | Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite allows Retrieve Embedded Sensitive Data. This issue affects Permalink Manager Lite: from n/a through 2.5.1.3. | 2025-09-26 | 7.5 | CVE-2025-59010 | https://patchstack.com/database/wordpress/plugin/permalink-manager/vulnerability/wordpress-permalink-manager-lite-plugin-2-5-1-3-sensitive-data-exposure-vulnerability?_s_id=cve |
| shinetheme–Traveler | Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a. | 2025-09-26 | 7.5 | CVE-2025-59011 | https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-arbitrary-content-deletion-vulnerability?_s_id=cve |
| shinetheme–Traveler | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a. | 2025-09-26 | 7.1 | CVE-2025-59012 | https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2025-09-24 | 7.6 | CVE-2025-59251 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| cubecart–v6 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user’s password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized user can maintain access even after the password has been changed. Due to this bug, if an account has already been compromised, the legitimate user has no way to revoke the attacker’s access. The malicious actor retains full access to the account until their session naturally expires. This means the account remains insecure even after the password has been changed. This issue has been patched in version 6.5.11. | 2025-09-22 | 7.1 | CVE-2025-59335 | https://github.com/cubecart/v6/security/advisories/GHSA-4vwh-x8m2-fmvv https://github.com/cubecart/v6/commit/4bfaeb4485dd82255a108940a163af5ba4583b52 https://github.com/cubecart/v6/commit/62d9be8416aa6fd7343f8932d98c5b112b163e26 |
| authlib–authlib | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4. | 2025-09-22 | 7.5 | CVE-2025-59420 | https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32 https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df |
| FlowiseAI–Flowise | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6. | 2025-09-22 | 7.5 | CVE-2025-59527 | https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24 https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in initialize_kerberos_keytab_file_login(). The vulnerability exists because the code directly interpolates user-controlled input into a shell command and executes it via system() without any sanitization or validation. This issue has been patched in version 1.4.2. | 2025-09-23 | 7.3 | CVE-2025-59534 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-jw5c-58hr-m3v3 https://github.com/nasa/CryptoLib/commit/3ccb1b306026bb20a028fbfdcf18935f7345ed2f |
| WPFunnels–Mail Mint | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6. | 2025-09-22 | 7.6 | CVE-2025-59570 | https://patchstack.com/database/wordpress/plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-18-6-sql-injection-vulnerability?_s_id=cve |
| PenciDesign–Soledad | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in PenciDesign Soledad allows PHP Local File Inclusion. This issue affects Soledad: from n/a through 8.6.8. | 2025-09-22 | 7.5 | CVE-2025-59588 | https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-theme-8-6-8-local-file-inclusion-vulnerability?_s_id=cve |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering. | 2025-09-22 | 7.7 | CVE-2025-5962 | RHSA-2025:16345 RHSA-2025:16346 https://access.redhat.com/security/cve/CVE-2025-5962 RHBZ#2371363 |
| Zenitel–ICX500 | This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. | 2025-09-25 | 7.3 | CVE-2025-59816 | Zenitel Zenitel |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0. | 2025-09-23 | 7.6 | CVE-2025-59826 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-q7pg-qchv-3pc5 |
| rack–rack | Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18. | 2025-09-25 | 7.5 | CVE-2025-59830 | https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71 |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0. | 2025-09-24 | 7.5 | CVE-2025-59833 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-hm85-2j65-j8j2 |
| wpshuffle–Subscribe to Download | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in wpshuffle Subscribe to Download allows PHP Local File Inclusion. This issue affects Subscribe to Download: from n/a through 2.0.9. | 2025-09-26 | 7.5 | CVE-2025-60150 | https://patchstack.com/database/wordpress/plugin/subscribe-to-download/vulnerability/wordpress-subscribe-to-download-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve |
| wpshuffle–Subscribe To Unlock | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in wpshuffle Subscribe To Unlock allows PHP Local File Inclusion. This issue affects Subscribe To Unlock: from n/a through 1.1.5. | 2025-09-26 | 7.5 | CVE-2025-60153 | https://patchstack.com/database/wordpress/plugin/subscribe-to-unlock/vulnerability/wordpress-subscribe-to-unlock-plugin-1-1-5-local-file-inclusion-vulnerability?_s_id=cve |
| NewsMAN–NewsmanApp | Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7. | 2025-09-26 | 7.1 | CVE-2025-60164 | https://patchstack.com/database/wordpress/plugin/newsmanapp/vulnerability/wordpress-newsmanapp-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| W3S Cloud Technology–W3SCloud Contact Form 7 to Zoho CRM | Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0. | 2025-09-26 | 7.1 | CVE-2025-60169 | https://patchstack.com/database/wordpress/plugin/w3s-cf7-zoho/vulnerability/wordpress-w3scloud-contact-form-7-to-zoho-crm-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Taraprasad Swain–HTACCESS IP Blocker | Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0. | 2025-09-26 | 7.1 | CVE-2025-60170 | https://patchstack.com/database/wordpress/plugin/htaccess-ip-blocker/vulnerability/wordpress-htaccess-ip-blocker-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| yourplugins–Conditional Cart Messages for WooCommerce – YourPlugins.com | Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10. | 2025-09-26 | 7.1 | CVE-2025-60171 | https://patchstack.com/database/wordpress/plugin/yourplugins-wc-conditional-cart-notices/vulnerability/wordpress-conditional-cart-messages-for-woocommerce-yourplugins-com-plugin-1-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| flytedesk–Flytedesk Digital | Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101. | 2025-09-26 | 7.1 | CVE-2025-60172 | https://patchstack.com/database/wordpress/plugin/flytedesk-digital/vulnerability/wordpress-flytedesk-digital-plugin-20181101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Ashwani kumar–GST for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0. | 2025-09-26 | 7.1 | CVE-2025-60173 | https://patchstack.com/database/wordpress/plugin/gst-for-woocommerce/vulnerability/wordpress-gst-for-woocommerce-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| GitLab–GitLab | Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption. | 2025-09-27 | 7.5 | CVE-2025-8014 | GitLab Issue #556838 HackerOne Bug Bounty Report #3228134 |
| Autodesk–Revit | A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2025-09-23 | 7.8 | CVE-2025-8354 | https://www.autodesk.com/products/autodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019 |
| Autodesk–Shared Components | A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-09-22 | 7.8 | CVE-2025-8892 | https://www.autodesk.com/products/autodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019 |
| veronalabs–WP Statistics Simple, privacy-friendly Google Analytics alternative | The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-27 | 7.2 | CVE-2025-9816 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d8351204-da6d-443a-98b5-0608bfb1e9d0?source=cve https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.15.3/includes/admin/templates/pages/devices/models.php#L31 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| IBM–Storage TS4500 Library | IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2025-09-27 | 6.5 | CVE-2024-43192 | https://www.ibm.com/support/pages/node/7246245 |
| WSO2–WSO2 API Manager | An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows. | 2025-09-23 | 6.5 | CVE-2024-4598 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3355/ |
| WSO2–WSO2 Identity Server | A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of arbitrary JavaScript in the victim’s browser. This vulnerability could allow attackers to redirect users to malicious websites, modify the user interface, or exfiltrate data from the browser. However, session-related sensitive cookies are protected using the httpOnly flag, which mitigates the risk of session hijacking. | 2025-09-23 | 6.1 | CVE-2025-0209 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3902/ |
| WSO2–WSO2 Open Banking IAM | A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication cookies for users in other tenants. Because the Auto-Login feature is enabled by default, this flaw may allow an attacker to gain unauthorized access and potentially take over accounts in other tenants. Successful exploitation requires access to Adaptive Authentication functionality, which is typically restricted to high-privileged users. The vulnerability is only exploitable when Auto-Login is enabled, reducing its practical impact in deployments where the feature is disabled. | 2025-09-23 | 6.8 | CVE-2025-0663 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3864/ |
| douglaskarr–TweetThis Shortcode | The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tweetthis’ shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-10136 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e45e0ff1-3e74-4eee-a4ff-8ec033599bc3?source=cve https://plugins.svn.wordpress.org/tweetthis-shortcode/tags/1.8.0/dkts.php |
| creativemindssolutions–CM Business Directory Optimise and showcase local business | The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cmbd_featured_image’ shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-10178 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1ecd71-57ed-44ba-a007-3b96b98d3bf7?source=cve https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/frontend/cm-business-directory-business-page-sc.php#L289 https://wordpress.org/plugins/cm-business-directory/ https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/frontend/cm-business-directory-business-page-sc.php?rev=3364840#L280 https://plugins.trac.wordpress.org/browser/cm-business-directory/tags/1.5.2/frontend/cm-business-directory-business-page-sc.php#L289 |
| jhoppe–Markdown Shortcode | The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘markdown’ shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-10180 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4e9563b8-7e1b-4e87-8b56-17b75adb66c3?source=cve https://plugins.trac.wordpress.org/browser/markdown-shortcode/trunk/markdown-shortcode.php#L40 https://github.com/JohannesHoppe/markdown-shortcode/releases/tag/v0.2.3 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365425%40markdown-shortcode&new=3365425%40markdown-shortcode&sfp_email=&sfph_mail= |
| softaculous–Backuply Backup, Restore, Migrate and Clone | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-09-26 | 6.5 | CVE-2025-10307 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd53fad-1bd7-41ed-95cb-205a9b421724?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3363283%40backuply&new=3363283%40backuply&sfp_email=&sfph_mail= |
| JSC R7–R7-Office Document Server | A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to address this issue. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: “We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue – the server consistently returns proper error responses to the provided scenarios.” | 2025-09-22 | 6.3 | CVE-2025-10777 | VDB-325133 | JSC R7 R7-Office Document Server downloadas path traversal VDB-325133 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #638446 | OnlyOffice document server ?-2024.1.1-375-?/<2025.3.1.923 Path Traversal: ‘dir/../../filename’ |
| CodeAstro–Simple Pharmacy Management | A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2025-09-22 | 6.3 | CVE-2025-10780 | VDB-325136 | CodeAstro Simple Pharmacy Management view.php sql injection VDB-325136 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653704 | CodeAstro Simple Pharmacy Management System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/26 https://codeastro.com/ |
| n/a–MuYuCMS | A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. | 2025-09-22 | 6.3 | CVE-2025-10787 | VDB-325144 | MuYuCMS Add Fiend Link index.html server-side request forgery VDB-325144 | CTI Indicators (IOB, IOC, IOA) Submit #653888 | MuYuCMS 2.7 ssrf https://gitee.com/MuYuCMS/MuYuCMS/issues/ICXV34 |
| SourceCodester–Simple Forum Discussion System | A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | 2025-09-22 | 6.3 | CVE-2025-10790 | VDB-325147 | SourceCodester Simple Forum Discussion System ajax.php sql injection VDB-325147 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653991 | SourceCodester Simple Forum/Discussion System 1.0 SQL Injection https://github.com/qcycop0101-hash/CVE/issues/26 https://www.sourcecodester.com/ |
| Campcodes–Online Beauty Parlor Management System | A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | 2025-09-22 | 6.3 | CVE-2025-10804 | VDB-325162 | Campcodes Online Beauty Parlor Management System add-customer.php sql injection VDB-325162 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654373 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20add-customer.php.md https://www.campcodes.com/ |
| Campcodes–Online Beauty Parlor Management System | A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-22 | 6.3 | CVE-2025-10805 | VDB-325163 | Campcodes Online Beauty Parlor Management System add-services.php sql injection VDB-325163 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654374 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20add-services.php.md https://www.campcodes.com/ |
| Campcodes–Online Beauty Parlor Management System | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | 2025-09-22 | 6.3 | CVE-2025-10806 | VDB-325164 | Campcodes Online Beauty Parlor Management System bwdates-reports-details.php sql injection VDB-325164 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654375 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20bwdates-reports-details.php%20.md https://www.campcodes.com/ |
| Campcodes–Online Beauty Parlor Management System | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | 2025-09-22 | 6.3 | CVE-2025-10807 | VDB-325165 | Campcodes Online Beauty Parlor Management System edit-customer-detailed.php sql injection VDB-325165 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654376 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20edit-customer-detailed.php%20.md https://www.campcodes.com/ |
| D-Link–DIR-823X | A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-22 | 6.3 | CVE-2025-10814 | VDB-325172 | D-Link DIR-823X goahead command injection VDB-325172 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654452 | Dlink DIR-823x DIR-823x 250416, 240802, 240126 Command Injection https://github.com/W1ngyu/cve/blob/main/DIink-DIR-823xgoformset_server_settings_command_execution_vulnerability.md https://www.dlink.com/ |
| Campcodes–Online Beauty Parlor Management System | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | 2025-09-23 | 6.3 | CVE-2025-10825 | VDB-325182 | Campcodes Online Beauty Parlor Management System view-appointment.php sql injection VDB-325182 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654379 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20view-appointment.php.md https://www.campcodes.com/ |
| Campcodes–Online Beauty Parlor Management System | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | 2025-09-23 | 6.3 | CVE-2025-10826 | VDB-325183 | Campcodes Online Beauty Parlor Management System sales-reports-detail.php sql injection VDB-325183 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654384 | Campcodes Online Beauty Parlor Management System 1.0 SQL Injection https://github.com/fubxx/CVE/blob/main/Online%20Beauty%20Parlor%20Management%20System%20SQL%20Injection%20on%20sales-reports-detail.php.md https://www.campcodes.com/ |
| SourceCodester–Pet Grooming Management Software | A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-23 | 6.3 | CVE-2025-10828 | VDB-325185 | SourceCodester Pet Grooming Management Software edit.php sql injection VDB-325185 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #655902 | SourceCodester Pet Grooming Management Software 1.0 SQL Injection https://github.com/para-paradise/webray.com.cn/blob/main/Pet%20Grooming%20Management/SourceCodester%20Pet%20Grooming%20Management%20Software%20edit.php%20sql%20injection%20Vulnerability.md https://www.sourcecodester.com/ |
| SourceCodester–Pet Grooming Management Software | A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/view_payorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-09-23 | 6.3 | CVE-2025-10835 | VDB-325192 | SourceCodester Pet Grooming Management Software view_payorder.php sql injection VDB-325192 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #656865 | SourceCodester Pet grooming management 1.0 SQL Injection https://github.com/xiaoliyu-1/Pet-grooming-management-view_payorder.php-v.1.0-sql-injection/blob/main/report.md https://www.sourcecodester.com/ |
| SourceCodester–Pet Grooming Management Software | A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-09-23 | 6.3 | CVE-2025-10839 | VDB-325201 | SourceCodester Pet Grooming Management Software inv-print.php sql injection VDB-325201 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657156 | SourceCodester Pet Grooming Management Software 1.0 SQL Injection https://github.com/para-paradise/webray.com.cn/blob/main/Pet%20Grooming%20Management/SourceCodester%20Pet%20Grooming%20Management%20Software%20inv-print.php%20sql%20injection%20Vulnerability.md https://www.sourcecodester.com/ |
| SourceCodester–Pet Grooming Management Software | A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-09-23 | 6.3 | CVE-2025-10840 | VDB-325202 | SourceCodester Pet Grooming Management Software print-payment.php sql injection VDB-325202 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657158 | SourceCodester Pet grooming management 1.0 SQL Injection https://github.com/xiaoliyu-1/Pet-grooming-management-print-payment.php-v.1.0-Unauthorized-sql-injection/blob/main/report.md https://www.sourcecodester.com/ |
| Portabilis–i-Educar | A vulnerability has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/Cadastro/aluno. The manipulation of the argument is leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-09-23 | 6.3 | CVE-2025-10844 | VDB-325206 | Portabilis i-Educar aluno sql injection VDB-325206 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657687 | Portabilis i-Educar 2.10 SQL Injection https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/24.md https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/24.md#poc |
| Portabilis–i-Educar | A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. | 2025-09-23 | 6.3 | CVE-2025-10845 | VDB-325207 | Portabilis i-Educar view sql injection VDB-325207 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657688 | Portabilis i-Educar 2.10 SQL Injection https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/26.md https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/26.md#poc |
| Portabilis–i-Educar | A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-23 | 6.3 | CVE-2025-10846 | VDB-325208 | Portabilis i-Educar edit sql injection VDB-325208 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657691 | Portabilis i-Educar 2.10 SQL Injection https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md#poc |
| Campcodes–Society Membership Information System | A vulnerability was identified in Campcodes Society Membership Information System 1.0. This issue affects some unknown processing of the file /check_student.php. Such manipulation of the argument student_id leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | 2025-09-23 | 6.3 | CVE-2025-10848 | VDB-325209 | Campcodes Society Membership Information System check_student.php sql injection VDB-325209 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657937 | https://www.campcodes.com society-membership-information-system-using-php-mysqli-source-code 1.0 SQL Injection https://www.yuque.com/yuqueyonghuexlgkz/zepczx/mri9nrk1lh7ev7r6?singleDoc https://www.campcodes.com/ |
| geyang–ml-logger | A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-09-25 | 6.3 | CVE-2025-10950 | VDB-325820 | geyang ml-logger Ping server.py log_handler deserialization VDB-325820 | CTI Indicators (IOB, IOC, IOA) Submit #652461 | geyang ml-logger latest Code Injection https://github.com/geyang/ml-logger/issues/72 |
| Wavlink–NU516U1 | A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10958 | VDB-325826 | Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection VDB-325826 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652768 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/AddMac.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/AddMac.md#poc |
| Wavlink–NU516U1 | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10959 | VDB-325827 | Wavlink NU516U1 firewall.cgi sub_401778 command injection VDB-325827 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652769 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/DMZ.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/DMZ.md#poc |
| Wavlink–NU516U1 | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10960 | VDB-325828 | Wavlink NU516U1 DeleteMac wireless.cgi sub_402D1C command injection VDB-325828 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652780 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/DeleteMac.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/DeleteMac.md#poc |
| Wavlink–NU516U1 | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10962 | VDB-325830 | Wavlink NU516U1 SetName wireless.cgi sub_403198 command injection VDB-325830 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652782 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/SetName.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/SetName.md#poc |
| Wavlink–NU516U1 | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10963 | VDB-325831 | Wavlink NU516U1 firewall.cgi sub_4016F0 command injection VDB-325831 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652784 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/singlePortForwardDelete.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/singlePortForwardDelete.md#poc |
| Wavlink–NU516U1 | A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 6.3 | CVE-2025-10964 | VDB-325832 | Wavlink NU516U1 firewall.cgi sub_401B30 command injection VDB-325832 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652785 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md#poc |
| LazyAGI–LazyLLM | A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-25 | 6.3 | CVE-2025-10965 | VDB-325833 | LazyAGI LazyLLM server.py lazyllm_call deserialization VDB-325833 | CTI Indicators (IOB, IOC, IOA) Submit #652936 | LazyAGI LazyLLM latest Remote Code Execution https://github.com/LazyAGI/LazyLLM/issues/764 |
| giantspatula–SewKinect | A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | 2025-09-25 | 6.3 | CVE-2025-10974 | VDB-325845 | giantspatula SewKinect Endpoint calculate pickle.loads deserialization VDB-325845 | CTI Indicators (IOB, IOC, IOA) Submit #653270 | SewKinect latest OS Command Injection https://github.com/giantspatula/SewKinect/issues/3 https://github.com/giantspatula/SewKinect/issues/3#issue-3408883003 |
| GuanxingLu–vlarl | A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | 2025-09-25 | 6.3 | CVE-2025-10975 | VDB-325846 | GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization VDB-325846 | CTI Indicators (IOB, IOC, IOA) Submit #653279 | vlarl latest Insecure Deserialization(leads to Remote Code Execution) https://github.com/GuanxingLu/vlarl/issues/18 https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610 |
| YunaiV–yudao-cloud | A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 6.3 | CVE-2025-10987 | VDB-325910 | YunaiV yudao-cloud HTTP Request transfer improper authorization VDB-325910 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653735 | YunaiV yudao-cloud latest broken function level authorization https://www.cnblogs.com/aibot/p/19063573 |
| YunaiV–ruoyi-vue-pro | A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 6.3 | CVE-2025-10988 | VDB-325911 | YunaiV ruoyi-vue-pro transfer improper authorization VDB-325911 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653736 | YunaiV ruoyi-vue-pro latest broken function level authorization https://www.cnblogs.com/aibot/p/19063563 |
| yangzongzhuan–RuoYi | A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 6.3 | CVE-2025-10989 | VDB-325912 | yangzongzhuan RuoYi selectAll improper authorization VDB-325912 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653737 | yangzongzhuan RuoYi latest broken function level authorization https://www.cnblogs.com/aibot/p/19063507 |
| Jinher–OA | A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-26 | 6.3 | CVE-2025-11035 | VDB-325982 | Jinher OA text xml external entity reference VDB-325982 | CTI Indicators (IOB, IOC, IOA) Submit #658253 | Jinher OA V2.0 XML External Entity Reference https://github.com/frwfxc123/CVE/issues/1 |
| itsourcecode–Online Clinic Management System | A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-09-26 | 6.3 | CVE-2025-11038 | VDB-325985 | itsourcecode Online Clinic Management System details.php sql injection VDB-325985 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658345 | itsourcecode Online Clinic Management System 1.0 SQL Injection https://www.notion.so/inmog/Online-Clinic-Management-System-1-0-Union-Based-SQL-Injection-in-details-php-2727752d1edd8094be5ada02acf49175 https://itsourcecode.com/ |
| itsourcecode–Open Source Job Portal | A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-09-26 | 6.3 | CVE-2025-11041 | VDB-325998 | itsourcecode Open Source Job Portal index.php sql injection VDB-325998 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658746 | Open Source Job Portal V1.0 SQL Injection https://github.com/iflame28/CVE/issues/2 https://itsourcecode.com/ |
| Portabilis–i-Educar | A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-09-26 | 6.3 | CVE-2025-11047 | VDB-326084 | Portabilis i-Educar aluno improper authorization VDB-326084 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659201 | Portabilis i-educar 2.10 Broken Object Level Authorization https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11047.md https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken_Object_Level_Authorization_allows_enumeration_of_student_records_via_.module.Api.aluno.md |
| Portabilis–i-Educar | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-26 | 6.3 | CVE-2025-11048 | VDB-326085 | Portabilis i-Educar consulta-dispensas improper authorization VDB-326085 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659202 | Portabilis i-educar 2.10 Broken Access Control https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11048.md https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%20in%20%60.consulta-dispensas%60%20Endpoint.md |
| Portabilis–i-Educar | A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-09-27 | 6.3 | CVE-2025-11049 | VDB-326086 | Portabilis i-Educar unificacao-aluno improper authorization VDB-326086 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659203 | Portabilis i-educar 2.10 Broken Access Control https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11049.md https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%20in%20%60.unificacao-aluno%60%20Endpoint.md |
| Portabilis–i-Educar | A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used. | 2025-09-27 | 6.3 | CVE-2025-11050 | VDB-326087 | Portabilis i-Educar periodo-lancamento improper authorization VDB-326087 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659214 | Portabilis i-educar 2.10 Broken Access Control https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11050.md https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%20in%20%60.periodo-lancamento%60%20Endpoint.md |
| itsourcecode–Open Source Job Portal | A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-09-27 | 6.3 | CVE-2025-11054 | VDB-326094 | itsourcecode Open Source Job Portal index.php sql injection VDB-326094 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659440 | itsourcecode Open Source Job Portal V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/34 https://itsourcecode.com/ |
| ProjectsAndPrograms–School Management System | A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file owner_panel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | 2025-09-27 | 6.3 | CVE-2025-11056 | VDB-326096 | ProjectsAndPrograms School Management System select-students.php sql injection VDB-326096 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659463 | ProjectsAndPrograms school-management-system V1.0 SQL Injection https://gold-textbook-8ff.notion.site/school-management-system-student_panel-Owner-end-select-students-php-delay-SQL-injection-27485e97f35380a1b482c8e079cd6503 |
| itsourcecode–Open Source Job Portal | A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | 2025-09-27 | 6.3 | CVE-2025-11078 | VDB-326118 | itsourcecode Open Source Job Portal controller.php unrestricted upload VDB-326118 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #660919 | Itsourcecode Open Source Job Portal V1.0 File upload https://github.com/fengbenjianmo/CVE/issues/1 https://itsourcecode.com/ |
| itsourcecode–Open Source Job Portal | A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | 2025-09-27 | 6.3 | CVE-2025-11088 | VDB-326156 | itsourcecode Open Source Job Portal index.php sql injection VDB-326156 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659763 | itsourcecode Open Source Job V1.0 sql https://github.com/yihaofuweng/cve/issues/35 https://itsourcecode.com/ |
| itsourcecode–Open Source Job Portal | A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | 2025-09-28 | 6.3 | CVE-2025-11090 | VDB-326172 | itsourcecode Open Source Job Portal index.php sql injection VDB-326172 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661761 | itsourcecode Open Source Job Portal V1.0 SQL Injection Submit #662325 | itsourcecode Open Source Job Portal V1.0 SQL Injection (Duplicate) https://github.com/friendddy/cve/issues/1 https://itsourcecode.com/ |
| D-Link–DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-09-28 | 6.3 | CVE-2025-11092 | VDB-326174 | D-Link DIR-823X set_switch_settings sub_412E7C command injection VDB-326174 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661809 | D-Link DIR-823X V250416 Remote Code Execution https://github.com/maximdevere/CVE2/issues/4 https://www.dlink.com/ |
| D-Link–DIR-823X | A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-09-28 | 6.3 | CVE-2025-11095 | VDB-326176 | D-Link DIR-823X delete_offline_device command injection VDB-326176 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661911 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/delete_offline_device.md https://www.dlink.com/ |
| D-Link–DIR-823X | A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. | 2025-09-28 | 6.3 | CVE-2025-11096 | VDB-326177 | D-Link DIR-823X diag_traceroute command injection VDB-326177 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661912 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/diag_traceroute.md https://www.dlink.com/ |
| D-Link–DIR-823X | A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-09-28 | 6.3 | CVE-2025-11097 | VDB-326178 | D-Link DIR-823X set_device_name command injection VDB-326178 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661913 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/set_device_name.md https://www.dlink.com/ |
| D-Link–DIR-823X | A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | 2025-09-28 | 6.3 | CVE-2025-11098 | VDB-326179 | D-Link DIR-823X set_wifi_blacklists command injection VDB-326179 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661915 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/set_wifi_blacklists.md https://www.dlink.com/ |
| D-Link–DIR-823X | A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-28 | 6.3 | CVE-2025-11099 | VDB-326180 | D-Link DIR-823X delete_prohibiting uci_del command injection VDB-326180 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661916 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/uci_del_in_delete_prohibiting.md https://www.dlink.com/ |
| D-Link–DIR-823X | A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-09-28 | 6.3 | CVE-2025-11100 | VDB-326181 | D-Link DIR-823X set_wifi_blacklists uci_set command injection VDB-326181 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661917 | D-Link DIR-823X 250416 Command Injection https://github.com/n1ptune/dink/blob/main/uci_set.md https://www.dlink.com/ |
| CodeAstro–Electricity Billing System | A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | 2025-09-28 | 6.3 | CVE-2025-11104 | VDB-326185 | CodeAstro Electricity Billing System bill.php sql injection VDB-326185 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662441 | codeastro Electricity Billing System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/1 https://codeastro.com/ |
| CodeAstro–Online Leave Application | A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters might be affected as well. | 2025-09-28 | 6.3 | CVE-2025-11113 | VDB-326194 | CodeAstro Online Leave Application signup.php sql injection VDB-326194 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662695 | codeastro Online Leave Application V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/39 https://codeastro.com/ |
| CodeAstro–Online Leave Application | A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-09-28 | 6.3 | CVE-2025-11114 | VDB-326195 | CodeAstro Online Leave Application leaveAplicationForm.php sql injection VDB-326195 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662699 | codeastro Online Leave Application V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/40 https://codeastro.com/ |
| Tenda–AC18 | A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-09-28 | 6.3 | CVE-2025-11121 | VDB-326202 | Tenda AC18 AdvSetLanip command injection VDB-326202 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #664191 | Tenda AC18 V15.03.05.19(6318) Command Injection https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/AdvSetLanip.md https://www.tenda.com.cn/ |
| WSO2–WSO2 Enterprise Integrator | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data. | 2025-09-26 | 6.7 | CVE-2025-1862 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/ |
| Cisco–IOS | A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2025-09-24 | 6.5 | CVE-2025-20149 | cisco-sa-ios-cli-EB7cZ6yO |
| Cisco–Cisco IOS XE Software | A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device. | 2025-09-24 | 6.1 | CVE-2025-20240 | cisco-sa-webui-xss-VWyDgjOU |
| Cisco–Cisco IOS XE Software | Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details [“#details”] section of this advisory. ERP | 2025-09-24 | 6.7 | CVE-2025-20313 | cisco-sa-secboot-UqFD8AvC |
| Cisco–Cisco IOS XE Software | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper validation of software packages. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this vulnerability allows an attacker to bypass a major security feature of a device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. | 2025-09-24 | 6.7 | CVE-2025-20314 | cisco-sa-secboot-UqFD8AvC |
| Cisco–Cisco IOS XE Software | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. | 2025-09-24 | 6 | CVE-2025-20338 | cisco-sa-iosxe-arg-inject-EyDDbh4e |
| Cisco–Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. | 2025-09-25 | 6.5 | CVE-2025-20362 | cisco-sa-asaftd-webvpn-YROOTUW |
| Samsung Mobile–Retail Mode | Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices. | 2025-09-25 | 6.6 | CVE-2025-21056 | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08 |
| themeplugs–Authorsy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themeplugs Authorsy allows Stored XSS. This issue affects Authorsy: from n/a through 1.0.5. | 2025-09-26 | 6.5 | CVE-2025-27006 | https://patchstack.com/database/wordpress/plugin/authorsy/vulnerability/wordpress-authorsy-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Qualcomm, Inc.–Snapdragon | information disclosure while invoking calibration data from user space to update firmware size. | 2025-09-24 | 6.1 | CVE-2025-27030 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Information disclosure while running video usecase having rogue firmware. | 2025-09-24 | 6.1 | CVE-2025-27033 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Information disclosure when Video engine escape input data is less than expected minimum size. | 2025-09-24 | 6.1 | CVE-2025-27036 | https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html |
| IBM–Storage TS4500 Library | IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-09-27 | 6.1 | CVE-2025-36239 | https://www.ibm.com/support/pages/node/7246246 |
| Dell–Cloud Disaster Recovery | Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. | 2025-09-25 | 6.7 | CVE-2025-43943 | https://www.dell.com/support/kbdoc/en-us/000372457/dsa-2025-354-security-update-for-dell-cloud-disaster-recovery-rce-vulnerability |
| Acclectic Media–Acclectic Media Organizer | Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4. | 2025-09-26 | 6.5 | CVE-2025-48326 | https://patchstack.com/database/wordpress/plugin/acclectic-media-organizer/vulnerability/wordpress-acclectic-media-organizer-plugin-1-4-broken-access-control-vulnerability?_s_id=cve |
| Rustaurius–Ultimate WP Mail | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rustaurius Ultimate WP Mail allows Stored XSS. This issue affects Ultimate WP Mail: from n/a through 1.3.8. | 2025-09-22 | 6.5 | CVE-2025-53454 | https://patchstack.com/database/wordpress/plugin/ultimate-wp-mail/vulnerability/wordpress-ultimate-wp-mail-plugin-1-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| HT Plugins–HT Mega Absolute Addons for WPBakery Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder allows DOM-Based XSS. This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through 1.0.9. | 2025-09-22 | 6.5 | CVE-2025-53463 | https://patchstack.com/database/wordpress/plugin/ht-mega-for-wpbakery/vulnerability/wordpress-ht-mega-absolute-addons-for-wpbakery-page-builder-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| DELUCKS–DELUCKS SEO | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.7.0. | 2025-09-22 | 6.5 | CVE-2025-53570 | https://patchstack.com/database/wordpress/plugin/delucks-seo/vulnerability/wordpress-delucks-seo-plugin-2-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| LizardByte–Sunshine | Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222. | 2025-09-23 | 6.7 | CVE-2025-54081 | https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6p7j-5v8v-w45h https://github.com/LizardByte/Sunshine/commit/f22b00d6981f756d3531fba0028723d4a5065824 https://github.com/LizardByte/Sunshine/releases/tag/v2025.923.33222 |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level. | 2025-09-23 | 6.8 | CVE-2025-55038 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| WSO2–WSO2 API Manager | An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server. Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users. | 2025-09-23 | 6.7 | CVE-2025-5717 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4119/ |
| Jose Vega–WP Frontend Admin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jose Vega WP Frontend Admin allows Stored XSS. This issue affects WP Frontend Admin: from n/a through 1.22.6. | 2025-09-22 | 6.5 | CVE-2025-57898 | https://patchstack.com/database/wordpress/plugin/display-admin-page-on-frontend/vulnerability/wordpress-wp-frontend-admin-plugin-1-22-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ataur R–GutenKit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.4.2. | 2025-09-22 | 6.5 | CVE-2025-57900 | https://patchstack.com/database/wordpress/plugin/gutenkit-blocks-addon/vulnerability/wordpress-gutenkit-plugin-2-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| DAEXT–Import Markdown | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DAEXT Import Markdown allows Stored XSS. This issue affects Import Markdown: from n/a through 1.14. | 2025-09-22 | 6.5 | CVE-2025-57901 | https://patchstack.com/database/wordpress/plugin/import-markdown/vulnerability/wordpress-import-markdown-plugin-1-14-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Md Taufiqur Rahman–RIS Version Switcher – Downgrade or Upgrade WP Versions Easily | Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily allows Cross Site Request Forgery. This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through 1.0. | 2025-09-22 | 6.5 | CVE-2025-57902 | https://patchstack.com/database/wordpress/plugin/ris-version-switcher/vulnerability/wordpress-ris-version-switcher-downgrade-or-upgrade-wp-versions-easily-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Rouergue Cration–Editor Custom Color Palette | Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Custom Color Palette: from n/a through 3.4.8. | 2025-09-22 | 6.5 | CVE-2025-57909 | https://patchstack.com/database/wordpress/plugin/editor-custom-color-palette/vulnerability/wordpress-editor-custom-color-palette-plugin-3-4-8-broken-access-control-vulnerability?_s_id=cve |
| AnyClip Video Platform–AnyClip Luminous Studio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3. | 2025-09-22 | 6.5 | CVE-2025-57910 | https://patchstack.com/database/wordpress/plugin/anyclip-media/vulnerability/wordpress-anyclip-luminous-studio-plugin-1-3-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve |
| WPFactory–Adverts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4. | 2025-09-22 | 6.5 | CVE-2025-57911 | https://patchstack.com/database/wordpress/plugin/adverts-click-tracker/vulnerability/wordpress-adverts-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| eleopard–Behance Portfolio Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eleopard Behance Portfolio Manager allows Stored XSS. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. | 2025-09-22 | 6.5 | CVE-2025-57913 | https://patchstack.com/database/wordpress/plugin/portfolio-manager-powered-by-behance/vulnerability/wordpress-behance-portfolio-manager-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WP Chill–Passster | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Chill Passster allows Stored XSS. This issue affects Passster: from n/a through 4.2.18. | 2025-09-22 | 6.5 | CVE-2025-57926 | https://patchstack.com/database/wordpress/plugin/content-protector/vulnerability/wordpress-passster-plugin-4-2-18-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Diego Pereira–PowerFolio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1. | 2025-09-22 | 6.5 | CVE-2025-57932 | https://patchstack.com/database/wordpress/plugin/portfolio-elementor/vulnerability/wordpress-powerfolio-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| themewant–Easy Hotel Booking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themewant Easy Hotel Booking allows DOM-Based XSS. This issue affects Easy Hotel Booking: from n/a through 1.6.9. | 2025-09-22 | 6.5 | CVE-2025-57938 | https://patchstack.com/database/wordpress/plugin/easy-hotel/vulnerability/wordpress-easy-hotel-booking-plugin-1-6-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ays Pro–Photo Gallery by Ays | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ays Pro Photo Gallery by Ays allows DOM-Based XSS. This issue affects Photo Gallery by Ays: from n/a through 6.3.6. | 2025-09-22 | 6.5 | CVE-2025-57947 | https://patchstack.com/database/wordpress/plugin/gallery-photo-gallery/vulnerability/wordpress-photo-gallery-by-ays-plugin-6-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| e-plugins–Directory Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e-plugins Directory Pro allows DOM-Based XSS. This issue affects Directory Pro: from n/a through 2.5.5. | 2025-09-22 | 6.5 | CVE-2025-57948 | https://patchstack.com/database/wordpress/plugin/directory-pro/vulnerability/wordpress-directory-pro-plugin-2-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| 100plugins–Open User Map | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14. | 2025-09-22 | 6.5 | CVE-2025-57953 | https://patchstack.com/database/wordpress/plugin/open-user-map/vulnerability/wordpress-open-user-map-plugin-1-4-14-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ays Pro–Poll Maker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1. | 2025-09-22 | 6.5 | CVE-2025-57954 | https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-6-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Plugin Devs–Post Carousel Slider for Elementor | Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0. | 2025-09-22 | 6.5 | CVE-2025-57955 | https://patchstack.com/database/wordpress/plugin/post-carousel-slider-for-elementor/vulnerability/wordpress-post-carousel-slider-for-elementor-plugin-1-7-0-broken-access-control-vulnerability?_s_id=cve |
| Zoho Subscriptions–Zoho Billing | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Subscriptions Zoho Billing allows DOM-Based XSS. This issue affects Zoho Billing: from n/a through 4.1. | 2025-09-22 | 6.5 | CVE-2025-57963 | https://patchstack.com/database/wordpress/plugin/zoho-subscriptions/vulnerability/wordpress-zoho-billing-plugin-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| photonicgnostic–Library Bookshelves | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in photonicgnostic Library Bookshelves allows Stored XSS. This issue affects Library Bookshelves: from n/a through 5.11. | 2025-09-22 | 6.5 | CVE-2025-57964 | https://patchstack.com/database/wordpress/plugin/library-bookshelves/vulnerability/wordpress-library-bookshelves-plugin-5-11-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WP CodeUs–WP Proposals | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | 2025-09-22 | 6.5 | CVE-2025-57965 | https://patchstack.com/database/wordpress/plugin/wp-proposals/vulnerability/wordpress-wp-proposals-plugin-2-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve |
| GhozyLab–Gallery Lightbox | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab Gallery Lightbox allows Stored XSS. This issue affects Gallery Lightbox: from n/a through 1.0.0.41. | 2025-09-22 | 6.5 | CVE-2025-57966 | https://patchstack.com/database/wordpress/plugin/gallery-lightbox-slider/vulnerability/wordpress-gallery-lightbox-plugin-1-0-0-41-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WPBean–WPB Quick View for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBean WPB Quick View for WooCommerce allows Stored XSS. This issue affects WPB Quick View for WooCommerce: from n/a through 2.1.8. | 2025-09-22 | 6.5 | CVE-2025-57967 | https://patchstack.com/database/wordpress/plugin/woocommerce-lightbox/vulnerability/wordpress-wpb-quick-view-for-woocommerce-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| catchsquare–WP Social Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3.1. | 2025-09-22 | 6.5 | CVE-2025-57981 | https://patchstack.com/database/wordpress/plugin/wp-social-widget/vulnerability/wordpress-wp-social-widget-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Damian–BP Disable Activation Reloaded | Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1. | 2025-09-22 | 6.5 | CVE-2025-57983 | https://patchstack.com/database/wordpress/plugin/bp-disable-activation-reloaded/vulnerability/wordpress-bp-disable-activation-reloaded-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| husani–WP Subtitle | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in husani WP Subtitle allows Stored XSS. This issue affects WP Subtitle: from n/a through 3.4.1. | 2025-09-22 | 6.5 | CVE-2025-57986 | https://patchstack.com/database/wordpress/plugin/wp-subtitle/vulnerability/wordpress-wp-subtitle-plugin-3-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Uncanny Owl–Uncanny Toolkit for LearnDash | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.0.7.3. | 2025-09-22 | 6.5 | CVE-2025-57988 | https://patchstack.com/database/wordpress/plugin/uncanny-learndash-toolkit/vulnerability/wordpress-uncanny-toolkit-for-learndash-plugin-3-0-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Brajesh Singh–WordPress Widgets Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brajesh Singh WordPress Widgets Shortcode allows Stored XSS. This issue affects WordPress Widgets Shortcode: from n/a through 1.0.3. | 2025-09-22 | 6.5 | CVE-2025-57989 | https://patchstack.com/database/wordpress/plugin/wp-widgets-shortcode/vulnerability/wordpress-wordpress-widgets-shortcode-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Benjamin Pick–Geolocation IP Detection | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Benjamin Pick Geolocation IP Detection allows Stored XSS. This issue affects Geolocation IP Detection: from n/a through 5.5.0. | 2025-09-22 | 6.5 | CVE-2025-57993 | https://patchstack.com/database/wordpress/plugin/geoip-detect/vulnerability/wordpress-geolocation-ip-detection-plugin-5-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| matthewordie–Buckets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. | 2025-09-22 | 6.5 | CVE-2025-57996 | https://patchstack.com/database/wordpress/plugin/buckets/vulnerability/wordpress-buckets-plugin-0-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wpkoithemes–WPKoi Templates for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpkoithemes WPKoi Templates for Elementor allows DOM-Based XSS. This issue affects WPKoi Templates for Elementor: from n/a through 3.4.1. | 2025-09-22 | 6.5 | CVE-2025-57999 | https://patchstack.com/database/wordpress/plugin/wpkoi-templates-for-elementor/vulnerability/wordpress-wpkoi-templates-for-elementor-plugin-3-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Noumaan Yaqoob–Compact Archives | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noumaan Yaqoob Compact Archives allows Stored XSS. This issue affects Compact Archives: from n/a through 4.1.0. | 2025-09-22 | 6.5 | CVE-2025-58001 | https://patchstack.com/database/wordpress/plugin/compact-archives/vulnerability/wordpress-compact-archives-plugin-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Milan Petrovic–GD bbPress Tools | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Milan Petrovic GD bbPress Tools allows DOM-Based XSS. This issue affects GD bbPress Tools: from n/a through 3.5.3. | 2025-09-22 | 6.5 | CVE-2025-58002 | https://patchstack.com/database/wordpress/plugin/gd-bbpress-tools/vulnerability/wordpress-gd-bbpress-tools-plugin-3-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| xnau webdesign–Participants Database | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in xnau webdesign Participants Database allows Stored XSS. This issue affects Participants Database: from n/a through 2.7.6.3. | 2025-09-22 | 6.5 | CVE-2025-58008 | https://patchstack.com/database/wordpress/plugin/participants-database/vulnerability/wordpress-participants-database-plugin-2-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Alex–Content Mask | Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery. This issue affects Content Mask: from n/a through 1.8.5.2. | 2025-09-22 | 6.4 | CVE-2025-58011 | https://patchstack.com/database/wordpress/plugin/content-mask/vulnerability/wordpress-content-mask-plugin-1-8-5-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| bdthemes–Ultimate Store Kit Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Stored XSS. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.8.2. | 2025-09-22 | 6.5 | CVE-2025-58017 | https://patchstack.com/database/wordpress/plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Richard Leishman–Mail Subscribe List | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Richard Leishman Mail Subscribe List allows Stored XSS. This issue affects Mail Subscribe List: from n/a through 2.1.10. | 2025-09-22 | 6.5 | CVE-2025-58018 | https://patchstack.com/database/wordpress/plugin/mail-subscribe-list/vulnerability/wordpress-mail-subscribe-list-plugin-2-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Search Atlas–Search Atlas SEO | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Search Atlas Search Atlas SEO allows Stored XSS. This issue affects Search Atlas SEO: from n/a through 2.5.4. | 2025-09-22 | 6.5 | CVE-2025-58019 | https://patchstack.com/database/wordpress/plugin/metasync/vulnerability/wordpress-search-atlas-seo-plugin-2-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Jeroen Schmit–Theater for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. | 2025-09-22 | 6.5 | CVE-2025-58020 | https://patchstack.com/database/wordpress/plugin/theatre/vulnerability/wordpress-theater-for-wordpress-plugin-0-18-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| douglaskarr–List Child Pages Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in douglaskarr List Child Pages Shortcode allows Stored XSS. This issue affects List Child Pages Shortcode: from n/a through 1.3.1. | 2025-09-22 | 6.5 | CVE-2025-58021 | https://patchstack.com/database/wordpress/plugin/list-child-pages-shortcode/vulnerability/wordpress-list-child-pages-shortcode-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| maxpagels–ShortCode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in maxpagels ShortCode allows Stored XSS. This issue affects ShortCode: from n/a through 0.8.1. | 2025-09-22 | 6.5 | CVE-2025-58022 | https://patchstack.com/database/wordpress/plugin/shortcode/vulnerability/wordpress-shortcode-plugin-0-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| akdevs–Genealogical Tree | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in akdevs Genealogical Tree allows Stored XSS. This issue affects Genealogical Tree: from n/a through 2.2.5. | 2025-09-22 | 6.5 | CVE-2025-58023 | https://patchstack.com/database/wordpress/plugin/genealogical-tree/vulnerability/wordpress-genealogical-tree-plugin-2-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| averta–Master Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0. | 2025-09-22 | 6.5 | CVE-2025-58025 | https://patchstack.com/database/wordpress/plugin/master-slider/vulnerability/wordpress-master-slider-plugin-3-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| termageddon–Termageddon: Cookie Consent & Privacy Compliance | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in termageddon Termageddon: Cookie Consent & Privacy Compliance allows Stored XSS. This issue affects Termageddon: Cookie Consent & Privacy Compliance: from n/a through 1.8.1. | 2025-09-22 | 6.5 | CVE-2025-58026 | https://patchstack.com/database/wordpress/plugin/termageddon-usercentrics/vulnerability/wordpress-termageddon-cookie-consent-privacy-compliance-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wpo-HR–NGG Smart Image Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpo-HR NGG Smart Image Search allows Stored XSS. This issue affects NGG Smart Image Search: from n/a through 3.4.3. | 2025-09-22 | 6.5 | CVE-2025-58027 | https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-plugin-3-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Aum Watcharapon–Designil PDPA Thailand | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aum Watcharapon Designil PDPA Thailand allows Stored XSS. This issue affects Designil PDPA Thailand: from n/a through 2.0. | 2025-09-22 | 6.5 | CVE-2025-58028 | https://patchstack.com/database/wordpress/plugin/pdpa-thailand/vulnerability/wordpress-designil-pdpa-thailand-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| webvitaly–Page-list | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly Page-list allows Stored XSS. This issue affects Page-list: from n/a through 5.7. | 2025-09-22 | 6.5 | CVE-2025-58030 | https://patchstack.com/database/wordpress/plugin/page-list/vulnerability/wordpress-page-list-plugin-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Nextendweb–Nextend Facebook Connect | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nextendweb Nextend Facebook Connect allows Stored XSS. This issue affects Nextend Facebook Connect : from n/a through 3.1.19. | 2025-09-22 | 6.5 | CVE-2025-58031 | https://patchstack.com/database/wordpress/plugin/nextend-facebook-connect/vulnerability/wordpress-nextend-facebook-connect-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Techeshta–Card Elements for WPBakery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Techeshta Card Elements for WPBakery allows DOM-Based XSS. This issue affects Card Elements for WPBakery: from n/a through 1.0.8. | 2025-09-22 | 6.5 | CVE-2025-58220 | https://patchstack.com/database/wordpress/plugin/card-elements-for-wpbakery/vulnerability/wordpress-card-elements-for-wpbakery-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Alexander Lueken–Podlove Subscribe button | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexander Lueken Podlove Subscribe button allows Stored XSS. This issue affects Podlove Subscribe button: from n/a through 1.3.11. | 2025-09-22 | 6.5 | CVE-2025-58227 | https://patchstack.com/database/wordpress/plugin/podlove-subscribe-button/vulnerability/wordpress-podlove-subscribe-button-plugin-1-3-11-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ShapedPlugin LLC–Quick View for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin LLC Quick View for WooCommerce allows Stored XSS. This issue affects Quick View for WooCommerce: from n/a through 2.2.16. | 2025-09-22 | 6.5 | CVE-2025-58228 | https://patchstack.com/database/wordpress/plugin/woo-quickview/vulnerability/wordpress-quick-view-for-woocommerce-plugin-2-2-16-cross-site-scripting-xss-vulnerability?_s_id=cve |
| webvitaly–Sitekit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 2.0. | 2025-09-22 | 6.5 | CVE-2025-58229 | https://patchstack.com/database/wordpress/plugin/sitekit/vulnerability/wordpress-sitekit-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| bdthemes–ZoloBlocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdthemes ZoloBlocks allows DOM-Based XSS. This issue affects ZoloBlocks: from n/a through 2.3.9. | 2025-09-22 | 6.5 | CVE-2025-58230 | https://patchstack.com/database/wordpress/plugin/zoloblocks/vulnerability/wordpress-zoloblocks-plugin-2-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| bitlydeveloper–Bitly | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bitlydeveloper Bitly allows Stored XSS. This issue affects Bitly: from n/a through 2.7.4. | 2025-09-22 | 6.5 | CVE-2025-58231 | https://patchstack.com/database/wordpress/plugin/wp-bitly/vulnerability/wordpress-bitly-plugin-2-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ickata–Image Editor by Pixo | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ickata Image Editor by Pixo allows DOM-Based XSS. This issue affects Image Editor by Pixo: from n/a through 2.3.8. | 2025-09-22 | 6.5 | CVE-2025-58232 | https://patchstack.com/database/wordpress/plugin/image-editor-by-pixo/vulnerability/wordpress-image-editor-by-pixo-plugin-2-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Guaven Labs–SQL Chart Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Guaven Labs SQL Chart Builder allows DOM-Based XSS. This issue affects SQL Chart Builder: from n/a through 2.3.7.2. | 2025-09-22 | 6.5 | CVE-2025-58233 | https://patchstack.com/database/wordpress/plugin/sql-chart-builder/vulnerability/wordpress-sql-chart-builder-plugin-2-3-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| JoomSky–JS Job Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in JoomSky JS Job Manager allows Stored XSS. This issue affects JS Job Manager: from n/a through 2.0.2. | 2025-09-22 | 6.5 | CVE-2025-58234 | https://patchstack.com/database/wordpress/plugin/js-jobs/vulnerability/wordpress-js-job-manager-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Rustaurius–Front End Users | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.33. | 2025-09-22 | 6.5 | CVE-2025-58235 | https://patchstack.com/database/wordpress/plugin/front-end-only-users/vulnerability/wordpress-front-end-users-plugin-3-2-33-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Niaj Morshed–LC Wizard | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Niaj Morshed LC Wizard allows Stored XSS. This issue affects LC Wizard: from n/a through 1.3.0. | 2025-09-22 | 6.5 | CVE-2025-58237 | https://patchstack.com/database/wordpress/plugin/ghl-wizard/vulnerability/wordpress-lc-wizard-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ONTRAPORT–PilotPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ONTRAPORT PilotPress allows Stored XSS. This issue affects PilotPress: from n/a through 2.0.35. | 2025-09-22 | 6.5 | CVE-2025-58238 | https://patchstack.com/database/wordpress/plugin/pilotpress/vulnerability/wordpress-pilotpress-plugin-2-0-35-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Chandrika Sista–WP Category Dropdown | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chandrika Sista WP Category Dropdown allows Stored XSS. This issue affects WP Category Dropdown: from n/a through 1.9. | 2025-09-22 | 6.5 | CVE-2025-58239 | https://patchstack.com/database/wordpress/plugin/wp-category-dropdown/vulnerability/wordpress-wp-category-dropdown-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Michel – xiligroup dev–xili-tidy-tags | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-tidy-tags allows Stored XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06. | 2025-09-22 | 6.5 | CVE-2025-58240 | https://patchstack.com/database/wordpress/plugin/xili-tidy-tags/vulnerability/wordpress-xili-tidy-tags-plugin-1-12-06-cross-site-scripting-xss-vulnerability?_s_id=cve |
| snapwidget–SnapWidget Social Photo Feed Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in snapwidget SnapWidget Social Photo Feed Widget allows DOM-Based XSS. This issue affects SnapWidget Social Photo Feed Widget: from n/a through 1.1.0. | 2025-09-22 | 6.5 | CVE-2025-58241 | https://patchstack.com/database/wordpress/plugin/snapwidget-wp-instagram-widget/vulnerability/wordpress-snapwidget-social-photo-feed-widget-plugin-1-1-0-cross-site-scripting-xss-vulnerability-2?_s_id=cve |
| Vadim Bogaiskov–Bg Church Memos | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vadim Bogaiskov Bg Church Memos allows DOM-Based XSS. This issue affects Bg Church Memos: from n/a through 1.1. | 2025-09-22 | 6.5 | CVE-2025-58242 | https://patchstack.com/database/wordpress/plugin/bg-church-memos/vulnerability/wordpress-bg-church-memos-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| codefish–Pinterest Pinboard Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in codefish Pinterest Pinboard Widget allows Stored XSS. This issue affects Pinterest Pinboard Widget: from n/a through 1.0.7. | 2025-09-22 | 6.5 | CVE-2025-58248 | https://patchstack.com/database/wordpress/plugin/pinterest-pinboard-widget/vulnerability/wordpress-pinterest-pinboard-widget-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Rameez Iqbal–Real Estate Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rameez Iqbal Real Estate Manager allows DOM-Based XSS. This issue affects Real Estate Manager: from n/a through 7.3. | 2025-09-22 | 6.5 | CVE-2025-58253 | https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| dtbaker–StylePress for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dtbaker StylePress for Elementor allows Stored XSS. This issue affects StylePress for Elementor: from n/a through 1.2.1. | 2025-09-22 | 6.5 | CVE-2025-58254 | https://patchstack.com/database/wordpress/plugin/full-site-builder-for-elementor/vulnerability/wordpress-stylepress-for-elementor-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Picture-Planet GmbH–Verowa Connect | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Picture-Planet GmbH Verowa Connect allows Stored XSS. This issue affects Verowa Connect: from n/a through 3.2.3. | 2025-09-22 | 6.5 | CVE-2025-58257 | https://patchstack.com/database/wordpress/plugin/verowa-connect/vulnerability/wordpress-verowa-connect-plugin-3-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ronald Huereca–Highlight and Share Social Text and Image Sharing | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ronald Huereca Highlight and Share – Social Text and Image Sharing allows Stored XSS. This issue affects Highlight and Share – Social Text and Image Sharing: from n/a through 5.1.1. | 2025-09-22 | 6.5 | CVE-2025-58260 | https://patchstack.com/database/wordpress/plugin/highlight-and-share/vulnerability/wordpress-highlight-and-share-social-text-and-image-sharing-plugin-5-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| BuddyDev–BuddyPress Notification Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BuddyDev BuddyPress Notification Widget allows Stored XSS. This issue affects BuddyPress Notification Widget: from n/a through 1.3.3. | 2025-09-22 | 6.5 | CVE-2025-58263 | https://patchstack.com/database/wordpress/plugin/buddypress-notifications-widget/vulnerability/wordpress-buddypress-notification-widget-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| artbees–JupiterX Core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.10.1. | 2025-09-22 | 6.5 | CVE-2025-58264 | https://patchstack.com/database/wordpress/plugin/jupiterx-core/vulnerability/wordpress-jupiterx-core-plugin-4-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Stonehenge Creations–Events Manager – OpenStreetMaps | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps allows Stored XSS. This issue affects Events Manager – OpenStreetMaps: from n/a through 4.2.1. | 2025-09-22 | 6.5 | CVE-2025-58265 | https://patchstack.com/database/wordpress/plugin/stonehenge-em-osm/vulnerability/wordpress-events-manager-openstreetmaps-plugin-4-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Nicu Micle–Simple JWT Login | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nicu Micle Simple JWT Login allows Stored XSS. This issue affects Simple JWT Login: from n/a through 3.6.4. | 2025-09-22 | 6.5 | CVE-2025-58648 | https://patchstack.com/database/wordpress/plugin/simple-jwt-login/vulnerability/wordpress-simple-jwt-login-plugin-3-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PlayerJS–PlayerJS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PlayerJS PlayerJS allows DOM-Based XSS. This issue affects PlayerJS: from n/a through 2.24. | 2025-09-22 | 6.5 | CVE-2025-58651 | https://patchstack.com/database/wordpress/plugin/playerjs/vulnerability/wordpress-playerjs-plugin-2-24-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Themepoints–Carousel Ultimate | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. | 2025-09-22 | 6.5 | CVE-2025-58652 | https://patchstack.com/database/wordpress/plugin/carousel/vulnerability/wordpress-carousel-ultimate-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve |
| JS Morisset–JSM file_get_contents() Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in JS Morisset JSM file_get_contents() Shortcode allows Stored XSS. This issue affects JSM file_get_contents() Shortcode: from n/a through 2.7.1. | 2025-09-22 | 6.5 | CVE-2025-58653 | https://patchstack.com/database/wordpress/plugin/wp-file-get-contents/vulnerability/wordpress-jsm-file-get-contents-shortcode-plugin-2-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Michel – xiligroup dev–xili-language | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-language allows DOM-Based XSS. This issue affects xili-language: from n/a through 2.21.3. | 2025-09-22 | 6.5 | CVE-2025-58654 | https://patchstack.com/database/wordpress/plugin/xili-language/vulnerability/wordpress-xili-language-plugin-2-21-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PickPlugins–Accordion | Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14. | 2025-09-22 | 6.5 | CVE-2025-58678 | https://patchstack.com/database/wordpress/plugin/accordions/vulnerability/wordpress-accordion-plugin-2-3-14-broken-access-control-vulnerability?_s_id=cve |
| gutentor–Gutentor | Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2. | 2025-09-22 | 6.5 | CVE-2025-58680 | https://patchstack.com/database/wordpress/plugin/gutentor/vulnerability/wordpress-gutentor-plugin-3-5-2-broken-access-control-vulnerability?_s_id=cve |
| Timur Kamaev–Kama Click Counter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.4. | 2025-09-22 | 6.5 | CVE-2025-58682 | https://patchstack.com/database/wordpress/plugin/kama-clic-counter/vulnerability/wordpress-kama-click-counter-plugin-4-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Luke Mlsna–Last Updated Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Luke Mlsna Last Updated Shortcode allows Stored XSS. This issue affects Last Updated Shortcode: from n/a through 1.0.1. | 2025-09-22 | 6.5 | CVE-2025-58683 | https://patchstack.com/database/wordpress/plugin/last-updated-shortcode/vulnerability/wordpress-last-updated-shortcode-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Themepoints–Logo Showcase | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Logo Showcase allows Stored XSS. This issue affects Logo Showcase: from n/a through 3.0.9. | 2025-09-22 | 6.5 | CVE-2025-58684 | https://patchstack.com/database/wordpress/plugin/logo-showcase/vulnerability/wordpress-logo-showcase-plugin-3-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| tapfiliate–Tapfiliate | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tapfiliate Tapfiliate allows Stored XSS. This issue affects Tapfiliate: from n/a through 3.2.2. | 2025-09-22 | 6.5 | CVE-2025-58689 | https://patchstack.com/database/wordpress/plugin/tapfiliate/vulnerability/wordpress-tapfiliate-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Russell Jamieson–Genesis Club Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Russell Jamieson Genesis Club Lite allows Stored XSS. This issue affects Genesis Club Lite: from n/a through 1.17. | 2025-09-22 | 6.5 | CVE-2025-58691 | https://patchstack.com/database/wordpress/plugin/genesis-club-lite/vulnerability/wordpress-genesis-club-lite-plugin-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WebWizards–MarketKing | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebWizards MarketKing allows Stored XSS. This issue affects MarketKing: from n/a through 2.0.92. | 2025-09-22 | 6.5 | CVE-2025-58702 | https://patchstack.com/database/wordpress/plugin/marketking-multivendor-marketplace-for-woocommerce/vulnerability/wordpress-marketking-plugin-2-0-92-cross-site-scripting-xss-vulnerability?_s_id=cve |
| skyword–Skyword API Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in skyword Skyword API Plugin allows Stored XSS. This issue affects Skyword API Plugin: from n/a through 2.5.3. | 2025-09-22 | 6.5 | CVE-2025-58703 | https://patchstack.com/database/wordpress/plugin/skyword-plugin/vulnerability/wordpress-skyword-api-plugin-plugin-2-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ren Ventura–WP Delete User Accounts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ren Ventura WP Delete User Accounts allows Stored XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.4. | 2025-09-22 | 6.5 | CVE-2025-58704 | https://patchstack.com/database/wordpress/plugin/wp-delete-user-accounts/vulnerability/wordpress-wp-delete-user-accounts-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Emarket-design–YouTube Showcase | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.0. | 2025-09-23 | 6.5 | CVE-2025-58915 | https://patchstack.com/database/wordpress/plugin/youtube-showcase/vulnerability/wordpress-youtube-showcase-plugin-3-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Nick Verwymeren–Quantities and Units for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Verwymeren Quantities and Units for WooCommerce allows Stored XSS. This issue affects Quantities and Units for WooCommerce: from n/a through 1.0.13. | 2025-09-26 | 6.5 | CVE-2025-58917 | https://patchstack.com/database/wordpress/plugin/quantities-and-units-for-woocommerce/vulnerability/wordpress-quantities-and-units-for-woocommerce-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve |
| publitio–Publitio | Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1. | 2025-09-22 | 6.4 | CVE-2025-58962 | https://patchstack.com/database/wordpress/plugin/publitio/vulnerability/wordpress-publitio-plugin-2-2-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| Agency Dominion Inc.–Fusion Page Builder : Extension – Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6. | 2025-09-22 | 6.5 | CVE-2025-58965 | https://patchstack.com/database/wordpress/plugin/fusion-extension-gallery/vulnerability/wordpress-fusion-page-builder-extension-gallery-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| StellarWP–WPComplete | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2. | 2025-09-22 | 6.5 | CVE-2025-58974 | https://patchstack.com/database/wordpress/plugin/wpcomplete/vulnerability/wordpress-wpcomplete-plugin-2-9-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| impleCode–Product Catalog Simple | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2. | 2025-09-22 | 6.5 | CVE-2025-58992 | https://patchstack.com/database/wordpress/plugin/post-type-x/vulnerability/wordpress-product-catalog-simple-plugin-1-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| cubecart–v6 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11. | 2025-09-22 | 6.5 | CVE-2025-59413 | https://github.com/cubecart/v6/security/advisories/GHSA-869v-gjv8-9m7f https://github.com/cubecart/v6/commit/7fd1cd04f5d5c3ce1d7980327464f0ff6551de79 https://github.com/cubecart/v6/commit/db965fcfa260c4f17eb16f8c5494e5af4a8ac271 https://github.com/cubecart/v6/commit/dbc58cf1f7a6291f7add5893b56bff7920a29128 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0. | 2025-09-22 | 6.5 | CVE-2025-59535 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0. | 2025-09-23 | 6.3 | CVE-2025-59539 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm |
| fatcatapps–GetResponse Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0. | 2025-09-22 | 6.5 | CVE-2025-59549 | https://patchstack.com/database/wordpress/plugin/getresponse/vulnerability/wordpress-getresponse-forms-plugin-2-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Pdfcrowd Dev Team–Save as PDF | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2. | 2025-09-22 | 6.5 | CVE-2025-59552 | https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-4-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Coderz Studio–Custom iFrame for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13. | 2025-09-22 | 6.5 | CVE-2025-59553 | https://patchstack.com/database/wordpress/plugin/custom-iframe/vulnerability/wordpress-custom-iframe-for-elementor-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WP Swings–Upsell Order Bump Offer for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7. | 2025-09-22 | 6.5 | CVE-2025-59565 | https://patchstack.com/database/wordpress/plugin/upsell-order-bump-offer-for-woocommerce/vulnerability/wordpress-upsell-order-bump-offer-for-woocommerce-plugin-3-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Emraan Cheema–CubeWP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26. | 2025-09-22 | 6.5 | CVE-2025-59569 | https://patchstack.com/database/wordpress/plugin/cubewp-framework/vulnerability/wordpress-cubewp-plugin-1-1-26-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WP Travel Engine–WP Travel Engine | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2. | 2025-09-22 | 6.5 | CVE-2025-59574 | https://patchstack.com/database/wordpress/plugin/wte-elementor-widgets/vulnerability/wordpress-wp-travel-engine-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Stylemix–MasterStudy LMS | Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.20. | 2025-09-22 | 6.5 | CVE-2025-59576 | https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-6-20-broken-access-control-vulnerability?_s_id=cve |
| VW THEMES–Ibtana | Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3. | 2025-09-22 | 6.5 | CVE-2025-59581 | https://patchstack.com/database/wordpress/plugin/ibtana-visual-editor/vulnerability/wordpress-ibtana-plugin-1-2-5-3-arbitrary-content-deletion-vulnerability?_s_id=cve |
| PenciDesign–Penci Filter Everything | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Penci Filter Everything allows DOM-Based XSS. This issue affects Penci Filter Everything: from n/a through n/a. | 2025-09-22 | 6.5 | CVE-2025-59583 | https://patchstack.com/database/wordpress/plugin/penci-filter-everything/vulnerability/wordpress-penci-filter-everything-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PenciDesign–Penci Podcast | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Penci Podcast allows DOM-Based XSS. This issue affects Penci Podcast: from n/a through 1.6. | 2025-09-22 | 6.5 | CVE-2025-59584 | https://patchstack.com/database/wordpress/plugin/penci-podcast/vulnerability/wordpress-penci-podcast-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PenciDesign–Penci Recipe | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Penci Recipe allows DOM-Based XSS. This issue affects Penci Recipe: from n/a through 4.0. | 2025-09-22 | 6.5 | CVE-2025-59585 | https://patchstack.com/database/wordpress/plugin/penci-recipe/vulnerability/wordpress-penci-recipe-plugin-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PenciDesign–Penci Portfolio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5. | 2025-09-22 | 6.5 | CVE-2025-59586 | https://patchstack.com/database/wordpress/plugin/penci-portfolio/vulnerability/wordpress-penci-portfolio-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PenciDesign–Penci Shortcodes & Performance | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a. | 2025-09-22 | 6.5 | CVE-2025-59587 | https://patchstack.com/database/wordpress/plugin/penci-shortcodes/vulnerability/wordpress-penci-shortcodes-performance-plugin-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PenciDesign–Soledad | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8. | 2025-09-22 | 6.5 | CVE-2025-59589 | https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-theme-8-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Fernando Acosta–Make Column Clickable Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fernando Acosta Make Column Clickable Elementor allows Stored XSS. This issue affects Make Column Clickable Elementor: from n/a through 1.6.0. | 2025-09-22 | 6.5 | CVE-2025-59592 | https://patchstack.com/database/wordpress/plugin/make-column-clickable-elementor/vulnerability/wordpress-make-column-clickable-elementor-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0. | 2025-09-23 | 6.5 | CVE-2025-59821 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738 |
| wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0. | 2025-09-27 | 6.5 | CVE-2025-59938 | https://github.com/wazuh/wazuh/security/advisories/GHSA-vw3r-mjg3-9hh2 |
| NNCP–NNCP | nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data. | 2025-09-24 | 6.4 | CVE-2025-60020 | http://www.nncpgo.org/Release-8_005f12_005f0.html http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scWD1A@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7 |
| fkrauthan–wp-mpdf | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fkrauthan wp-mpdf allows Stored XSS. This issue affects wp-mpdf: from n/a through 3.9.1. | 2025-09-26 | 6.5 | CVE-2025-60040 | https://patchstack.com/database/wordpress/plugin/wp-mpdf/vulnerability/wordpress-wp-mpdf-plugin-3-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Jeff Farthing–Theme My Login | Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | 2025-09-26 | 6.5 | CVE-2025-60098 | https://patchstack.com/database/wordpress/plugin/theme-my-login/vulnerability/wordpress-theme-my-login-plugin-7-1-12-broken-access-control-vulnerability?_s_id=cve |
| awsm.in–Embed Any Document | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in awsm.in Embed Any Document allows Stored XSS. This issue affects Embed Any Document: from n/a through 2.7.7. | 2025-09-26 | 6.5 | CVE-2025-60099 | https://patchstack.com/database/wordpress/plugin/embed-any-document/vulnerability/wordpress-embed-any-document-plugin-2-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Syam Mohan–WPFront User Role Editor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syam Mohan WPFront User Role Editor allows Stored XSS. This issue affects WPFront User Role Editor: from n/a through 4.2.3. | 2025-09-26 | 6.5 | CVE-2025-60102 | https://patchstack.com/database/wordpress/plugin/wpfront-user-role-editor/vulnerability/wordpress-wpfront-user-role-editor-plugin-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| metaphorcreations–Ditty | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in metaphorcreations Ditty allows Stored XSS. This issue affects Ditty: from n/a through 3.1.58. | 2025-09-26 | 6.5 | CVE-2025-60105 | https://patchstack.com/database/wordpress/plugin/ditty-news-ticker/vulnerability/wordpress-ditty-plugin-3-1-58-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Syed Balkhi–aThemes Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syed Balkhi aThemes Addons for Elementor allows Stored XSS. This issue affects aThemes Addons for Elementor: from n/a through 1.1.3. | 2025-09-26 | 6.5 | CVE-2025-60112 | https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| YayCommerce–YayCurrency | Improper Control of Generation of Code (‘Code Injection’) vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2. | 2025-09-26 | 6.6 | CVE-2025-60114 | https://patchstack.com/database/wordpress/plugin/yaycurrency/vulnerability/wordpress-yaycurrency-plugin-3-2-remote-code-execution-rce-vulnerability?_s_id=cve |
| Ryan Hellyer–Simple Colorbox | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Hellyer Simple Colorbox allows Stored XSS. This issue affects Simple Colorbox: from n/a through 1.6.1. | 2025-09-26 | 6.5 | CVE-2025-60124 | https://patchstack.com/database/wordpress/plugin/simple-colorbox/vulnerability/wordpress-simple-colorbox-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| sonalsinha21–SKT Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sonalsinha21 SKT Blocks allows Stored XSS. This issue affects SKT Blocks: from n/a through 2.5. | 2025-09-26 | 6.5 | CVE-2025-60138 | https://patchstack.com/database/wordpress/plugin/skt-blocks/vulnerability/wordpress-skt-blocks-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| DaganLev–Simple Meta Tags | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5. | 2025-09-26 | 6.5 | CVE-2025-60142 | https://patchstack.com/database/wordpress/plugin/simple-meta-tags/vulnerability/wordpress-simple-meta-tags-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| HT Plugins–HT Feed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Feed allows Stored XSS. This issue affects HT Feed: from n/a through 1.3.0. | 2025-09-26 | 6.5 | CVE-2025-60147 | https://patchstack.com/database/wordpress/plugin/ht-instagram/vulnerability/wordpress-ht-feed-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| emarket-design–WP Ticket Customer Service Software & Support Ticket System | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Stored XSS. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2. | 2025-09-26 | 6.5 | CVE-2025-60157 | https://patchstack.com/database/wordpress/plugin/wp-ticket/vulnerability/wordpress-wp-ticket-customer-service-software-support-ticket-system-plugin-6-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PickPlugins–Job Board Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Job Board Manager allows DOM-Based XSS. This issue affects Job Board Manager: from n/a through 2.1.61. | 2025-09-26 | 6.5 | CVE-2025-60162 | https://patchstack.com/database/wordpress/plugin/job-board-manager/vulnerability/wordpress-job-board-manager-plugin-2-1-61-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Robin W–bbp topic count | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Robin W bbp topic count allows DOM-Based XSS. This issue affects bbp topic count: from n/a through 3.1. | 2025-09-26 | 6.5 | CVE-2025-60163 | https://patchstack.com/database/wordpress/plugin/bbp-topic-count/vulnerability/wordpress-bbp-topic-count-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CIRCL–vulnerability-lookup | vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and Sightings components. Untrusted data was not properly sanitized before being rendered in templates and tables, which could allow attackers to inject arbitrary JavaScript into the application. The issue was due to unsafe use of innerHTML and insufficient validation of dynamic URLs and model fields. This vulnerability has been fixed by escaping untrusted data, replacing innerHTML assignments with safer DOM methods, encoding URLs with encodeURIComponent, and improving input validation in the affected models. | 2025-09-25 | 6.4 | CVE-2025-60249 | https://github.com/vulnerability-lookup/vulnerability-lookup/commit/afa12347f1461d9481eba75ac19897e80a9c7434 |
| Webbeyaz Website Design–Website Software | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting (XSS).This issue affects Website Software: through 2025.07.14. | 2025-09-26 | 6.1 | CVE-2025-6396 | https://www.usom.gov.tr/bildirim/tr-25-0302 |
| GitLab–GitLab | A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities. | 2025-09-26 | 6.5 | CVE-2025-7691 | GitLab Issue #555786 HackerOne Bug Bounty Report #3200469 |
| kraftplugins–Mega Elements Addons for Elementor | The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-8200 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c676a0-287f-479c-aaa1-ba638b340e11?source=cve https://wordpress.org/plugins/mega-elements-addons-for-elementor/#developers https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362890%40mega-elements-addons-for-elementor&new=3362890%40mega-elements-addons-for-elementor&sfp_email=&sfph_mail= |
| spwebguy–Team Members | The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-27 | 6.4 | CVE-2025-8440 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b46c3f25-6879-47b1-9026-4297fdd003b0?source=cve https://plugins.trac.wordpress.org/browser/team-members/trunk/inc/tmm-save-metaboxes.php#L77 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3364663%40team-members%2Ftrunk&old=3116517%40team-members%2Ftrunk&sfp_email=&sfph_mail= |
| Marketing Fire, LLC–Widget Options – Extended | The Widget Options – Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘do_sidebar’ shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-23 | 6.4 | CVE-2025-8902 | https://www.wordfence.com/threat-intel/vulnerabilities/id/98f8a524-b0b8-4e11-b789-bed3bd257a10?source=cve https://widget-options.com/changelog/ |
| trustindex–Widgets for Tiktok Feed | The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘trustindex-feed’ shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-8906 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0b070542-83fc-4086-a40d-15a8d31fadc5?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3363725%40widgets-for-tiktok-video-feed&new=3363725%40widgets-for-tiktok-video-feed&sfp_email=&sfph_mail= |
| mapster–Mapster WP Maps | The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple fields in versions up to, and including, 1.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-9044 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b0f2c7f0-ff24-4489-9fb4-8a98ac6dc09a?source=cve https://plugins.trac.wordpress.org/browser/mapster-wp-maps/tags/1.18.0/admin/includes/acf-map-fields.php#L15547 https://plugins.trac.wordpress.org/browser/mapster-wp-maps/tags/1.18.0/admin/includes/acf-map-fields.php#L13932 https://plugins.trac.wordpress.org/browser/mapster-wp-maps/tags/1.18.0/admin/includes/acf-map-fields.php#L13952 https://plugins.trac.wordpress.org/browser/mapster-wp-maps/tags/1.18.0/admin/includes/acf-map-fields.php#L13972 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3363333%40mapster-wp-maps&new=3363333%40mapster-wp-maps&sfp_email=&sfph_mail= |
| Anadolu Hayat Emeklilik Inc.–AHE Mobile | Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse.This issue affects AHE Mobile: from 1.9.7 before 1.9.9. | 2025-09-23 | 6.5 | CVE-2025-9342 | https://www.usom.gov.tr/bildirim/tr-25-0287 |
| themifyme–Themify Builder | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.6.9. | 2025-09-24 | 6.4 | CVE-2025-9353 | https://www.wordfence.com/threat-intel/vulnerabilities/id/508e97a0-9757-426c-bf0f-cdce6b489ce7?source=cve https://plugins.trac.wordpress.org/browser/themify-builder/trunk/templates/template-icon.php#L95 https://plugins.trac.wordpress.org/browser/themify-builder/trunk/templates/template-fancy-heading.php#L73 https://plugins.trac.wordpress.org/browser/themify-builder/trunk/templates/template-fancy-heading.php#L96 https://plugins.trac.wordpress.org/browser/themify-builder/trunk/js/editor/build/modules.min.js https://plugins.trac.wordpress.org/changeset/3366817/ https://plugins.trac.wordpress.org/changeset/3355757/ |
| danieliser–Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder | The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-09-26 | 6.4 | CVE-2025-9490 | https://www.wordfence.com/threat-intel/vulnerabilities/id/84861460-5257-466e-b2c1-4b8abcf86bd1?source=cve https://plugins.trac.wordpress.org/browser/popup-maker/tags/1.20.6/includes/importer/easy-modal-v2.php#L259 https://wordpress.org/plugins/popup-maker/#developers https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362078%40popup-maker&new=3362078%40popup-maker&sfp_email=&sfph_mail= |
| trustreviews–Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms | The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feed_save function. This makes it possible for unauthenticated attackers to create or modify feed entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 6.1 | CVE-2025-9899 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d22101-06ef-4492-8ba9-8cf2ca1f4474?source=cve https://plugins.trac.wordpress.org/browser/trust-reviews/trunk/includes/class-feed-serializer.php#L12 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations. | 2025-09-26 | 6.5 | CVE-2025-9958 | GitLab Issue #567777 HackerOne Bug Bounty Report #3323573 |
| AMD–AMD Instinct MI300X | Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. | 2025-09-23 | 5 | CVE-2024-21927 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html |
| AMD–AMD Instinct MI300X | Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption. | 2025-09-23 | 5 | CVE-2024-21935 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html |
| inc2734–Snow Monkey | The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-09-26 | 5.4 | CVE-2025-10137 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4a938a-044b-4991-bc4c-db9e15210f06?source=cve https://github.com/inc2734/wp-oembed-blog-card https://github.com/inc2734/wp-oembed-blog-card/blob/master/src/App/Model/Requester.php#L64-L89 https://github.com/inc2734/wp-oembed-blog-card/compare/14.0.1…14.0.2 https://github.com/inc2734/snow-monkey/compare/29.1.5…29.1.6 |
| specialk–Banhammer Monitor Site Traffic, Block Bad Users and Bots | The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin’s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request. | 2025-09-26 | 5.3 | CVE-2025-10745 | https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336 https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365979%40banhammer&new=3365979%40banhammer&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365087%40banhammer&new=3365087%40banhammer&sfp_email=&sfph_mail= |
| axboe–fio | A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. | 2025-09-23 | 5.3 | CVE-2025-10824 | VDB-325181 | axboe fio init.c __parse_jobs_ini use after free VDB-325181 | CTI Indicators (IOB, IOC, IOA) Submit #654072 | Jens Axboe Fio 3.41 / master commit 84787ad Use After Free https://github.com/axboe/fio/issues/1981 https://github.com/user-attachments/files/22266756/poc.zip |
| Red Hat–Red Hat Enterprise v6,v7,v8,v9,10 | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. | 2025-09-25 | 5.5 | CVE-2025-10911 | https://access.redhat.com/security/cve/CVE-2025-10911 RHBZ#2397838 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 |
| Sistemas Pleno–Gesto de Locao | A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component. | 2025-09-25 | 5.3 | CVE-2025-10947 | VDB-325817 | Sistemas Pleno Gestão de Locação CPF validarCpf authorization VDB-325817 | CTI Indicators (IOB, IOC, IOA) Submit #652282 | Sistemas Pleno Gestão de Locação Prior to 2025.8.0 Insecure Direct Object Reference (IDOR) https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs |
| geyang–ml-logger | A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-09-25 | 5.3 | CVE-2025-10952 | VDB-325822 | geyang ml-logger File server.py stream_handler information disclosure VDB-325822 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652463 | geyang ml-logger latest Arbitrary file read https://github.com/geyang/ml-logger/issues/74 |
| n/a–github.com/nyaruka/phonenumbers | Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a “runtime error: slice bounds out of range”. | 2025-09-27 | 5.3 | CVE-2025-10954 | https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNYARUKAPHONENUMBERS-6084070 https://github.com/nyaruka/phonenumbers/issues/148 https://github.com/nyaruka/phonenumbers/commit/0479e35488e8a002a261cdb515ef8a7f80ca37fe |
| Wavlink–NU516U1 | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 5.5 | CVE-2025-10961 | VDB-325829 | Wavlink NU516U1 Delete_Mac_list wireless.cgi sub_4030C0 command injection VDB-325829 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #652781 | Wavlink NU516U1 M16U1_V240425 Command Injection https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/Delete_Mac_list.md |
| roncoo–roncoo-pay | A vulnerability was determined in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 5.3 | CVE-2025-10992 | VDB-325919 | roncoo roncoo-pay lookupList improper authorization VDB-325919 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653738 | roncoo roncoo-pay latest broken function level authorization https://www.cnblogs.com/aibot/p/19063472 |
| Open Babel — Up to v3.1.1 | A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited. | 2025-09-26 | 5.3 | CVE-2025-10994 | VDB-325922 | Open Babel gamessformat.cpp ReadMolecule use after free VDB-325922 | CTI Indicators (IOB, IOC, IOA) Submit #654057 | Open Babel 3.1.1 / master commit 889c350 Use After Free https://github.com/openbabel/openbabel/issues/2834 https://github.com/user-attachments/files/22318611/poc.zip |
| Open Babel — Up to v3.1.1 | A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. | 2025-09-26 | 5.3 | CVE-2025-10995 | VDB-325923 | Open Babel zipstreamimpl.h underflow memory corruption VDB-325923 | CTI Indicators (IOB, IOC, IOA) Submit #654059 | Open Babel 3.1.1 / master commit 889c3501 Memory Corruption https://github.com/openbabel/openbabel/issues/2832 https://github.com/user-attachments/files/22318572/poc.zip |
| Open Babel — Up to v3.1.1 | A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used. | 2025-09-26 | 5.3 | CVE-2025-10996 | VDB-325924 | Open Babel smilesformat.cpp ParseSmiles heap-based overflow VDB-325924 | CTI Indicators (IOB, IOC, IOA) Submit #654060 | Open Babel 3.1.1 / master commit 889c350 Heap-based Buffer Overflow https://github.com/openbabel/openbabel/issues/2831 https://github.com/user-attachments/files/22318556/poc.zip |
| Open Babel — Up to v3.1.1 | A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. | 2025-09-26 | 5.3 | CVE-2025-10997 | VDB-325925 | Open Babel chemkinformat.cpp CheckSpecies heap-based overflow VDB-325925 | CTI Indicators (IOB, IOC, IOA) Submit #654062 | Open Babel 3.1.1 / master commit 889c350 Heap-based Buffer Overflow https://github.com/openbabel/openbabel/issues/2830 https://github.com/user-attachments/files/22318543/poc.zip |
| vstakhov–libucl | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-09-26 | 5.3 | CVE-2025-11010 | VDB-325953 | vstakhov libucl ucl_util.c ucl_include_common heap-based overflow VDB-325953 | CTI Indicators (IOB, IOC, IOA) Submit #654068 | vstakhov libucl 0.9.2 / master commit d8af953 Heap-based Buffer Overflow https://github.com/vstakhov/libucl/issues/337 https://github.com/user-attachments/files/22317650/poc.zip |
| BehaviorTree — BehaviorTree up to 4.7.0 | A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue. | 2025-09-26 | 5.3 | CVE-2025-11012 | VDB-325955 | BehaviorTree Diagnostic Message script_parser.cpp ParseScript stack-based overflow VDB-325955 | CTI Indicators (IOB, IOC, IOA) Submit #654074 | Davide Faconti BehaviorTree 4.7.0 / master commit 8d47d39 Stack-based Buffer Overflow https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1006 https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1007 https://github.com/user-attachments/files/22251337/poc.zip https://github.com/BehaviorTree/BehaviorTree.CPP/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3 |
| OGRECave–Ogre | A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be exploited. | 2025-09-26 | 5.3 | CVE-2025-11014 | VDB-325957 | OGRECave Ogre Image OgreSTBICodec.cpp encode heap-based overflow VDB-325957 | CTI Indicators (IOB, IOC, IOA) Submit #654269 | Ogre3D Ogre v14.4.1 / master commit f629d22 Heap-based Buffer Overflow https://github.com/OGRECave/ogre/issues/3445 https://github.com/user-attachments/files/22326665/poc.zip |
| OGRECave–Ogre | A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. | 2025-09-26 | 5.3 | CVE-2025-11015 | VDB-325958 | OGRECave Ogre OgreSTBICodec.cpp encode mismatched memory management routines VDB-325958 | CTI Indicators (IOB, IOC, IOA) Submit #654340 | Ogre3D Ogre v14.4.1 / master commit f629d22 Mismatched Memory Management Routines https://github.com/OGRECave/ogre/issues/3446 https://github.com/user-attachments/files/22328216/poc.zip |
| Four-Faith–Water Conservancy Informatization Platform | A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 5.3 | CVE-2025-11018 | VDB-325961 | Four-Faith Water Conservancy Informatization Platform download.do;usrlogout.do.do path traversal VDB-325961 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #650695 | Four-Faith Water Conservancy Informatization Platform V1.0 Path Traversal https://github.com/MMarch7/CVE/issues/1 |
| Vimesoft Information Technologies and Software Inc.–Vimesoft Corporate Messaging Platform | Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0. | 2025-09-26 | 5.3 | CVE-2025-11025 | https://www.usom.gov.tr/bildirim/tr-25-0300 |
| givanz–Vvveb | A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. Once again the project maintainer reacted very professional: “I accept the existence of these vulnerabilities. (…) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release.” | 2025-09-26 | 5.3 | CVE-2025-11028 | VDB-325966 | givanz Vvveb Image information disclosure VDB-325966 | CTI Indicators (IOB, IOC, TTP) Submit #657185 | givanz Vvveb Vvveb 1.0.7.2 Exposure of Sensitive Information Through Metadata https://gist.github.com/KhanMarshaI/9a1a5b72ff7a0a9d180ca77d26814bc7 |
|
DataTables — DataTables up to V1.10.13 |
A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 1.10.15 is sufficient to fix this issue. Patch name: 3b24f99ac4ddb7f9072076b0d07f0b1a408f177a. Upgrading the affected component is advised. This vulnerability was initially reported for code-projects Faculty Management System but appears to affect DataTables as an upstream component instead. The vendor of DataTables explains: “I would suggest that the author upgrade to the latest versions of DataTables (actually, they shouldn’t really be deploying that file to their own server at all – it is only relevant for the DataTables examples).” | 2025-09-26 | 5.3 | CVE-2025-11031 | VDB-325970 | DataTables examples.php path traversal VDB-325970 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657918 | code-projects Faculty Management System 1.0 Path Traversal: ‘…/…//’ https://github.com/xiaoliyu-1/Faculty-Management-System-examples.php-v.1.0-Path-Traversal/blob/main/report.md https://github.com/xiaoliyu-1/Faculty-Management-System-examples.php-v.1.0-Path-Traversal/blob/main/report.md#url https://github.com/DataTables/DataTables/commit/3b24f99ac4ddb7f9072076b0d07f0b1a408f177a https://github.com/DataTables/DataTables/releases/tag/1.10.15 |
| Red Hat–OpenShift Service Mesh 3 | A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. | 2025-09-26 | 5.7 | CVE-2025-11060 | https://access.redhat.com/security/cve/CVE-2025-11060 RHBZ#2394708 https://github.com/surrealdb/surrealdb https://github.com/surrealdb/surrealdb/commit/d81169a06b89f0c588134ddf2d62eeb8d5e8fd0c https://github.com/surrealdb/surrealdb/pull/6247 https://github.com/surrealdb/surrealdb/security/advisories/GHSA-7vm2-j586-vcvc https://surrealdb.com/docs/surrealql/statements/live |
| Campcodes–Farm Management System | A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | 2025-09-27 | 5.3 | CVE-2025-11079 | VDB-326119 | Campcodes Farm Management System file information disclosure VDB-326119 | CTI Indicators (IOB, IOC, TTP) Submit #661199 | Campcodes Farm Management System v1.0 Directory traversal https://github.com/unicorn33355/cve/issues/1 https://www.campcodes.com/ |
| GNU–Binutils | A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with “[f]ixed for 2.46”. | 2025-09-27 | 5.3 | CVE-2025-11082 | VDB-326123 | GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow VDB-326123 | CTI Indicators (IOB, IOC, IOA) Submit #661276 | GNU Binutils 2.45 Heap-based Buffer Overflow https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://www.gnu.org/ |
| GNU–Binutils | A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with “[f]ixed for 2.46”. | 2025-09-27 | 5.3 | CVE-2025-11083 | VDB-326124 | GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow VDB-326124 | CTI Indicators (IOB, IOC, IOA) Submit #661277 | GNU Binutils 2.45 Heap-based Buffer Overflow https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://www.gnu.org/ |
| Cisco–Cisco IOS XE Software | A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller. | 2025-09-24 | 5.3 | CVE-2025-20293 | cisco-sa-9800cl-openscep-SB4xtxzP |
| Cisco–Cisco IOS XE Software | A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) that has an egress ACL applied. An attacker could exploit this vulnerability by causing the VLAN to flush its MAC address table. This condition can also occur if the MAC address table is full. A successful exploit could allow the attacker to bypass an egress ACL on an affected device. | 2025-09-24 | 5.3 | CVE-2025-20316 | cisco-sa-cat9k-acl-L4K7VXgD |
| Cisco–Cisco SD-WAN vEdge Cloud | A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. | 2025-09-24 | 5.8 | CVE-2025-20339 | cisco-sa-defaultacl-pSJk9nVF |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. | 2025-09-24 | 5.7 | CVE-2025-23272 | https://nvd.nist.gov/vuln/detail/CVE-2025-23272 https://www.cve.org/CVERecord?id=CVE-2025-23272 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| Dell–BSAFE Crypto-J | Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure. | 2025-09-25 | 5.9 | CVE-2025-26333 | https://www.dell.com/support/kbdoc/en-us/000296144/dsa-2025-100-dell-bsafe-crypto-j-security-update |
| algoliasearch-helper — v2.00 and before 3.11.2 | Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the “extreme edge-case” that the resulting error is caught, code injected into the user-supplied search parameter may be exeucted. This is related to but distinct from the issue reported in [CVE-2021-23433](https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421). **NOTE:** This vulnerability is not exploitable in the default configuration of InstantSearch since searchParameters are not modifiable by users. | 2025-09-27 | 5.9 | CVE-2025-3193 | https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-3318396 https://github.com/algolia/algoliasearch-helper-js/issues/922 https://github.com/algolia/algoliasearch-helper-js/commit/776dff23c87b0902e554e02a8c2567d2580fe12a |
| IBM–webMethods Integration | IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-09-22 | 5.4 | CVE-2025-36037 | https://www.ibm.com/support/pages/node/7245758 |
| IBM–Sterling Connect:Express for Microsoft Windows | IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 2025-09-22 | 5.9 | CVE-2025-36064 | https://www.ibm.com/support/pages/node/7245761 |
| WAGO–Solution Builder | The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. | 2025-09-24 | 5.3 | CVE-2025-41716 | https://certvde.com/de/advisories/VDE-2025-087 |
| mihdan–Mihdan: No External Links | Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links allows Cross Site Request Forgery. This issue affects Mihdan: No External Links: from n/a through 5.1.4. | 2025-09-22 | 5.4 | CVE-2025-53451 | https://patchstack.com/database/wordpress/plugin/mihdan-no-external-links/vulnerability/wordpress-mihdan-no-external-links-plugin-5-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| CashBill–CashBill.pl – Patnoci WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.1. | 2025-09-22 | 5.9 | CVE-2025-53455 | https://patchstack.com/database/wordpress/plugin/cashbill-payment-method/vulnerability/wordpress-cashbill-pl-platnosci-woocommerce-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| davaxi–Goracash | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in davaxi Goracash allows Stored XSS. This issue affects Goracash: from n/a through 1.1. | 2025-09-22 | 5.9 | CVE-2025-53458 | https://patchstack.com/database/wordpress/plugin/goracash/vulnerability/wordpress-goracash-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ads by WPQuads–Ads by WPQuads | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ads by WPQuads Ads by WPQuads allows Stored XSS. This issue affects Ads by WPQuads: from n/a through 2.0.92. | 2025-09-22 | 5.9 | CVE-2025-53459 | https://patchstack.com/database/wordpress/plugin/quick-adsense-reloaded/vulnerability/wordpress-ads-by-wpquads-plugin-2-0-92-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Syed Balkhi–AffiliateWP External Referral Links | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syed Balkhi AffiliateWP – External Referral Links allows Stored XSS. This issue affects AffiliateWP – External Referral Links: from n/a through 1.2.0. | 2025-09-22 | 5.9 | CVE-2025-53460 | https://patchstack.com/database/wordpress/plugin/affiliatewp-external-referral-links/vulnerability/wordpress-affiliatewp-external-referral-links-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| SAPO–SAPO Feed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SAPO SAPO Feed allows Stored XSS. This issue affects SAPO Feed: from n/a through 2.4.2. | 2025-09-22 | 5.9 | CVE-2025-53462 | https://patchstack.com/database/wordpress/plugin/sapo-feed/vulnerability/wordpress-sapo-feed-plugin-2-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ironikus–WP Mailto Links | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ironikus WP Mailto Links allows Stored XSS. This issue affects WP Mailto Links: from n/a through 3.1.4. | 2025-09-22 | 5.9 | CVE-2025-53464 | https://patchstack.com/database/wordpress/plugin/wp-mailto-links/vulnerability/wordpress-wp-mailto-links-plugin-3-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CodeSolz–Better Find and Replace | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeSolz Better Find and Replace allows Stored XSS. This issue affects Better Find and Replace: from n/a through 1.7.6. | 2025-09-22 | 5.9 | CVE-2025-53466 | https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| webvitaly–Login-Logout | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly Login-Logout allows Stored XSS. This issue affects Login-Logout: from n/a through 3.8. | 2025-09-22 | 5.9 | CVE-2025-53467 | https://patchstack.com/database/wordpress/plugin/login-logout/vulnerability/wordpress-login-logout-plugin-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Mortgage Calculator–BMI Adult & Kid Calculator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Stored XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2. | 2025-09-22 | 5.9 | CVE-2025-53469 | https://patchstack.com/database/wordpress/plugin/bmi-adultkid-calculator/vulnerability/wordpress-bmi-adult-kid-calculator-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC application. | 2025-09-23 | 5.9 | CVE-2025-57882 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| AresIT–WP Compress | Missing Authorization vulnerability in AresIT WP Compress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Compress: from n/a through 6.50.54. | 2025-09-22 | 5.3 | CVE-2025-57899 | https://patchstack.com/database/wordpress/plugin/wp-compress-image-optimizer/vulnerability/wordpress-wp-compress-plugin-6-50-54-broken-access-control-vulnerability?_s_id=cve |
| WPSuperiors Developer–WooCommerce Additional Fees On Checkout (Free) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) allows Stored XSS. This issue affects WooCommerce Additional Fees On Checkout (Free): from n/a through 1.5.0. | 2025-09-22 | 5.9 | CVE-2025-57903 | https://patchstack.com/database/wordpress/plugin/woo-additional-fees-on-checkout-wordpress/vulnerability/wordpress-woocommerce-additional-fees-on-checkout-free-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WP-EXPERTS.IN–Sales Count Manager for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5. | 2025-09-22 | 5.9 | CVE-2025-57904 | https://patchstack.com/database/wordpress/plugin/wc-sales-count-manager/vulnerability/wordpress-sales-count-manager-for-woocommerce-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| epeken–Epeken All Kurir | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 2.0.2. | 2025-09-22 | 5.9 | CVE-2025-57906 | https://patchstack.com/database/wordpress/plugin/epeken-all-kurir/vulnerability/wordpress-epeken-all-kurir-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Heureka Group–Heureka | Missing Authorization vulnerability in Heureka Group Heureka allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Heureka: from n/a through 1.1.0. | 2025-09-22 | 5.3 | CVE-2025-57907 | https://patchstack.com/database/wordpress/plugin/heureka/vulnerability/wordpress-heureka-plugin-1-1-0-broken-access-control-vulnerability?_s_id=cve |
| ProWCPlugins–Product Time Countdown for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4. | 2025-09-22 | 5.9 | CVE-2025-57908 | https://patchstack.com/database/wordpress/plugin/product-countdown-for-woocommerce/vulnerability/wordpress-product-time-countdown-for-woocommerce-plugin-1-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| dialogity–Dialogity Free Live Chat | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dialogity Dialogity Free Live Chat allows Stored XSS. This issue affects Dialogity Free Live Chat: from n/a through 1.0.3. | 2025-09-22 | 5.9 | CVE-2025-57912 | https://patchstack.com/database/wordpress/plugin/dialogity-website-chat/vulnerability/wordpress-dialogity-free-live-chat-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CK MacLeod–Category Featured Images Extended | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CK MacLeod Category Featured Images Extended allows Stored XSS. This issue affects Category Featured Images Extended: from n/a through 1.52. | 2025-09-22 | 5.9 | CVE-2025-57920 | https://patchstack.com/database/wordpress/plugin/category-featured-images-extended/vulnerability/wordpress-category-featured-images-extended-plugin-1-52-cross-site-scripting-xss-vulnerability?_s_id=cve |
| N-Media–Frontend File Manager | Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2. | 2025-09-22 | 5.3 | CVE-2025-57921 | https://patchstack.com/database/wordpress/plugin/nmedia-user-file-uploader/vulnerability/wordpress-frontend-file-manager-plugin-23-2-broken-access-control-vulnerability?_s_id=cve |
| Coordinadora Mercantil S.A.–Envos Coordinadora Woocommerce | Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31. | 2025-09-22 | 5.3 | CVE-2025-57922 | https://patchstack.com/database/wordpress/plugin/coordinadora/vulnerability/wordpress-envios-coordinadora-woocommerce-plugin-1-1-31-sensitive-data-exposure-vulnerability?_s_id=cve |
| Ideal Postcodes–UK Address Postcode Validation | Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation allows Retrieve Embedded Sensitive Data. This issue affects UK Address Postcode Validation: from n/a through 3.9.2. | 2025-09-22 | 5.3 | CVE-2025-57923 | https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability?_s_id=cve |
| Strategy11 Team–AWP Classifieds | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5. | 2025-09-22 | 5.3 | CVE-2025-57928 | https://patchstack.com/database/wordpress/plugin/another-wordpress-classifieds-plugin/vulnerability/wordpress-awp-classifieds-plugin-4-3-5-content-injection-vulnerability?_s_id=cve |
| kanwei_doublethedonation–Double the Donation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kanwei_doublethedonation Double the Donation allows Stored XSS. This issue affects Double the Donation: from n/a through 2.0.0. | 2025-09-22 | 5.9 | CVE-2025-57929 | https://patchstack.com/database/wordpress/plugin/double-the-donation/vulnerability/wordpress-double-the-donation-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Ricky Dawn–Bot Block – Stop Spam Referrals in Google Analytics | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block – Stop Spam Referrals in Google Analytics: from n/a through 2.6. | 2025-09-22 | 5.9 | CVE-2025-57935 | https://patchstack.com/database/wordpress/plugin/bot-block-stop-spam-google-analytics-referrals/vulnerability/wordpress-bot-block-stop-spam-referrals-in-google-analytics-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Blocksera–Image Hover Effects Elementor Addon | Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.4. | 2025-09-22 | 5.3 | CVE-2025-57939 | https://patchstack.com/database/wordpress/plugin/image-hover-effects-addon-for-elementor/vulnerability/wordpress-image-hover-effects-elementor-addon-plugin-1-4-4-broken-access-control-vulnerability?_s_id=cve |
| Suresh Kumar Mukhiya–Append extensions on Pages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Suresh Kumar Mukhiya Append extensions on Pages allows Stored XSS. This issue affects Append extensions on Pages: from n/a through 1.1.2. | 2025-09-22 | 5.9 | CVE-2025-57940 | https://patchstack.com/database/wordpress/plugin/append-extensions-on-pages/vulnerability/wordpress-append-extensions-on-pages-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| JonathanMH–Append Link on Copy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in JonathanMH Append Link on Copy allows Stored XSS. This issue affects Append Link on Copy: from n/a through 0.2. | 2025-09-22 | 5.9 | CVE-2025-57941 | https://patchstack.com/database/wordpress/plugin/append-link-on-copy/vulnerability/wordpress-append-link-on-copy-plugin-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Skimlinks–Skimlinks Affiliate Marketing Tool | Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | 2025-09-22 | 5.3 | CVE-2025-57944 | https://patchstack.com/database/wordpress/plugin/skimlinks/vulnerability/wordpress-skimlinks-affiliate-marketing-tool-plugin-1-3-broken-access-control-vulnerability?_s_id=cve |
| cedcommerce–WP Advanced PDF | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cedcommerce WP Advanced PDF allows Stored XSS. This issue affects WP Advanced PDF: from n/a through 1.1.7. | 2025-09-22 | 5.9 | CVE-2025-57945 | https://patchstack.com/database/wordpress/plugin/wp-advanced-pdf/vulnerability/wordpress-wp-advanced-pdf-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Loc Bui–payOS | Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS allows Cross Site Request Forgery. This issue affects payOS: from n/a through 1.0.61. | 2025-09-22 | 5.4 | CVE-2025-57946 | https://patchstack.com/database/wordpress/plugin/payos/vulnerability/wordpress-payos-plugin-1-0-61-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| oggix–Ongkoskirim.id | Missing Authorization vulnerability in oggix Ongkoskirim.id allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ongkoskirim.id: from n/a through 1.0.6. | 2025-09-22 | 5.4 | CVE-2025-57949 | https://patchstack.com/database/wordpress/plugin/ongkoskirim-id/vulnerability/wordpress-ongkoskirim-id-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve |
| Glen Scott–Plugin Security Scanner | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Glen Scott Plugin Security Scanner allows Stored XSS. This issue affects Plugin Security Scanner: from n/a through 2.0.2. | 2025-09-22 | 5.9 | CVE-2025-57950 | https://patchstack.com/database/wordpress/plugin/plugin-security-scanner/vulnerability/wordpress-plugin-security-scanner-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ken107–SiteNarrator Text-to-Speech Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ken107 SiteNarrator Text-to-Speech Widget allows Stored XSS. This issue affects SiteNarrator Text-to-Speech Widget: from n/a through 1.9. | 2025-09-22 | 5.9 | CVE-2025-57951 | https://patchstack.com/database/wordpress/plugin/sitespeaker-widget/vulnerability/wordpress-sitenarrator-text-to-speech-widget-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| icopydoc–Maps for WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5. | 2025-09-22 | 5.9 | CVE-2025-57952 | https://patchstack.com/database/wordpress/plugin/maps-for-wp/vulnerability/wordpress-maps-for-wp-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wpcraft–WooMS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12. | 2025-09-22 | 5.9 | CVE-2025-57956 | https://patchstack.com/database/wordpress/plugin/wooms/vulnerability/wordpress-wooms-plugin-9-12-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wpcraft–WooMS | Missing Authorization vulnerability in wpcraft WooMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooMS: from n/a through 9.12. | 2025-09-22 | 5.3 | CVE-2025-57957 | https://patchstack.com/database/wordpress/plugin/wooms/vulnerability/wordpress-wooms-plugin-9-12-broken-access-control-vulnerability?_s_id=cve |
| WPXPO–WowAddons | Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowAddons: from n/a through 1.0.17. | 2025-09-22 | 5.3 | CVE-2025-57958 | https://patchstack.com/database/wordpress/plugin/product-addons/vulnerability/wordpress-wowaddons-plugin-1-0-17-broken-access-control-vulnerability?_s_id=cve |
| tmatsuur–Slightly troublesome permalink | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tmatsuur Slightly troublesome permalink allows Stored XSS. This issue affects Slightly troublesome permalink: from n/a through 1.2.0. | 2025-09-22 | 5.9 | CVE-2025-57959 | https://patchstack.com/database/wordpress/plugin/slightly-troublesome-permalink/vulnerability/wordpress-slightly-troublesome-permalink-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| e4jvikwp–VikRestaurants Table Reservations and Take-Away | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Stored XSS. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.4. | 2025-09-22 | 5.9 | CVE-2025-57962 | https://patchstack.com/database/wordpress/plugin/vikrestaurants/vulnerability/wordpress-vikrestaurants-table-reservations-and-take-away-plugin-1-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve |
| SALESmanago–SALESmanago | Missing Authorization vulnerability in SALESmanago SALESmanago allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SALESmanago: from n/a through 3.8.1. | 2025-09-22 | 5.3 | CVE-2025-57971 | https://patchstack.com/database/wordpress/plugin/salesmanago/vulnerability/wordpress-salesmanago-plugin-3-8-1-broken-access-control-vulnerability?_s_id=cve |
| Chad Butler–WP-Members | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chad Butler WP-Members allows Stored XSS. This issue affects WP-Members: from n/a through 3.5.4.2. | 2025-09-22 | 5.5 | CVE-2025-57973 | https://patchstack.com/database/wordpress/plugin/wp-members/vulnerability/wordpress-wp-members-plugin-3-5-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| tuyennv–TZ PlusGallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tuyennv TZ PlusGallery allows Stored XSS. This issue affects TZ PlusGallery: from n/a through 1.5.5. | 2025-09-22 | 5.9 | CVE-2025-57974 | https://patchstack.com/database/wordpress/plugin/tz-plus-gallery/vulnerability/wordpress-tz-plusgallery-plugin-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CardCom–CardCom Payment Gateway | Missing Authorization vulnerability in CardCom CardCom Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CardCom Payment Gateway: from n/a through 3.5.0.4. | 2025-09-22 | 5.3 | CVE-2025-57976 | https://patchstack.com/database/wordpress/plugin/woo-cardcom-payment-gateway/vulnerability/wordpress-cardcom-payment-gateway-plugin-3-5-0-4-broken-access-control-vulnerability?_s_id=cve |
| Russell Jamieson–AuthorSure | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Russell Jamieson AuthorSure allows Stored XSS. This issue affects AuthorSure: from n/a through 2.3. | 2025-09-22 | 5.9 | CVE-2025-57979 | https://patchstack.com/database/wordpress/plugin/authorsure/vulnerability/wordpress-authorsure-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Tomas Cordero–Safety Exit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tomas Cordero Safety Exit allows Stored XSS. This issue affects Safety Exit: from n/a through 1.8.0. | 2025-09-22 | 5.9 | CVE-2025-57980 | https://patchstack.com/database/wordpress/plugin/safety-exit/vulnerability/wordpress-safety-exit-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WPBean–Advance Portfolio Grid | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBean Advance Portfolio Grid allows Stored XSS. This issue affects Advance Portfolio Grid: from n/a through 1.07.6. | 2025-09-22 | 5.9 | CVE-2025-57982 | https://patchstack.com/database/wordpress/plugin/advance-portfolio-grid/vulnerability/wordpress-advance-portfolio-grid-plugin-1-07-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ThimPress–WP Events Manager | Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1. | 2025-09-22 | 5.3 | CVE-2025-57987 | https://patchstack.com/database/wordpress/plugin/wp-events-manager/vulnerability/wordpress-wp-events-manager-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve |
| solwininfotech–Blog Designer | Missing Authorization vulnerability in solwininfotech Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blog Designer: from n/a through 3.1.8. | 2025-09-22 | 5.4 | CVE-2025-57990 | https://patchstack.com/database/wordpress/plugin/blog-designer/vulnerability/wordpress-blog-designer-plugin-3-1-8-broken-access-control-vulnerability?_s_id=cve |
| Clariti–Clariti | Missing Authorization vulnerability in Clariti Clariti allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clariti: from n/a through 1.2.1. | 2025-09-22 | 5.4 | CVE-2025-57991 | https://patchstack.com/database/wordpress/plugin/clariti/vulnerability/wordpress-clariti-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve |
| Sayful Islam–Upcoming Events Lists | Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Upcoming Events Lists: from n/a through 1.4.0. | 2025-09-22 | 5.4 | CVE-2025-57994 | https://patchstack.com/database/wordpress/plugin/upcoming-events-lists/vulnerability/wordpress-upcoming-events-lists-plugin-1-4-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| Hamid Reza Yazdani–E-namad & Shamed Logo Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hamid Reza Yazdani E-namad & Shamed Logo Manager allows Stored XSS. This issue affects E-namad & Shamed Logo Manager: from n/a through 2.2. | 2025-09-22 | 5.9 | CVE-2025-57998 | https://patchstack.com/database/wordpress/plugin/e-namad-shamed-logo-manager/vulnerability/wordpress-e-namad-shamed-logo-manager-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| memberful–Memberful | Missing Authorization vulnerability in memberful Memberful allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Memberful: from n/a through 1.75.0. | 2025-09-22 | 5.3 | CVE-2025-58000 | https://patchstack.com/database/wordpress/plugin/memberful-wp/vulnerability/wordpress-memberful-plugin-1-75-0-broken-access-control-vulnerability?_s_id=cve |
| javothemes–Javo Core | Missing Authorization vulnerability in javothemes Javo Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Javo Core: from n/a through 3.0.0.266. | 2025-09-22 | 5.3 | CVE-2025-58003 | https://patchstack.com/database/wordpress/plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-broken-access-control-vulnerability?_s_id=cve |
| SmartDataSoft–DriCub | Missing Authorization vulnerability in SmartDataSoft DriCub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DriCub: from n/a through 2.9. | 2025-09-22 | 5.3 | CVE-2025-58004 | https://patchstack.com/database/wordpress/theme/dricub-driving-school/vulnerability/wordpress-dricub-theme-2-9-broken-access-control-vulnerability?_s_id=cve |
| SmartDataSoft–DriCub | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery. This issue affects DriCub: from n/a through 2.9. | 2025-09-22 | 5.4 | CVE-2025-58005 | https://patchstack.com/database/wordpress/theme/dricub-driving-school/vulnerability/wordpress-dricub-theme-2-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| Ays Pro–Quiz Maker | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | 2025-09-22 | 5.3 | CVE-2025-58015 | https://patchstack.com/database/wordpress/plugin/quiz-maker/vulnerability/wordpress-quiz-maker-plugin-6-7-0-61-sensitive-data-exposure-vulnerability?_s_id=cve |
| Sumit Singh–Classic Widgets with Block-based Widgets | Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Classic Widgets with Block-based Widgets: from n/a through 1.0.1. | 2025-09-22 | 5.3 | CVE-2025-58029 | https://patchstack.com/database/wordpress/plugin/classic-widgets-with-block-based-widgets/vulnerability/wordpress-classic-widgets-with-block-based-widgets-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve |
| leeshadle–Draft | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in leeshadle Draft allows Stored XSS. This issue affects Draft: from n/a through 3.0.9. | 2025-09-22 | 5.9 | CVE-2025-58033 | https://patchstack.com/database/wordpress/plugin/website-builder/vulnerability/wordpress-draft-plugin-3-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session. | 2025-09-23 | 5.3 | CVE-2025-58069 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| Maidul–Team Manager | Missing Authorization vulnerability in Maidul Team Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Manager: from n/a through 2.3.14. | 2025-09-22 | 5.3 | CVE-2025-58222 | https://patchstack.com/database/wordpress/plugin/wp-team-manager/vulnerability/wordpress-team-manager-plugin-2-3-14-broken-access-control-vulnerability?_s_id=cve |
| Chris Taylor–VoucherPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chris Taylor VoucherPress allows Stored XSS. This issue affects VoucherPress: from n/a through 1.5.7. | 2025-09-22 | 5.9 | CVE-2025-58223 | https://patchstack.com/database/wordpress/plugin/voucherpress/vulnerability/wordpress-voucherpress-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Printeers–Printeers Print & Ship | Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0. | 2025-09-22 | 5.4 | CVE-2025-58224 | https://patchstack.com/database/wordpress/plugin/invition-print-ship/vulnerability/wordpress-printeers-print-ship-plugin-1-17-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| iberezansky–3D FlipBook PDF Flipbook Viewer, Flipbook Image Gallery | Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16. | 2025-09-22 | 5.3 | CVE-2025-58226 | https://patchstack.com/database/wordpress/plugin/interactive-3d-flipbook-powered-physics-engine/vulnerability/wordpress-3d-flipbook-pdf-flipbook-viewer-flipbook-image-gallery-plugin-1-16-16-sensitive-data-exposure-vulnerability?_s_id=cve |
| bestweblayout–Portfolio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. | 2025-09-22 | 5.9 | CVE-2025-58245 | https://patchstack.com/database/wordpress/plugin/portfolio/vulnerability/wordpress-portfolio-plugin-2-58-cross-site-scripting-xss-vulnerability?_s_id=cve |
| templateinvaders–TI WooCommerce Wishlist | Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | 2025-09-22 | 5.3 | CVE-2025-58247 | https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-plugin-2-10-0-broken-access-control-vulnerability?_s_id=cve |
| Jonathan Brinley–DOAJ Export | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jonathan Brinley DOAJ Export allows Stored XSS. This issue affects DOAJ Export: from n/a through 1.0.4. | 2025-09-22 | 5.9 | CVE-2025-58256 | https://patchstack.com/database/wordpress/plugin/doaj-export/vulnerability/wordpress-doaj-export-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Fumiki Takahashi–Gianism | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fumiki Takahashi Gianism allows Stored XSS. This issue affects Gianism: from n/a through 5.2.2. | 2025-09-22 | 5.9 | CVE-2025-58266 | https://patchstack.com/database/wordpress/plugin/gianism/vulnerability/wordpress-gianism-plugin-5-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| weDevs–WP Project Manager | Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded Sensitive Data. This issue affects WP Project Manager: from n/a through 2.6.25. | 2025-09-22 | 5.3 | CVE-2025-58269 | https://patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-25-sensitive-data-exposure-vulnerability?_s_id=cve |
| AnyClip Video Platform–AnyClip Luminous Studio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3. | 2025-09-22 | 5.9 | CVE-2025-58271 | https://patchstack.com/database/wordpress/plugin/anyclip-media/vulnerability/wordpress-anyclip-luminous-studio-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click Programming Software. | 2025-09-23 | 5.9 | CVE-2025-58473 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| Gravitate–Gravitate Automated Tester | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gravitate Gravitate Automated Tester allows Stored XSS. This issue affects Gravitate Automated Tester: from n/a through 1.4.5. | 2025-09-22 | 5.9 | CVE-2025-58645 | https://patchstack.com/database/wordpress/plugin/gravitate-automated-tester/vulnerability/wordpress-gravitate-automated-tester-plugin-1-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| chtombleson–Mobi2Go | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in chtombleson Mobi2Go allows Stored XSS. This issue affects Mobi2Go: from n/a through 1.0.0. | 2025-09-22 | 5.9 | CVE-2025-58646 | https://patchstack.com/database/wordpress/plugin/mobi2go/vulnerability/wordpress-mobi2go-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Will.I.am–Simple Restaurant Menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Will.I.am Simple Restaurant Menu allows Stored XSS. This issue affects Simple Restaurant Menu: from n/a through 1.2. | 2025-09-22 | 5.9 | CVE-2025-58647 | https://patchstack.com/database/wordpress/plugin/simple-restaurant-menu/vulnerability/wordpress-simple-restaurant-menu-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Syed Balkhi–All In One SEO Pack | Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All In One SEO Pack: from n/a through 4.8.7. | 2025-09-22 | 5.4 | CVE-2025-58650 | https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-broken-access-control-vulnerability?_s_id=cve |
| Mattia Roccoberton–Category Featured Images | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mattia Roccoberton Category Featured Images allows Stored XSS. This issue affects Category Featured Images: from n/a through 1.1.8. | 2025-09-22 | 5.9 | CVE-2025-58655 | https://patchstack.com/database/wordpress/plugin/category-featured-images/vulnerability/wordpress-category-featured-images-plugin-1-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Risto Niinemets–Estonian Shipping Methods for WooCommerce | Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2. | 2025-09-22 | 5.3 | CVE-2025-58656 | https://patchstack.com/database/wordpress/plugin/estonian-shipping-methods-for-woocommerce/vulnerability/wordpress-estonian-shipping-methods-for-woocommerce-plugin-1-7-2-sensitive-data-exposure-vulnerability?_s_id=cve |
| Proof Factor LLC–Proof Factor – Social Proof Notifications | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications allows Stored XSS. This issue affects Proof Factor – Social Proof Notifications: from n/a through 1.0.5. | 2025-09-22 | 5.9 | CVE-2025-58658 | https://patchstack.com/database/wordpress/plugin/proof-factor-social-proof-notifications/vulnerability/wordpress-proof-factor-social-proof-notifications-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Essekia–Helpie FAQ | Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded Sensitive Data. This issue affects Helpie FAQ: from n/a through 1.39. | 2025-09-22 | 5.3 | CVE-2025-58659 | https://patchstack.com/database/wordpress/plugin/helpie-faq/vulnerability/wordpress-helpie-faq-plugin-1-39-sensitive-data-exposure-vulnerability?_s_id=cve |
| brandexponents–Oshine Core | Missing Authorization vulnerability in brandexponents Oshine Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Oshine Core: from n/a through 1.5.5. | 2025-09-22 | 5.4 | CVE-2025-58660 | https://patchstack.com/database/wordpress/plugin/oshine-core/vulnerability/wordpress-oshine-core-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve |
| eZee Technosys–eZee Online Hotel Booking Engine | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eZee Technosys eZee Online Hotel Booking Engine allows Stored XSS. This issue affects eZee Online Hotel Booking Engine: from n/a through 1.0.0. | 2025-09-22 | 5.9 | CVE-2025-58661 | https://patchstack.com/database/wordpress/plugin/online-booking-engine/vulnerability/wordpress-ezee-online-hotel-booking-engine-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| tmontg1–Form Generator for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tmontg1 Form Generator for WordPress allows Stored XSS. This issue affects Form Generator for WordPress: from n/a through 1.5.2. | 2025-09-22 | 5.9 | CVE-2025-58665 | https://patchstack.com/database/wordpress/plugin/form-generator-powered-by-jotform/vulnerability/wordpress-form-generator-for-wordpress-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CridioStudio–ListingPro Reviews | Missing Authorization vulnerability in CridioStudio ListingPro Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro Reviews: from n/a through 1.6. | 2025-09-22 | 5.4 | CVE-2025-58667 | https://patchstack.com/database/wordpress/plugin/listingpro-reviews/vulnerability/wordpress-listingpro-reviews-plugin-1-6-broken-access-control-vulnerability?_s_id=cve |
| Modern Minds–Magento 2 WordPress Integration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS. This issue affects Magento 2 WordPress Integration: from n/a through 1.4.1. | 2025-09-22 | 5.9 | CVE-2025-58669 | https://patchstack.com/database/wordpress/plugin/m2wp/vulnerability/wordpress-magento-2-wordpress-integration-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Tareq Hasan–WP User Frontend | Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11. | 2025-09-22 | 5.4 | CVE-2025-58672 | https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-1-11-broken-access-control-vulnerability?_s_id=cve |
| Tareq Hasan–WP User Frontend | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Tareq Hasan WP User Frontend allows Code Injection. This issue affects WP User Frontend: from n/a through 4.1.11. | 2025-09-22 | 5.4 | CVE-2025-58673 | https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-1-11-content-injection-vulnerability?_s_id=cve |
| Automattic–WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector. This issue affects WordPress: from n/a through 6.8.2. | 2025-09-23 | 5.9 | CVE-2025-58674 | https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| AppMySite–AppMySite | Missing Authorization vulnerability in AppMySite AppMySite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AppMySite: from n/a through 3.14.0. | 2025-09-22 | 5.3 | CVE-2025-58679 | https://patchstack.com/database/wordpress/plugin/appmysite/vulnerability/wordpress-appmysite-plugin-3-14-0-broken-access-control-vulnerability?_s_id=cve |
| Jrgen Mller–Easy Quotes | Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4. | 2025-09-22 | 5.3 | CVE-2025-58681 | https://patchstack.com/database/wordpress/plugin/easy-quotes/vulnerability/wordpress-easy-quotes-plugin-1-2-4-broken-access-control-vulnerability?_s_id=cve |
| cecabank–Cecabank WooCommerce Plugin | Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4. | 2025-09-22 | 5.3 | CVE-2025-58685 | https://patchstack.com/database/wordpress/plugin/cecabank-woocommerce/vulnerability/wordpress-cecabank-woocommerce-plugin-plugin-0-3-4-broken-access-control-vulnerability?_s_id=cve |
| guihom–Wide Banner | Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4. | 2025-09-26 | 5.3 | CVE-2025-58919 | https://patchstack.com/database/wordpress/plugin/wide-banner/vulnerability/wordpress-wide-banner-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve |
| brijeshk89–IP Based Login | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3. | 2025-09-22 | 5.9 | CVE-2025-58960 | https://patchstack.com/database/wordpress/plugin/ip-based-login/vulnerability/wordpress-ip-based-login-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Christiaan Pieterse–MaxiBlocks | Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3. | 2025-09-22 | 5 | CVE-2025-58968 | https://patchstack.com/database/wordpress/plugin/maxi-blocks/vulnerability/wordpress-maxiblocks-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve |
| Greg Winiarski–Custom Login URL | Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2. | 2025-09-22 | 5.3 | CVE-2025-58969 | https://patchstack.com/database/wordpress/plugin/custom-login-url/vulnerability/wordpress-custom-login-url-plugin-1-0-2-broken-access-control-vulnerability?_s_id=cve |
| cubecart–v6 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user input is not being escaped or sanitized before being output in email (and possibly when re-rendering the form), leading to Cross-Site Scripting / HTML injection risk in email clients or admin UI. This issue has been patched in version 6.5.11. | 2025-09-22 | 5.4 | CVE-2025-59411 | https://github.com/cubecart/v6/security/advisories/GHSA-5hg3-m3q3-v2p4 https://github.com/cubecart/v6/commit/299065bd4a8836782ce92f70988c730f130756db https://github.com/cubecart/v6/commit/48336c54532705873a8c4106208c2d596f128047 |
| cubecart–v6 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator approves the review, the injected HTML is rendered on the product page for all visitors. This could be used to redirect users to malicious websites or to display unwanted content. This issue has been patched in version 6.5.11. | 2025-09-22 | 5.4 | CVE-2025-59412 | https://github.com/cubecart/v6/security/advisories/GHSA-qfrx-vvvp-h5m2 https://github.com/cubecart/v6/commit/1a0c0d8f6c9c141575eb5be07d04e7d49820005b https://github.com/cubecart/v6/commit/7d4bf593304332fa1258d4f0b10dd7c9f6283a86 |
| GSYT-Productions–BunnyPad-SRC | BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB. | 2025-09-22 | 5.5 | CVE-2025-59418 | https://github.com/GSYT-Productions/BunnyPad-SRC/security/advisories/GHSA-qhw4-c7x5-vxmj https://github.com/GSYT-Productions/BunnyPad-SRC/commit/d9224eb5e13c24ac148a77dff93e53c21f066533 |
| conventional-changelog–conventional-changelog | Conventional Changelog generates changelogs and release notes from a project’s commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library’s getTags() API, which allows extra parameters to be passed to the git log command. In another API by this library, getRawCommits(), there are secure practices taken to ensure that the extra parameter path is unable to inject an argument by ending the git log command with the special shell syntax –. However, the library does not follow the same practice for getTags() as it does not attempt to sanitize for user input, validate the given params, or restrict them to an allow list. Nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (–) to communicate the end of options. Thus, allowing users to exploit an argument injection vulnerability in Git due to the –output= command-line option that results with overwriting arbitrary files. This issue has been patched in version 2.0.0. | 2025-09-22 | 5.3 | CVE-2025-59433 | https://github.com/conventional-changelog/conventional-changelog/security/advisories/GHSA-vh25-5764-9wcr https://github.com/conventional-changelog/conventional-changelog/commit/d95c9ffac05af58228bd89fa0ba37ad65741c6a2 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a file with Unicode characters, which would be translated into a path that could expose resources in the internal network of the hosted site. This issue has been patched in version 10.1.0. | 2025-09-23 | 5.3 | CVE-2025-59547 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-cgqj-mw4m-v7hp |
| Academy LMS–Academy LMS | Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4. | 2025-09-22 | 5.5 | CVE-2025-59562 | https://patchstack.com/database/wordpress/plugin/academy/vulnerability/wordpress-academy-lms-plugin-3-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| CozyThemes–Cozy Blocks | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks allows Code Injection. This issue affects Cozy Blocks: from n/a through 2.1.29. | 2025-09-22 | 5.3 | CVE-2025-59573 | https://patchstack.com/database/wordpress/plugin/cozy-addons/vulnerability/wordpress-cozy-blocks-plugin-2-1-29-content-injection-vulnerability?_s_id=cve |
| Darren Cooney–Ajax Load More | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More: from n/a through 7.6.0.2. | 2025-09-22 | 5.3 | CVE-2025-59582 | https://patchstack.com/database/wordpress/plugin/ajax-load-more/vulnerability/wordpress-ajax-load-more-plugin-7-6-0-2-sensitive-data-exposure-vulnerability?_s_id=cve |
| David Lingren–Media Library Assistant | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.28. | 2025-09-22 | 5.9 | CVE-2025-59590 | https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-28-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Profession Fit–Profession Fit | Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. | 2025-09-22 | 5.8 | CVE-2025-59797 | https://www.profession-fit.de https://github.com/Henkel-CyberVM/CVEs/blob/main/CVE-2025-59797/README.md |
| Shahjada–Download Manager | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | 2025-09-26 | 5.3 | CVE-2025-60092 | https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-24-sensitive-data-exposure-vulnerability?_s_id=cve |
| CodexThemes–TheGem (Elementor) | Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | 2025-09-26 | 5.4 | CVE-2025-60096 | https://patchstack.com/database/wordpress/theme/thegem-elementor/vulnerability/wordpress-thegem-elementor-theme-5-10-5-broken-access-control-vulnerability?_s_id=cve |
| CodexThemes–TheGem | Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5. | 2025-09-26 | 5.4 | CVE-2025-60097 | https://patchstack.com/database/wordpress/theme/thegem/vulnerability/wordpress-thegem-theme-5-10-5-broken-access-control-vulnerability?_s_id=cve |
| 8theme–XStore | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. | 2025-09-26 | 5.3 | CVE-2025-60100 | https://patchstack.com/database/wordpress/theme/xstore/vulnerability/wordpress-xstore-theme-9-5-3-content-injection-vulnerability?_s_id=cve |
| Woostify–Woostify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. | 2025-09-26 | 5.9 | CVE-2025-60101 | https://patchstack.com/database/wordpress/theme/woostify/vulnerability/wordpress-woostify-theme-2-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CridioStudio–ListingPro | Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | 2025-09-26 | 5.4 | CVE-2025-60103 | https://patchstack.com/database/wordpress/plugin/listingpro-plugin/vulnerability/wordpress-listingpro-plugin-2-9-8-broken-access-control-vulnerability?_s_id=cve |
| Jordy Meow–Gallery Custom Links | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. | 2025-09-26 | 5.9 | CVE-2025-60104 | https://patchstack.com/database/wordpress/plugin/gallery-custom-links/vulnerability/wordpress-gallery-custom-links-plugin-2-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ThemeGoods–Grand Conference Theme Custom Post Type | Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3. | 2025-09-26 | 5.4 | CVE-2025-60116 | https://patchstack.com/database/wordpress/plugin/grandconference-custom-post/vulnerability/wordpress-grand-conference-theme-custom-post-type-plugin-2-6-3-broken-access-control-vulnerability?_s_id=cve |
| CoSchedule–CoSchedule | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10. | 2025-09-26 | 5.3 | CVE-2025-60119 | https://patchstack.com/database/wordpress/plugin/coschedule-by-todaymade/vulnerability/wordpress-coschedule-plugin-3-3-10-sensitive-data-exposure-vulnerability?_s_id=cve |
| wpdirectorykit–WP Directory Kit | Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8. | 2025-09-26 | 5.3 | CVE-2025-60120 | https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-3-8-broken-access-control-vulnerability?_s_id=cve |
| Ex-Themes–WooEvents | Missing Authorization vulnerability in Ex-Themes WooEvents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooEvents: from n/a through 4.1.7. | 2025-09-26 | 5.3 | CVE-2025-60121 | https://patchstack.com/database/wordpress/plugin/woo-events/vulnerability/wordpress-wooevents-plugin-4-1-7-broken-access-control-vulnerability?_s_id=cve |
| themelooks–FoodBook | Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook allows Retrieve Embedded Sensitive Data. This issue affects FoodBook: from n/a through 4.7.1. | 2025-09-26 | 5.3 | CVE-2025-60125 | https://patchstack.com/database/wordpress/plugin/foodbook/vulnerability/wordpress-foodbook-plugin-4-7-1-sensitive-data-exposure-vulnerability?_s_id=cve |
| ArtistScope–CopySafe Web Protection | Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3. | 2025-09-26 | 5.4 | CVE-2025-60127 | https://patchstack.com/database/wordpress/plugin/wp-copysafe-web/vulnerability/wordpress-copysafe-web-protection-plugin-4-3-broken-access-control-vulnerability?_s_id=cve |
| Yext–Yext | Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3. | 2025-09-26 | 5.3 | CVE-2025-60129 | https://patchstack.com/database/wordpress/plugin/yext/vulnerability/wordpress-yext-plugin-1-1-3-broken-access-control-vulnerability?_s_id=cve |
| wedos.com–WEDOS Global | Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2. | 2025-09-26 | 5.3 | CVE-2025-60130 | https://patchstack.com/database/wordpress/plugin/wgpwpp/vulnerability/wordpress-wedos-global-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve |
| DJ-Extensions.com–PE Easy Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DJ-Extensions.com PE Easy Slider allows Stored XSS. This issue affects PE Easy Slider: from n/a through 1.1.0. | 2025-09-26 | 5.9 | CVE-2025-60133 | https://patchstack.com/database/wordpress/plugin/pe-easy-slider/vulnerability/wordpress-pe-easy-slider-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| cartpauj–User Notes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2. | 2025-09-26 | 5.9 | CVE-2025-60136 | https://patchstack.com/database/wordpress/plugin/user-notes/vulnerability/wordpress-user-notes-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| thetechtribe–The Tribal | Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal allows Retrieve Embedded Sensitive Data. This issue affects The Tribal: from n/a through 1.3.3. | 2025-09-26 | 5.3 | CVE-2025-60140 | https://patchstack.com/database/wordpress/plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-3-sensitive-data-exposure-vulnerability?_s_id=cve |
| thetechtribe–The Tribal | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in thetechtribe The Tribal allows Stored XSS. This issue affects The Tribal: from n/a through 1.3.3. | 2025-09-26 | 5.9 | CVE-2025-60141 | https://patchstack.com/database/wordpress/plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| yonifre–Lenix scss compiler | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Lenix scss compiler allows Stored XSS. This issue affects Lenix scss compiler: from n/a through 1.2. | 2025-09-26 | 5.9 | CVE-2025-60144 | https://patchstack.com/database/wordpress/plugin/lenix-scss-compiler/vulnerability/wordpress-lenix-scss-compiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Amit Verma–Map Categories to Pages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Amit Verma Map Categories to Pages allows Stored XSS. This issue affects Map Categories to Pages: from n/a through 1.3.2. | 2025-09-26 | 5.9 | CVE-2025-60146 | https://patchstack.com/database/wordpress/plugin/map-categories-to-pages/vulnerability/wordpress-map-categories-to-pages-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Michael Ott–Notely | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Ott Notely allows Stored XSS. This issue affects Notely: from n/a through 1.8.0. | 2025-09-26 | 5.9 | CVE-2025-60149 | https://patchstack.com/database/wordpress/plugin/notely/vulnerability/wordpress-notely-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Jennifer Moss–MWW Disclaimer Buttons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jennifer Moss MWW Disclaimer Buttons allows Stored XSS. This issue affects MWW Disclaimer Buttons: from n/a through 3.41. | 2025-09-26 | 5.9 | CVE-2025-60154 | https://patchstack.com/database/wordpress/plugin/mww-disclaimer-buttons/vulnerability/wordpress-mww-disclaimer-buttons-plugin-3-41-cross-site-scripting-xss-vulnerability?_s_id=cve |
| loopus–WP Virtual Assistant | Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0. | 2025-09-26 | 5.3 | CVE-2025-60155 | https://patchstack.com/database/wordpress/plugin/virtualassistant/vulnerability/wordpress-wp-virtual-assistant-plugin-3-0-broken-access-control-vulnerability?_s_id=cve |
| webmaniabr–Nota Fiscal Eletrnica WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Stored XSS. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6. | 2025-09-26 | 5.9 | CVE-2025-60158 | https://patchstack.com/database/wordpress/plugin/nota-fiscal-eletronica-woocommerce/vulnerability/wordpress-nota-fiscal-eletronica-woocommerce-plugin-3-4-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| sharkthemes–Smart Related Products | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sharkthemes Smart Related Products allows Stored XSS. This issue affects Smart Related Products: from n/a through 2.0.5. | 2025-09-26 | 5.9 | CVE-2025-60160 | https://patchstack.com/database/wordpress/plugin/ai-related-products/vulnerability/wordpress-smart-related-products-plugin-2-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| bdthemes–ZoloBlocks | Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side Request Forgery. This issue affects ZoloBlocks: from n/a through 2.3.9. | 2025-09-26 | 5.4 | CVE-2025-60161 | https://patchstack.com/database/wordpress/plugin/zoloblocks/vulnerability/wordpress-zoloblocks-plugin-2-3-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| rozx–Recaptcha – wp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6. | 2025-09-26 | 5.9 | CVE-2025-60177 | https://patchstack.com/database/wordpress/plugin/recaptcha-wp/vulnerability/wordpress-recaptcha-wp-plugin-0-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Space Studio–Click & Tweet | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through 0.8.9. | 2025-09-26 | 5.9 | CVE-2025-60179 | https://patchstack.com/database/wordpress/plugin/click-tweet/vulnerability/wordpress-click-tweet-plugin-0-8-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| silence–Silencesoft RSS Reader | Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery. This issue affects Silencesoft RSS Reader: from n/a through 0.6. | 2025-09-26 | 5.4 | CVE-2025-60181 | https://patchstack.com/database/wordpress/plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| Terry L.–SEO Search Permalink | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Terry L. SEO Search Permalink allows Stored XSS. This issue affects SEO Search Permalink: from n/a through 1.0.3. | 2025-09-26 | 5.9 | CVE-2025-60184 | https://patchstack.com/database/wordpress/plugin/seo-search-permalink/vulnerability/wordpress-seo-search-permalink-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| kontur.us–kontur Admin Style | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kontur.us kontur Admin Style allows Stored XSS. This issue affects kontur Admin Style: from n/a through 1.0.4. | 2025-09-26 | 5.9 | CVE-2025-60185 | https://patchstack.com/database/wordpress/plugin/kontur-admin-style/vulnerability/wordpress-kontur-admin-style-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Alex Moss–Google+ Comments | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0. | 2025-09-26 | 5.9 | CVE-2025-60186 | https://patchstack.com/database/wordpress/plugin/google-plus-comments/vulnerability/wordpress-google-comments-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Unitree–Go2 | Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring. | 2025-09-26 | 5 | CVE-2025-60251 | https://spectrum.ieee.org/unitree-robot-exploit https://github.com/Bin4ry/UniPwn https://news.ycombinator.com/item?id=45381590 |
| Horato Internet Technologies Ind. and Trade Inc.–Virtual Library Platform | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue affects Virtual Library Platform: before v202. | 2025-09-22 | 5.4 | CVE-2025-9035 | https://www.usom.gov.tr/bildirim/tr-25-0284 |
| marceljm–Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifu_api_debug_posts() function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protected posts. | 2025-09-26 | 5.3 | CVE-2025-9984 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9423858b-74be-4b34-961d-97765d8edcbf?source=cve https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/debug.php?rev=3348285 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362830%40featured-image-from-url&new=3362830%40featured-image-from-url&sfp_email=&sfph_mail= |
| marceljm–Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. | 2025-09-26 | 5.3 | CVE-2025-9985 | https://www.wordfence.com/threat-intel/vulnerabilities/id/991d63da-ca6c-400e-beb7-b44cf629abc9?source=cve https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/log.php?rev=3344903 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362830%40featured-image-from-url&new=3362830%40featured-image-from-url&sfp_email=&sfph_mail=#file6 |
| WSO2–WSO2 Identity Server as Key Manager | A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this vulnerability, attackers can manipulate browser-displayed error messages, enabling social engineering attacks through deceptive or misleading content. | 2025-09-23 | 4.3 | CVE-2024-6429 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3490/ |
| PROLIZ Computer Software Hardware Service Trade Ltd. Co.–OBS (Student Affairs Information System) | Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328. | 2025-09-22 | 4.2 | CVE-2025-0875 | https://www.usom.gov.tr/bildirim/tr-25-0282 |
| marceljm–Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_all_urls() function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-09-26 | 4.9 | CVE-2025-10036 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ed54fe33-6467-4af2-ba28-dd17287d8f92?source=cve https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/api.php?rev=3348285 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362830%40featured-image-from-url&new=3362830%40featured-image-from-url&sfp_email=&sfph_mail= |
| marceljm–Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_posts_with_internal_featured_image() function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-09-26 | 4.9 | CVE-2025-10037 | https://www.wordfence.com/threat-intel/vulnerabilities/id/54c1b0e9-6fab-4452-b232-953e671f4d8d?source=cve https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/db.php?rev=3348285 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362830%40featured-image-from-url&new=3362830%40featured-image-from-url&sfp_email=&sfph_mail= |
| qriouslad–System Dashboard | The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-26 | 4.3 | CVE-2025-10377 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ea38e16f-4012-4d22-9a47-76f91251e1d7?source=cve https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.20/admin/class-system-dashboard-admin.php#L9108 https://plugins.trac.wordpress.org/changeset/3364295/system-dashboard/tags/2.8.21/admin/class-system-dashboard-admin.php?old=3253979&old_path=system-dashboard%2Ftags%2F2.8.20%2Fadmin%2Fclass-system-dashboard-admin.php |
| dylanjkotze–Zephyr Project Manager | The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-09-26 | 4.4 | CVE-2025-10490 | https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf68c19-ee1b-4d0a-876b-c061763b39c3?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366388%40zephyr-project-manager&new=3366388%40zephyr-project-manager&sfp_email=&sfph_mail= |
| kstover–Ninja Forms The Contact Form Builder That Grows With You | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-10498 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b082176c-9486-416c-8215-cdba4d6e5260?source=cve https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Admin/Menus/Submissions.php#L464 https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6 |
| kstover–Ninja Forms The Contact Form Builder That Grows With You | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-10499 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f118fc-d99a-4713-865e-2da7a9e20db5?source=cve https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/lib/NF_Tracking.php https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6 |
| cyberlord92–OAuth Single Sign On SSO (OAuth Client) | The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow. This makes it possible for unauthenticated attackers to forge OAuth authorization requests and potentially hijack the OAuth flow via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-26 | 4.3 | CVE-2025-10752 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d7e8f3-e8ff-460f-a343-807bcdb865dc?source=cve https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/tags/6.26.12/class-mooauth-widget.php#L285 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3360768%40miniorange-login-with-eve-online-google-facebook&new=3360768%40miniorange-login-with-eve-online-google-facebook&sfp_email=&sfph_mail= |
| Ruijie–6000-E10 | A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-22 | 4.7 | CVE-2025-10774 | VDB-325130 | Ruijie 6000-E10 sub_commit.php os command injection VDB-325130 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #649968 | Ruijie 6000-E10 Unified Internet Access Management and Auditing System 6000-E10 command execution https://github.com/maximdevere/CVE2/issues/1 |
| Wavlink–WL-NU516U1 | A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-22 | 4.7 | CVE-2025-10775 | VDB-325131 | Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection VDB-325131 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #650641 | Wavlink WL-NU516U1 M16U1_V240425 Remote Command Execution https://github.com/swwer7000/iot |
| PHPGurukul–Car Rental Project | A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | 2025-09-22 | 4.3 | CVE-2025-10794 | VDB-325151 | PHPGurukul Car Rental Project search.php cross site scripting VDB-325151 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654067 | PHPGurukul Car Rental Project V 3.0 a cross-site scripting (XSS) https://github.com/tddgns/cve/issues/1 https://phpgurukul.com/ |
| fuyang_lipengjun–platform | A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | 2025-09-22 | 4.3 | CVE-2025-10819 | VDB-325176 | fuyang_lipengjun platform queryAll UserCouponController improper authorization VDB-325176 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653740 | fuyang_lipengjun platform 1 broken function level authorization https://www.cnblogs.com/aibot/p/19063466 |
| fuyang_lipengjun–platform | A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. | 2025-09-22 | 4.3 | CVE-2025-10820 | VDB-325177 | fuyang_lipengjun platform queryAll TopicController improper authorization VDB-325177 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653741 | fuyang_lipengjun platform 1 broken function level authorization https://www.cnblogs.com/aibot/p/19063465 |
| fuyang_lipengjun–platform | A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. | 2025-09-22 | 4.3 | CVE-2025-10821 | VDB-325178 | fuyang_lipengjun platform queryAll TopicCategoryController improper authorization VDB-325178 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653742 | fuyang_lipengjun platform 1.0 broken function level authorization https://www.cnblogs.com/aibot/p/19063464 |
| fuyang_lipengjun–platform | A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | 2025-09-22 | 4.3 | CVE-2025-10822 | VDB-325179 | fuyang_lipengjun platform queryAll SysSmsLogController improper authorization VDB-325179 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653743 | fuyang_lipengjun platform 1.0 broken function level authorization https://www.cnblogs.com/aibot/p/19063462 |
| PHPJabbers–Restaurant Menu Maker | A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-09-23 | 4.3 | CVE-2025-10827 | VDB-325184 | PHPJabbers Restaurant Menu Maker preview.php cross site scripting VDB-325184 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #655884 | PHPJABBERS Restaurant Menu Maker V1.1 Cross Site Scripting https://github.com/485961590/CVE/issues/1 |
| n/a–JeecgBoot | A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 4.3 | CVE-2025-10978 | VDB-325849 | JeecgBoot Filter exportXls improper authorization VDB-325849 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653336 | jeecgboot JeecgBoot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063352 |
| n/a–JeecgBoot | A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 4.3 | CVE-2025-10979 | VDB-325850 | JeecgBoot exportXls improper authorization VDB-325850 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653337 | jeecgboot JeecgBoot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063353 |
| n/a–JeecgBoot | A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 4.3 | CVE-2025-10980 | VDB-325851 | JeecgBoot exportXls improper authorization VDB-325851 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653340 | jeecgboot Jeecgboot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063355 |
| n/a–JeecgBoot | A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 4.3 | CVE-2025-10981 | VDB-325852 | JeecgBoot exportXls improper authorization VDB-325852 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653341 | jeecgboot JeecgBoot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063356 |
| n/a–MuYuCMS | A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack remotely. | 2025-09-26 | 4.7 | CVE-2025-10993 | VDB-325921 | MuYuCMS Template Management admin.php code injection VDB-325921 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654014 | MuYuCMS 2.7 rce https://gitee.com/MuYuCMS/MuYuCMS/issues/ICXVCE |
| kalcaddle–kodbox | A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-26 | 4.3 | CVE-2025-11016 | VDB-325959 | kalcaddle kodbox index.class.php fileOut path traversal VDB-325959 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #654367 | kalcaddle kodbox V1.61.09 Arbitrary File Read https://github.com/August829/YU1/issues/3 https://github.com/August829/YU1/issues/3#issue-3416620392 |
| givanz–Vvveb | A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: “I accept the existence of these vulnerabilities. (…) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release.” | 2025-09-26 | 4.3 | CVE-2025-11029 | VDB-325967 | givanz Vvveb cross-site request forgery VDB-325967 | CTI Indicators (IOB, IOC) Submit #657188 | givanz Vvveb Vvveb 1.0.7.2 State-Changing GET Request Submit #657190 | givanz Vvveb Vvveb 1.0.7.2 State-Changing GET Request (Duplicate) Submit #657191 | givanz Vvveb Vvveb 1.0.7.2 State-Changing GET Request (Duplicate) Submit #657192 | givanz Vvveb Vvveb 1.0.7.2 State-Changing GET Request (Duplicate) https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 |
| Dibo–Data Decision Making System | A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. | 2025-09-26 | 4.3 | CVE-2025-11034 | VDB-325981 | Dibo Data Decision Making System common_dep.action.jsp downloadImpTemplet path traversal VDB-325981 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658242 | Shenzhen Dibo Enterprise Risk Management Technology Co., Ltd Dibo Data Decision-Making System 2.7.0 arbitrary file read vulnerability https://github.com/FightingLzn9/vul/blob/main/%E8%BF%AA%E5%8D%9A%E6%95%B0%E6%8D%AE%E5%86%B3%E7%AD%96%E7%B3%BB%E7%BB%9F.md |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries. | 2025-09-26 | 4.3 | CVE-2025-11042 | GitLab Issue #550374 |
| SourceCodester–Pet Grooming Management Software | A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. | 2025-09-27 | 4.3 | CVE-2025-11051 | VDB-326088 | SourceCodester Pet Grooming Management Software cross-site request forgery VDB-326088 | CTI Indicators (IOB, IOC) Submit #659305 | SourceCodester Pet Grooming Management Software 0 Cross-Site Request Forgery https://www.sourcecodester.com/ |
| n/a–SeaCMS | A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-09-27 | 4.7 | CVE-2025-11071 | VDB-326112 | SeaCMS Cron Task Management admin_cron.php sql injection VDB-326112 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659883 | SeaCMS v13.3.20250820 SQL Injection https://github.com/Hebing123/cve/issues/93 |
| Keyfactor–RG-EW5100BE | A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used. | 2025-09-27 | 4.7 | CVE-2025-11073 | VDB-326113 | Keyfactor RG-EW5100BE HTTP POST Request cmd command injection VDB-326113 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659933 | Ruijie RG-EW5100BE – EW_3.0B11P280_EW5100BE-PRO_12183019 – Command Injection https://github.com/s1nec-1o/cve/blob/main/cve-report.md https://github.com/s1nec-1o/cve/blob/main/cve-report.md#poc |
| zhuimengshaonian–wisdom-education | A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-09-27 | 4.3 | CVE-2025-11080 | VDB-326121 | zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization VDB-326121 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #661308 | https://gitee.com/zhuimengshaonian/wisdom-education wisdom-education 1.0.4 Horizontal overstepping authority https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md#vulnerability-reproduction |
| Projectworlds–Online Tours and Travels | A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-09-28 | 4.7 | CVE-2025-11103 | VDB-326184 | Projectworlds Online Tours and Travels change-image.php unrestricted upload VDB-326184 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662395 | projectworlds Online Tours and Travels Project V1.0 Incomplete Identification of Uploaded File Variables https://github.com/Landjun/CVE/issues/1 |
| PHPGurukul–Employee Record Management System | A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-09-28 | 4.3 | CVE-2025-11112 | VDB-326193 | PHPGurukul Employee Record Management System myprofile.php cross site scripting VDB-326193 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #662498 | phpgurukul employee-record-management-system V1.3 Cross Site Scripting https://github.com/tiancesec/CVE/issues/2 https://phpgurukul.com/ |
| itsourcecode–Hostel Management System | A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | 2025-09-28 | 4.3 | CVE-2025-11119 | VDB-326200 | itsourcecode Hostel Management System POST Request index.php cross site scripting VDB-326200 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #663519 | itsourcecode Hostel Management System V1.0 xss https://github.com/iflame28/CVE/issues/1 https://itsourcecode.com/ |
| langleyfcu–Online Banking System | A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.php of the component Error Message Handler. Performing manipulation of the argument Error results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | 2025-09-28 | 4.3 | CVE-2025-11125 | VDB-326206 | langleyfcu Online Banking System Error Message connection_error.php cross site scripting VDB-326206 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #664319 | langleyfcu/online-banking-system web 1 XSS vulnerability https://github.com/Lianhaorui/Report/blob/main/xss.docx |
| Cisco–Cisco Aironet Access Point Software (IOS XE Controller) | A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller. | 2025-09-24 | 4.3 | CVE-2025-20364 | cisco-sa-action-frame-inj-QqCNcz8H |
| Cisco–Cisco Aironet Access Point Software (IOS XE Controller) | A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device. | 2025-09-24 | 4.3 | CVE-2025-20365 | cisco-sa-ap-ipv6-gw-tUAzpn9O |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service. | 2025-09-24 | 4.5 | CVE-2025-23274 | https://nvd.nist.gov/vuln/detail/CVE-2025-23274 https://www.cve.org/CVERecord?id=CVE-2025-23274 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure. | 2025-09-24 | 4.2 | CVE-2025-23275 | https://nvd.nist.gov/vuln/detail/CVE-2025-23275 https://www.cve.org/CVERecord?id=CVE-2025-23275 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| Dell–PowerEdge R770 | Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. | 2025-09-25 | 4.9 | CVE-2025-26482 | https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability |
| IBM–Watson Studio on Cloud Pak for Data | IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-09-25 | 4.4 | CVE-2025-33116 | https://www.ibm.com/support/pages/node/7246140 |
| Dell–PowerScale OneFS | Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure. | 2025-09-25 | 4 | CVE-2025-36601 | https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities |
| SAP_SE–SAP BI Platform | SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system. | 2025-09-23 | 4.3 | CVE-2025-42907 | https://me.sap.com/notes/3540622 https://url.sap/sapsecuritypatchday |
| WSO2–WSO2 API Manager | An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users. A successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking. | 2025-09-23 | 4.8 | CVE-2025-4760 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/ |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch. | 2025-09-24 | 4.8 | CVE-2025-48867 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r |
| Barry–Event Rocket | Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3. | 2025-09-22 | 4.3 | CVE-2025-53452 | https://patchstack.com/database/wordpress/plugin/event-rocket/vulnerability/wordpress-event-rocket-plugin-3-3-broken-access-control-vulnerability?_s_id=cve |
| activewebsight–SEO Backlink Monitor | Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0. | 2025-09-22 | 4.3 | CVE-2025-53456 | https://patchstack.com/database/wordpress/plugin/seo-backlink-monitor/vulnerability/wordpress-seo-backlink-monitor-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| activewebsight–SEO Backlink Monitor | Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor allows Server Side Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0. | 2025-09-22 | 4.4 | CVE-2025-53457 | https://patchstack.com/database/wordpress/plugin/seo-backlink-monitor/vulnerability/wordpress-seo-backlink-monitor-plugin-1-6-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| Binsaifullah–Beaf | Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2. | 2025-09-22 | 4.4 | CVE-2025-53461 | https://patchstack.com/database/wordpress/plugin/image-compare-block/vulnerability/wordpress-beaf-plugin-1-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| AutomationDirect–CLICK PLUS C0-0x CPU firmware | Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text. | 2025-09-23 | 4.2 | CVE-2025-54855 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01 https://www.automationdirect.com/support/software-downloads |
| Amin Y–AgreeMe Checkboxes For WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3. | 2025-09-22 | 4.3 | CVE-2025-57905 | https://patchstack.com/database/wordpress/plugin/agreeme-checkboxes-for-woocommerce/vulnerability/wordpress-agreeme-checkboxes-for-woocommerce-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Matat Technologies–Deliver via Shipos for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2. | 2025-09-22 | 4.3 | CVE-2025-57914 | https://patchstack.com/database/wordpress/plugin/wc-shipos-delivery/vulnerability/wordpress-deliver-via-shipos-for-woocommerce-plugin-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Csar Martn–TOCHAT.BE | Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4. | 2025-09-22 | 4.3 | CVE-2025-57915 | https://patchstack.com/database/wordpress/plugin/tochat-be/vulnerability/wordpress-tochat-be-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Nurul Amin–WP System Information | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information allows Retrieve Embedded Sensitive Data. This issue affects WP System Information: from n/a through 1.5. | 2025-09-22 | 4.3 | CVE-2025-57916 | https://patchstack.com/database/wordpress/plugin/wp-system-info/vulnerability/wordpress-wp-system-information-plugin-1-5-sensitive-data-exposure-vulnerability?_s_id=cve |
| printcart–Printcart Web to Print Product Designer for WooCommerce | Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.4.3. | 2025-09-22 | 4.3 | CVE-2025-57917 | https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-plugin-2-4-3-broken-access-control-vulnerability?_s_id=cve |
| Automattic–Developer | Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. | 2025-09-22 | 4.3 | CVE-2025-57924 | https://patchstack.com/database/wordpress/plugin/developer/vulnerability/wordpress-developer-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Stephanie Leary–Dashboard Notepad | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42. | 2025-09-22 | 4.3 | CVE-2025-57927 | https://patchstack.com/database/wordpress/plugin/dashboard-notepad/vulnerability/wordpress-dashboard-notepad-plugin-1-42-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| kanwei_doublethedonation–Double the Donation | Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0. | 2025-09-22 | 4.3 | CVE-2025-57930 | https://patchstack.com/database/wordpress/plugin/double-the-donation/vulnerability/wordpress-double-the-donation-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| piotnetdotcom–Piotnet Forms | Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery. This issue affects Piotnet Forms: from n/a through 1.0.30. | 2025-09-22 | 4.3 | CVE-2025-57933 | https://patchstack.com/database/wordpress/plugin/piotnetforms/vulnerability/wordpress-piotnet-forms-plugin-1-0-30-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Aurlien LWS–LWS Affiliation | Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation allows Cross Site Request Forgery. This issue affects LWS Affiliation: from n/a through 2.3.6. | 2025-09-22 | 4.3 | CVE-2025-57934 | https://patchstack.com/database/wordpress/plugin/lws-affiliation/vulnerability/wordpress-lws-affiliation-plugin-2-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Meitar–Subresource Integrity (SRI) Manager | Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subresource Integrity (SRI) Manager: from n/a through 0.4.0. | 2025-09-22 | 4.3 | CVE-2025-57936 | https://patchstack.com/database/wordpress/plugin/wp-sri/vulnerability/wordpress-subresource-integrity-sri-manager-plugin-0-4-0-broken-access-control-vulnerability?_s_id=cve |
| etruel–WPeMatico RSS Feed Fetcher | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10. | 2025-09-22 | 4.3 | CVE-2025-57937 | https://patchstack.com/database/wordpress/plugin/wpematico/vulnerability/wordpress-wpematico-rss-feed-fetcher-plugin-2-8-10-sensitive-data-exposure-vulnerability?_s_id=cve |
| andy_moyle–Emergency Password Reset | Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 9.0. | 2025-09-22 | 4.3 | CVE-2025-57942 | https://patchstack.com/database/wordpress/plugin/emergency-password-reset/vulnerability/wordpress-emergency-password-reset-plugin-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Skimlinks–Skimlinks Affiliate Marketing Tool | Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Server Side Request Forgery. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | 2025-09-22 | 4.4 | CVE-2025-57943 | https://patchstack.com/database/wordpress/plugin/skimlinks/vulnerability/wordpress-skimlinks-affiliate-marketing-tool-plugin-1-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| TravelMap–Travel Map | Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3. | 2025-09-22 | 4.3 | CVE-2025-57960 | https://patchstack.com/database/wordpress/plugin/travelmap-blog/vulnerability/wordpress-travel-map-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Codexpert, Inc–CoDesigner | Missing Authorization vulnerability in Codexpert, Inc CoDesigner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoDesigner: from n/a through 4.25.2. | 2025-09-22 | 4.3 | CVE-2025-57961 | https://patchstack.com/database/wordpress/plugin/woolementor/vulnerability/wordpress-codesigner-plugin-4-25-2-broken-access-control-vulnerability?_s_id=cve |
| Jeremy Saxey–Hide WP Toolbar | Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hide WP Toolbar: from n/a through 2.7. | 2025-09-22 | 4.3 | CVE-2025-57969 | https://patchstack.com/database/wordpress/plugin/hide-wp-toolbar/vulnerability/wordpress-hide-wp-toolbar-plugin-2-7-broken-access-control-vulnerability?_s_id=cve |
| SALESmanago–SALESmanago | Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago allows Cross Site Request Forgery. This issue affects SALESmanago: from n/a through 3.8.1. | 2025-09-22 | 4.3 | CVE-2025-57970 | https://patchstack.com/database/wordpress/plugin/salesmanago/vulnerability/wordpress-salesmanago-plugin-3-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| WPFactory–Helpdesk Support Ticket System for WooCommerce | Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through 2.0.2. | 2025-09-22 | 4.3 | CVE-2025-57972 | https://patchstack.com/database/wordpress/plugin/support-ticket-system-for-woocommerce/vulnerability/wordpress-helpdesk-support-ticket-system-for-woocommerce-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve |
| RadiusTheme–Team | Missing Authorization vulnerability in RadiusTheme Team allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team: from n/a through 5.0.6. | 2025-09-22 | 4.3 | CVE-2025-57975 | https://patchstack.com/database/wordpress/plugin/tlp-team/vulnerability/wordpress-team-plugin-5-0-6-broken-access-control-vulnerability?_s_id=cve |
| themespride–Advanced Appointment Booking & Scheduling | Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking & Scheduling: from n/a through 1.9. | 2025-09-22 | 4.3 | CVE-2025-57978 | https://patchstack.com/database/wordpress/plugin/advanced-appointment-booking-scheduling/vulnerability/wordpress-advanced-appointment-booking-scheduling-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Pratik Ghela–MakeStories (for Google Web Stories) | Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) allows Server Side Request Forgery. This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.4. | 2025-09-22 | 4.4 | CVE-2025-57984 | https://patchstack.com/database/wordpress/plugin/makestories-helper/vulnerability/wordpress-makestories-for-google-web-stories-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| MantraBrain–Ultimate Watermark | Missing Authorization vulnerability in MantraBrain Ultimate Watermark allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Watermark: from n/a through 1.1. | 2025-09-22 | 4.3 | CVE-2025-57985 | https://patchstack.com/database/wordpress/plugin/ultimate-watermark/vulnerability/wordpress-ultimate-watermark-plugin-1-1-broken-access-control-vulnerability?_s_id=cve |
| InterServer–Mail Baby SMTP | Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery. This issue affects Mail Baby SMTP: from n/a through 2.8. | 2025-09-22 | 4.3 | CVE-2025-57992 | https://patchstack.com/database/wordpress/plugin/mail-baby-smtp/vulnerability/wordpress-mail-baby-smtp-plugin-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Detheme–DethemeKit For Elementor | Missing Authorization vulnerability in Detheme DethemeKit For Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. | 2025-09-22 | 4.3 | CVE-2025-57995 | https://patchstack.com/database/wordpress/plugin/dethemekit-for-elementor/vulnerability/wordpress-dethemekit-for-elementor-plugin-2-1-10-broken-access-control-vulnerability-2?_s_id=cve |
| Trustpilot–Trustpilot Reviews | Missing Authorization vulnerability in Trustpilot Trustpilot Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trustpilot Reviews: from n/a through 2.5.925. | 2025-09-22 | 4.3 | CVE-2025-57997 | https://patchstack.com/database/wordpress/plugin/trustpilot-reviews/vulnerability/wordpress-trustpilot-reviews-plugin-2-5-925-broken-access-control-vulnerability?_s_id=cve |
| CRM Perks–WP Gravity Forms Keap/Infusionsoft | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft allows Phishing. This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through 1.2.4. | 2025-09-22 | 4.7 | CVE-2025-58006 | https://patchstack.com/database/wordpress/plugin/gf-infusionsoft/vulnerability/wordpress-wp-gravity-forms-keap-infusionsoft-plugin-1-2-4-open-redirection-vulnerability?_s_id=cve |
| NerdPress–Social Pug | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Social Pug allows Retrieve Embedded Sensitive Data. This issue affects Social Pug: from n/a through 1.35.1. | 2025-09-22 | 4.3 | CVE-2025-58007 | https://patchstack.com/database/wordpress/plugin/social-pug/vulnerability/wordpress-social-pug-plugin-1-35-1-sensitive-data-exposure-vulnerability?_s_id=cve |
| straightvisions GmbH–SV Proven Expert | Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery. This issue affects SV Proven Expert: from n/a through 2.0.06. | 2025-09-22 | 4.3 | CVE-2025-58010 | https://patchstack.com/database/wordpress/plugin/sv-provenexpert/vulnerability/wordpress-sv-proven-expert-plugin-2-0-06-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Ays Pro–Quiz Maker | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery. This issue affects Quiz Maker: from n/a through 6.7.0.61. | 2025-09-22 | 4.3 | CVE-2025-58014 | https://patchstack.com/database/wordpress/plugin/quiz-maker/vulnerability/wordpress-quiz-maker-plugin-6-7-0-61-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Codexpert, Inc–CF7 Submissions | Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Submissions: from n/a through 0.26. | 2025-09-22 | 4.3 | CVE-2025-58016 | https://patchstack.com/database/wordpress/plugin/cf7-submissions/vulnerability/wordpress-cf7-submissions-plugin-0-26-broken-access-control-vulnerability?_s_id=cve |
| Bytes.co–WP Compiler | Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0. | 2025-09-22 | 4.3 | CVE-2025-58032 | https://patchstack.com/database/wordpress/plugin/wp-compiler/vulnerability/wordpress-wp-compiler-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Fastly–Fastly | Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. | 2025-09-22 | 4.3 | CVE-2025-58199 | https://patchstack.com/database/wordpress/plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Bage–Flexible FAQ | Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2. | 2025-09-22 | 4.3 | CVE-2025-58200 | https://patchstack.com/database/wordpress/plugin/flexible-faq/vulnerability/wordpress-flexible-faq-plugin-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| LIJE–Show Pages List | Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0. | 2025-09-22 | 4.3 | CVE-2025-58219 | https://patchstack.com/database/wordpress/plugin/show-pages-list/vulnerability/wordpress-show-pages-list-plugin-1-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| ONTRAPORT–PilotPress | Missing Authorization vulnerability in ONTRAPORT PilotPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PilotPress: from n/a through 2.0.35. | 2025-09-22 | 4.3 | CVE-2025-58221 | https://patchstack.com/database/wordpress/plugin/pilotpress/vulnerability/wordpress-pilotpress-plugin-2-0-35-broken-access-control-vulnerability?_s_id=cve |
| Mayo Moriyama–Force Update Translations | Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations allows Cross Site Request Forgery. This issue affects Force Update Translations: from n/a through 0.5. | 2025-09-22 | 4.3 | CVE-2025-58236 | https://patchstack.com/database/wordpress/plugin/force-update-translations/vulnerability/wordpress-force-update-translations-plugin-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Automattic–WordPress | Insertion of Sensitive Information Into Sent Data vulnerability in Automattic WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from n/a through 6.8.2 | 2025-09-23 | 4.3 | CVE-2025-58246 | https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve |
| Themeum–Qubely | Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14. | 2025-09-22 | 4.3 | CVE-2025-58249 | https://patchstack.com/database/wordpress/plugin/qubely/vulnerability/wordpress-qubely-plugin-1-8-14-sensitive-data-exposure-vulnerability?_s_id=cve |
| POSIMYTH–Sticky Header Effects for Elementor | Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header Effects for Elementor: from n/a through 2.1.2. | 2025-09-22 | 4.3 | CVE-2025-58251 | https://patchstack.com/database/wordpress/plugin/sticky-header-effects-for-elementor/vulnerability/wordpress-sticky-header-effects-for-elementor-plugin-2-1-2-broken-access-control-vulnerability?_s_id=cve |
| jetmonsters–Getwid | Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid allows Retrieve Embedded Sensitive Data. This issue affects Getwid: from n/a through 2.1.2. | 2025-09-22 | 4.3 | CVE-2025-58252 | https://patchstack.com/database/wordpress/plugin/getwid/vulnerability/wordpress-getwid-plugin-2-1-2-sensitive-data-exposure-vulnerability?_s_id=cve |
| nK–Lazy Blocks | Missing Authorization vulnerability in nK Lazy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Lazy Blocks: from n/a through 4.1.0. | 2025-09-22 | 4.3 | CVE-2025-58258 | https://patchstack.com/database/wordpress/plugin/lazy-blocks/vulnerability/wordpress-lazy-blocks-plugin-4-1-0-broken-access-control-vulnerability?_s_id=cve |
| Syed Balkhi–All In One SEO Pack | Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack allows Retrieve Embedded Sensitive Data. This issue affects All In One SEO Pack: from n/a through 4.8.7. | 2025-09-22 | 4.3 | CVE-2025-58649 | https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-sensitive-data-exposure-vulnerability?_s_id=cve |
| Themeum–Qubely | Missing Authorization vulnerability in Themeum Qubely allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Qubely: from n/a through 1.8.14. | 2025-09-22 | 4.3 | CVE-2025-58663 | https://patchstack.com/database/wordpress/plugin/qubely/vulnerability/wordpress-qubely-plugin-1-8-14-broken-access-control-vulnerability?_s_id=cve |
| Azizul Hasan–Text To Speech TTS Accessibility | Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Text To Speech TTS Accessibility: from n/a through 1.9.20. | 2025-09-22 | 4.3 | CVE-2025-58664 | https://patchstack.com/database/wordpress/plugin/text-to-audio/vulnerability/wordpress-text-to-speech-tts-accessibility-plugin-1-9-20-broken-access-control-vulnerability?_s_id=cve |
| Kommo–Website Chat Button: Kommo integration | Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Website Chat Button: Kommo integration: from n/a through 1.3.1. | 2025-09-22 | 4.3 | CVE-2025-58666 | https://patchstack.com/database/wordpress/plugin/website-chat-button-kommo-integration/vulnerability/wordpress-website-chat-button-kommo-integration-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve |
| VibeThemes–WPLMS | Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970. | 2025-09-22 | 4.3 | CVE-2025-58668 | https://patchstack.com/database/wordpress/theme/wplms/vulnerability/wordpress-wplms-theme-4-970-broken-access-control-vulnerability?_s_id=cve |
| tryinteract–Interact: Embed A Quiz On Your Site | Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site allows Cross Site Request Forgery. This issue affects Interact: Embed A Quiz On Your Site: from n/a through 3.1. | 2025-09-22 | 4.3 | CVE-2025-58675 | https://patchstack.com/database/wordpress/plugin/interact-quiz-embed/vulnerability/wordpress-interact-embed-a-quiz-on-your-site-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Di Themes–Di Themes Demo Site Importer | Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer allows Cross Site Request Forgery. This issue affects Di Themes Demo Site Importer: from n/a through 1.2. | 2025-09-26 | 4.3 | CVE-2025-58914 | https://patchstack.com/database/wordpress/plugin/di-themes-demo-site-importer/vulnerability/wordpress-di-themes-demo-site-importer-plugin-1-2-cross-site-request-forgery-csrf-to-plugin-activation-vulnerability?_s_id=cve |
| Vikas Ratudi–VPSUForm | Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20. | 2025-09-22 | 4.3 | CVE-2025-58957 | https://patchstack.com/database/wordpress/plugin/v-form/vulnerability/wordpress-vpsuform-plugin-3-2-20-broken-access-control-vulnerability?_s_id=cve |
| lobehub–lobe-chat | Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project’s OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-* headers to the origin as-is, or where the origin trusts them without validation, an attacker can inject an arbitrary host and trigger an open redirect that sends users to a malicious domain. This issue has been patched in version 1.130.1. | 2025-09-25 | 4.3 | CVE-2025-59426 | https://github.com/lobehub/lobe-chat/security/advisories/GHSA-xph5-278p-26qx https://github.com/lobehub/lobe-chat/commit/70f52a3c1fadbd41a9db0e699d1e44d9965de445 https://github.com/lobehub/lobe-chat/blob/aa841a3879c30142720485182ad62aa0dbd74edc/src/app/(backend)/oidc/consent/route.ts#L113-L127 |
| WP Chill–Revive.so | Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6. | 2025-09-22 | 4.3 | CVE-2025-59551 | https://patchstack.com/database/wordpress/plugin/revive-so/vulnerability/wordpress-revive-so-plugin-2-0-6-broken-access-control-vulnerability?_s_id=cve |
| payrexx–Payrexx Payment Gateway for WooCommerce | Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5. | 2025-09-22 | 4.3 | CVE-2025-59559 | https://patchstack.com/database/wordpress/plugin/woo-payrexx-gateway/vulnerability/wordpress-payrexx-payment-gateway-for-woocommerce-plugin-3-1-5-broken-access-control-vulnerability?_s_id=cve |
| hashthemes–Smart Blocks | Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4. | 2025-09-22 | 4.3 | CVE-2025-59561 | https://patchstack.com/database/wordpress/plugin/smart-blocks/vulnerability/wordpress-smart-blocks-plugin-2-4-broken-access-control-vulnerability?_s_id=cve |
| Elliot Sowersby / RelyWP–Coupon Affiliates | Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0. | 2025-09-22 | 4.3 | CVE-2025-59567 | https://patchstack.com/database/wordpress/plugin/woo-coupon-usage/vulnerability/wordpress-coupon-affiliates-plugin-6-8-0-broken-access-control-vulnerability?_s_id=cve |
| Zoho Flow–Zoho Flow | Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1. | 2025-09-22 | 4.3 | CVE-2025-59568 | https://patchstack.com/database/wordpress/plugin/zoho-flow/vulnerability/wordpress-zoho-flow-plugin-2-14-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Stylemix–MasterStudy LMS | Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20. | 2025-09-22 | 4.3 | CVE-2025-59577 | https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-6-20-race-condition-vulnerability?_s_id=cve |
| AdvancedCoding–wpDiscuz | Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpDiscuz: from n/a through 7.6.33. | 2025-09-22 | 4.3 | CVE-2025-59591 | https://patchstack.com/database/wordpress/plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-33-broken-access-control-vulnerability?_s_id=cve |
| Artifex–Ghostscript | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | 2025-09-22 | 4.3 | CVE-2025-59798 | https://bugs.ghostscript.com/show_bug.cgi?id=708539 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7 |
| Artifex–Ghostscript | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | 2025-09-22 | 4.3 | CVE-2025-59799 | https://bugs.ghostscript.com/show_bug.cgi?id=708517 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781 |
| Artifex–Ghostscript | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. | 2025-09-22 | 4.3 | CVE-2025-59800 | https://bugs.ghostscript.com/show_bug.cgi?id=708602 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350 |
| Artifex–GhostXPS | In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. | 2025-09-22 | 4.3 | CVE-2025-59801 | https://bugs.ghostscript.com/show_bug.cgi?id=708819 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=99727069197d548a8db69ba5d63f766bff40eaab |
| glib-networking’s OpenSSL backend –N/A | glib-networking’s OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. | 2025-09-25 | 4.8 | CVE-2025-60018 | https://access.redhat.com/security/cve/CVE-2025-60018 RHBZ#2398135 https://gitlab.gnome.org/GNOME/glib-networking/-/issues/226 |
| Shahjada–Download Manager | Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. | 2025-09-26 | 4.3 | CVE-2025-60093 | https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Benjamin Intal–Stackable | Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | 2025-09-26 | 4.3 | CVE-2025-60094 | https://patchstack.com/database/wordpress/plugin/stackable-ultimate-gutenberg-blocks/vulnerability/wordpress-stackable-plugin-3-18-1-broken-access-control-vulnerability?_s_id=cve |
| Benjamin Intal–Stackable | Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1. | 2025-09-26 | 4.3 | CVE-2025-60095 | https://patchstack.com/database/wordpress/plugin/stackable-ultimate-gutenberg-blocks/vulnerability/wordpress-stackable-plugin-3-18-1-sensitive-data-exposure-vulnerability?_s_id=cve |
| Roxnor–EmailKit | Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0. | 2025-09-26 | 4.9 | CVE-2025-60106 | https://patchstack.com/database/wordpress/plugin/emailkit/vulnerability/wordpress-emailkit-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve |
| grooni–Groovy Menu | Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu allows Cross Site Request Forgery. This issue affects Groovy Menu: from n/a through 1.4.3. | 2025-09-26 | 4.3 | CVE-2025-60113 | https://patchstack.com/database/wordpress/plugin/groovy-menu-free/vulnerability/wordpress-groovy-menu-plugin-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| instapagedev–Instapage Plugin | Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin allows Cross Site Request Forgery. This issue affects Instapage Plugin: from n/a through 3.5.12. | 2025-09-26 | 4.3 | CVE-2025-60115 | https://patchstack.com/database/wordpress/plugin/instapage/vulnerability/wordpress-instapage-plugin-plugin-3-5-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| TangibleWP–Vehica Core | Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core allows Cross Site Request Forgery. This issue affects Vehica Core: from n/a through 1.0.100. | 2025-09-26 | 4.3 | CVE-2025-60117 | https://patchstack.com/database/wordpress/plugin/vehica-core/vulnerability/wordpress-vehica-core-plugin-1-0-100-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| HivePress–HivePress Claim Listings | Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3. | 2025-09-26 | 4.3 | CVE-2025-60122 | https://patchstack.com/database/wordpress/plugin/hivepress-claim-listings/vulnerability/wordpress-hivepress-claim-listings-plugin-1-1-3-broken-access-control-vulnerability?_s_id=cve |
| HivePress–HivePress Claim Listings | Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3. | 2025-09-26 | 4.3 | CVE-2025-60123 | https://patchstack.com/database/wordpress/plugin/hivepress-claim-listings/vulnerability/wordpress-hivepress-claim-listings-plugin-1-1-3-broken-access-control-vulnerability-2?_s_id=cve |
| WP Delicious–Delisho | Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3. | 2025-09-26 | 4.3 | CVE-2025-60128 | https://patchstack.com/database/wordpress/plugin/dr-widgets-blocks/vulnerability/wordpress-delisho-plugin-1-1-3-broken-access-control-vulnerability?_s_id=cve |
| Galaxy Weblinks–Post Featured Video | Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video allows Cross Site Request Forgery. This issue affects Post Featured Video: from n/a through 1.7. | 2025-09-26 | 4.3 | CVE-2025-60137 | https://patchstack.com/database/wordpress/plugin/post-featured-video/vulnerability/wordpress-post-featured-video-plugin-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| Joovii–Sendle Shipping | Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping allows Cross Site Request Forgery. This issue affects Sendle Shipping: from n/a through 6.02. | 2025-09-26 | 4.3 | CVE-2025-60139 | https://patchstack.com/database/wordpress/plugin/official-sendle-shipping-method/vulnerability/wordpress-sendle-shipping-plugin-6-02-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| netgsm–Netgsm | Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58. | 2025-09-26 | 4.3 | CVE-2025-60143 | https://patchstack.com/database/wordpress/plugin/netgsm/vulnerability/wordpress-netgsm-plugin-2-9-58-broken-access-control-vulnerability?_s_id=cve |
| yonifre–Lenix scss compiler | Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler allows Cross Site Request Forgery. This issue affects Lenix scss compiler: from n/a through 1.2. | 2025-09-26 | 4.3 | CVE-2025-60145 | https://patchstack.com/database/wordpress/plugin/lenix-scss-compiler/vulnerability/wordpress-lenix-scss-compiler-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| wpshuffle–Subscribe to Download | Missing Authorization vulnerability in wpshuffle Subscribe to Download allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe to Download: from n/a through 2.0.9. | 2025-09-26 | 4.3 | CVE-2025-60148 | https://patchstack.com/database/wordpress/plugin/subscribe-to-download/vulnerability/wordpress-subscribe-to-download-plugin-2-0-9-broken-access-control-vulnerability?_s_id=cve |
| wpshuffle–Subscribe To Unlock | Missing Authorization vulnerability in wpshuffle Subscribe To Unlock allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe To Unlock: from n/a through 1.1.5. | 2025-09-26 | 4.3 | CVE-2025-60152 | https://patchstack.com/database/wordpress/plugin/subscribe-to-unlock/vulnerability/wordpress-subscribe-to-unlock-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve |
| webmaniabr–Nota Fiscal Eletrnica WooCommerce | Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6. | 2025-09-26 | 4.3 | CVE-2025-60159 | https://patchstack.com/database/wordpress/plugin/nota-fiscal-eletronica-woocommerce/vulnerability/wordpress-nota-fiscal-eletronica-woocommerce-plugin-3-4-0-6-broken-access-control-vulnerability?_s_id=cve |
| HaruTheme–Frames | Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. | 2025-09-26 | 4.3 | CVE-2025-60165 | https://patchstack.com/database/wordpress/theme/frames/vulnerability/wordpress-frames-theme-1-5-7-broken-access-control-vulnerability?_s_id=cve |
| wpshuffle–WP Subscription Forms PRO | Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5. | 2025-09-26 | 4.3 | CVE-2025-60166 | https://patchstack.com/database/wordpress/plugin/wp-subscription-forms-pro/vulnerability/wordpress-wp-subscription-forms-pro-plugin-2-0-5-arbitrary-content-deletion-vulnerability?_s_id=cve |
| honzat–Page Manager for Elementor | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | 2025-09-26 | 4.3 | CVE-2025-60167 | https://patchstack.com/database/wordpress/plugin/page-manager-for-elementor/vulnerability/wordpress-page-manager-for-elementor-plugin-2-0-5-sensitive-data-exposure-vulnerability?_s_id=cve |
| Unitree–Go2 | Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV. | 2025-09-26 | 4.7 | CVE-2025-60250 | https://spectrum.ieee.org/unitree-robot-exploit https://github.com/Bin4ry/UniPwn https://news.ycombinator.com/item?id=45381590 |
| Akll Ticaret Software Technologies Ltd. Co.–Smart Trade E-Commerce | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1. | 2025-09-22 | 4.6 | CVE-2025-8079 | https://www.usom.gov.tr/bildirim/tr-25-0283 |
| DivvyDrive Information Technologies Inc.–DivvyDrive Web | Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15. | 2025-09-24 | 4.3 | CVE-2025-9031 | https://www.usom.gov.tr/bildirim/tr-25-0293 |
| milankyada–VM Menu Reorder plugin | The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers to reset all menu reordering settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-9893 | https://www.wordfence.com/threat-intel/vulnerabilities/id/df7e57a7-ba15-4181-89f9-e3f1f5de36cf?source=cve https://plugins.trac.wordpress.org/browser/vm-menu-reorder/trunk/vm-menu-class.php#L275 |
| cristianr909090–Sync Feedly | The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-9894 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3889aa6f-987a-4a2d-80fd-28628a6ed287?source=cve https://plugins.trac.wordpress.org/browser/sync-feedly/trunk/sync-feedly.php#L156 |
| funnnny–HidePost | The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-9896 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1a618dbf-1180-4937-8466-5abc784a3365?source=cve https://plugins.trac.wordpress.org/browser/hidepost/tags/2.3.8/options.php#L7 |
| compojoom–cForms Light speed fast Form Builder | The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possible for unauthenticated attackers to modify forms and their settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-9898 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ac23bca5-38dd-4460-83ce-5f7fc8a1f6a0?source=cve https://plugins.trac.wordpress.org/browser/cforms-plugin/trunk/admin/api/form.php#L36 |
| kelderic–Professional Contact Form | The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for unauthenticated attackers to trigger test email sending via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-09-27 | 4.3 | CVE-2025-9944 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b8a82989-e7e7-484a-b619-3897d88872b9?source=cve https://plugins.trac.wordpress.org/browser/professional-contact-form/tags/1.0.0/includes/mailer.php#L31 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| n/a–Coinomi | A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: “(…) there isn’t any security implication associated with your findings.” | 2025-09-23 | 3.7 | CVE-2017-20200 | VDB-325143 | Coinomi cleartext transmission VDB-325143 | CTI Indicators (IOB, IOC, TTP) Submit #653875 | COINOMI LTD Coinomi <=1.7.6 Cleartext Transmission of Sensitive Information (information dis https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213 https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/ https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549 https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/ |
| WSO2–WSO2 Identity Server as Key Manager | An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may associate the new account with the previously registered FIDO device. This flaw may allow a previously deleted user to authenticate using their FIDO credentials and impersonate the newly created user, resulting in unauthorized access. The vulnerability applies only to deployments that utilize FIDO-based authentication. | 2025-09-23 | 3.3 | CVE-2025-0672 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3134/ |
| LionCoders–SalePro POS | A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-22 | 3.7 | CVE-2025-10776 | VDB-325132 | LionCoders SalePro POS Login cleartext transmission VDB-325132 | CTI Indicators (IOB, IOC, TTP) Submit #650795 | LionCoders SalePro POS 5.5.0 Cleartext Transmission of Sensitive Information https://github.com/PlsRevert/CVEs/issues/1 https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584 |
| n/a–Smartstore | A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack’s complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-22 | 3.1 | CVE-2025-10778 | VDB-325134 | Smartstore Gift Voucher confirm race condition VDB-325134 | CTI Indicators (IOB, IOC, IOA) Submit #640785 | Smartstore AG Smartstore 6.2.0 Race Condition |
| axboe–fio | A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. | 2025-09-22 | 3.3 | CVE-2025-10823 | VDB-325180 | axboe fio options.c str_buffer_pattern_cb null pointer dereference VDB-325180 | CTI Indicators (IOB, IOC, IOA) Submit #654069 | Jens Axboe Fio 3.41 / master commit 84787ad NULL Pointer Dereference https://github.com/axboe/fio/issues/1982 https://github.com/user-attachments/files/22266964/poc.zip |
| code-projects–Simple Food Ordering System | A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-09-23 | 3.5 | CVE-2025-10837 | VDB-325194 | code-projects Simple Food Ordering System order.php cross site scripting VDB-325194 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #657108 | code-projects Simple Food Ordering System 1.0 Improper Neutralization of Alternate XSS Syntax https://github.com/asd1238525/cve/blob/main/xss3.md https://code-projects.org/ |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. | 2025-09-26 | 3.5 | CVE-2025-10867 | GitLab Issue #517757 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs. | 2025-09-26 | 3.5 | CVE-2025-10868 | GitLab Issue #526482 |
| GitLab–GitLab | An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges. | 2025-09-26 | 3.8 | CVE-2025-10871 | GitLab Issue #569482 |
| MikeCen–WeChat-Face-Recognition | A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 3.5 | CVE-2025-10943 | VDB-325813 | MikeCen WeChat-Face-Recognition wx.php valid cross site scripting VDB-325813 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651882 | MikeCen WeChat-Face-Recognition master CWE-79 https://github.com/MikeCen/WeChat-Face-Recognition/blob/master/wx.php#L25 |
| yi-ge–get-header-ip | A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 3.5 | CVE-2025-10944 | VDB-325814 | yi-ge get-header-ip ip.php cross site scripting VDB-325814 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651884 | yi-ge get-header-ip master CWE-79 https://github.com/yi-ge/get-header-ip/blob/master/ip.php#L32 |
| nuz007–smsboom | A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | 2025-09-25 | 3.5 | CVE-2025-10945 | VDB-325815 | nuz007 smsboom d.php cross site scripting VDB-325815 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651886 | nuz007 smsboom master CWE-79 https://github.com/nuz007/smsboom/blob/main/d.php#L25 |
| nuz007–smsboom | A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | 2025-09-25 | 3.5 | CVE-2025-10946 | VDB-325816 | nuz007 smsboom dy.php cross site scripting VDB-325816 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651887 | nuz007 smsboom master CWE-79 https://github.com/nuz007/smsboom/blob/main/dy.php#L20 |
| n/a–JeecgBoot | A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 3.1 | CVE-2025-10976 | VDB-325847 | JeecgBoot getDepartUserList improper authorization VDB-325847 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653333 | jeecgboot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063349 |
| n/a–JeecgBoot | A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 3.1 | CVE-2025-10977 | VDB-325848 | JeecgBoot deleteBatch improper authorization VDB-325848 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #653335 | jeecgboot JeecgBoot 3.8.2 broken function level authorization https://www.cnblogs.com/aibot/p/19063351 |
| n/a–Open Babel | A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. | 2025-09-26 | 3.3 | CVE-2025-10998 | VDB-325926 | Open Babel chemkinformat.cpp ReadReactionQualifierLines null pointer dereference VDB-325926 | CTI Indicators (IOB, IOC, IOA) Submit #654063 | Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference https://github.com/openbabel/openbabel/issues/2829 https://github.com/user-attachments/files/22318526/poc.zip |
| n/a–Open Babel | A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public and could be used. | 2025-09-26 | 3.3 | CVE-2025-10999 | VDB-325927 | Open Babel cacaoformat.cpp SetHilderbrandt null pointer dereference VDB-325927 | CTI Indicators (IOB, IOC, IOA) Submit #654064 | Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference https://github.com/openbabel/openbabel/issues/2827 https://github.com/user-attachments/files/22318503/poc.zip |
| n/a–Open Babel | A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. | 2025-09-26 | 3.3 | CVE-2025-11000 | VDB-325928 | Open Babel PQSformat.cpp ReadMolecule null pointer dereference VDB-325928 | CTI Indicators (IOB, IOC, IOA) Submit #654066 | Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference https://github.com/openbabel/openbabel/issues/2826 https://github.com/user-attachments/files/22318474/poc.zip |
| n/a–BehaviorTree | A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue. | 2025-09-26 | 3.3 | CVE-2025-11011 | VDB-325954 | BehaviorTree json_export.cpp fromJson null pointer dereference VDB-325954 | CTI Indicators (IOB, IOC, IOA) Submit #654073 | Davide Faconti BehaviorTree 4.7.0 / master commit 8d47d39 NULL Pointer Dereference https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1008 https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1009 https://github.com/user-attachments/files/22270928/poc.zip https://github.com/BehaviorTree/BehaviorTree.CPP/commit/4b23dcaf0ce951a31299ebdd61df69f9ce99a76d |
| n/a–BehaviorTree | A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | 2025-09-26 | 3.3 | CVE-2025-11013 | VDB-325956 | BehaviorTree XML Parser xml_parsing.cpp loadDocImpl null pointer dereference VDB-325956 | CTI Indicators (IOB, IOC, IOA) Submit #654075 | Davide Faconti BehaviorTree 4.7.0 / master commit 8d47d39 NULL Pointer Dereference https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1003 https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1004 https://github.com/user-attachments/files/22245915/poc.zip |
| OGRECave–Ogre | A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used. | 2025-09-26 | 3.3 | CVE-2025-11017 | VDB-325960 | OGRECave Ogre OgreLogManager.cpp stream null pointer dereference VDB-325960 | CTI Indicators (IOB, IOC, IOA) Submit #654456 | Ogre3D Ogre v14.4.1 / master commit f629d22 NULL Pointer Dereference https://github.com/OGRECave/ogre/issues/3447 https://github.com/user-attachments/files/22335685/poc.zip |
| givanz–Vvveb | A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Once again the project maintainer reacted very professional: “I accept the existence of these vulnerabilities. (…) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release.” | 2025-09-26 | 3.5 | CVE-2025-11026 | VDB-325964 | givanz Vvveb Configuration File information disclosure VDB-325964 | CTI Indicators (IOB, IOC, TTP) Submit #657181 | givanz Vvveb Vvveb 1.0.7.2 Information Disclosure https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1 |
| GNU–Binutils | A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue. | 2025-09-27 | 3.3 | CVE-2025-11081 | VDB-326122 | GNU Binutils objdump.c dump_dwarf_section out-of-bounds VDB-326122 | CTI Indicators (IOB, IOC, IOA) Submit #661275 | GNU Binutils 2.45 Out-of-Bounds Read https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://www.gnu.org/ |
| code-projects–Project Monitoring System | A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-09-28 | 3.5 | CVE-2025-11124 | VDB-326205 | code-projects Project Monitoring System postjob.php cross site scripting VDB-326205 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #664309 | code-projects Project Monitoring System 1.0 Improper Neutralization of Alternate XSS Syntax https://github.com/asd1238525/cve/blob/main/xss4.md https://github.com/asd1238525/cve/blob/main/xss4.md#poc https://code-projects.org/ |
| WSO2–WSO2 Identity Server | A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct “User does not exist” error message to the login form, regardless of the validate_username setting. This behavior allows malicious actors to determine which usernames exist in the system based on observable discrepancies in the application’s responses. Exploitation of this vulnerability could aid in brute-force attacks, targeted phishing campaigns, or other social engineering techniques by confirming the validity of user identifiers within the system. | 2025-09-26 | 3.7 | CVE-2025-1396 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3983/ |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | 2025-09-24 | 3.3 | CVE-2025-23248 | https://nvd.nist.gov/vuln/detail/CVE-2025-23248 https://www.cve.org/CVERecord?id=CVE-2025-23248 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service. | 2025-09-24 | 3.3 | CVE-2025-23255 | https://nvd.nist.gov/vuln/detail/CVE-2025-23255 https://www.cve.org/CVERecord?id=CVE-2025-23255 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | 2025-09-24 | 3.3 | CVE-2025-23271 | https://nvd.nist.gov/vuln/detail/CVE-2025-23271 https://www.cve.org/CVERecord?id=CVE-2025-23271 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. | 2025-09-24 | 3.3 | CVE-2025-23308 | https://nvd.nist.gov/vuln/detail/CVE-2025-23308 https://www.cve.org/CVERecord?id=CVE-2025-23308 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. | 2025-09-24 | 3.3 | CVE-2025-23338 | https://nvd.nist.gov/vuln/detail/CVE-2025-23338 https://www.cve.org/CVERecord?id=CVE-2025-23338 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump. | 2025-09-24 | 3.3 | CVE-2025-23339 | https://nvd.nist.gov/vuln/detail/CVE-2025-23339 https://www.cve.org/CVERecord?id=CVE-2025-23339 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | 2025-09-24 | 3.3 | CVE-2025-23340 | https://nvd.nist.gov/vuln/detail/CVE-2025-23340 https://www.cve.org/CVERecord?id=CVE-2025-23340 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service. | 2025-09-24 | 3.3 | CVE-2025-23346 | https://nvd.nist.gov/vuln/detail/CVE-2025-23346 https://www.cve.org/CVERecord?id=CVE-2025-23346 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| IBM–watsonx.data | IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | 2025-09-27 | 3.3 | CVE-2025-36144 | https://www.ibm.com/support/pages/node/7246267 |
| IBM–Cognos Controller | IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies. | 2025-09-26 | 3.7 | CVE-2025-36326 | https://www.ibm.com/support/pages/node/7246015 |
| Rapid7–Appspider Pro | Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application’s configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management. This vulnerability was remediated in version 7.5.021 of the product. | 2025-09-25 | 3.3 | CVE-2025-36857 | https://docs.rapid7.com/insight/releasenotes-2025sep/#application-security-insightappsec-and-appspider |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim’s project. | 2025-09-26 | 3.5 | CVE-2025-5069 | GitLab Issue #544926 HackerOne Bug Bounty Report #3019236 |
| Zohocorp–Endpoint Central | ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13. | 2025-09-25 | 3.9 | CVE-2025-5494 | https://www.manageengine.com/products/desktop-central/privilege-escalation-endpointcentral-agent.html |
| codepeople–CP Multi View Event Calendar | Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32. | 2025-09-22 | 3.8 | CVE-2025-58009 | https://patchstack.com/database/wordpress/plugin/cp-multi-view-calendar/vulnerability/wordpress-cp-multi-view-event-calendar-plugin-1-4-32-broken-access-control-vulnerability?_s_id=cve |
| Alex–Content Mask | Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2. | 2025-09-22 | 3.8 | CVE-2025-58012 | https://patchstack.com/database/wordpress/plugin/content-mask/vulnerability/wordpress-content-mask-plugin-1-8-5-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| glib-networking’s OpenSSL backend –N/A | glib-networking’s OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location. | 2025-09-25 | 3.7 | CVE-2025-60019 | https://access.redhat.com/security/cve/CVE-2025-60019 RHBZ#2398140 https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227 |
| roxnor–ShopEngine Elementor WooCommerce Builder Addon All in One WooCommerce Solution | The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin’s settings. | 2025-09-26 | 2.7 | CVE-2025-10173 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2d8b816f-815a-4109-b34b-06e806c765e8?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365569%40shopengine&new=3365569%40shopengine&sfp_email=&sfph_mail= |
| Mangati–NovoSGA | A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-24 | 2.4 | CVE-2025-10909 | VDB-325696 | Mangati NovoSGA SVG File admin cross site scripting VDB-325696 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651379 | Mangati NovoSGA 2.2.9 Cross Site Scripting https://hackmd.io/@noka/B1qwCyR9ll https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload |
| Total.js–CMS | A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 2.4 | CVE-2025-10940 | VDB-325810 | Total.js CMS Layout admin layouts_save cross site scripting VDB-325810 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #651867 | Total.js CMS 10 Cross Site Scripting |
| Changsha Developer Technology–iView Editor | A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-09-25 | 2.4 | CVE-2025-10949 | VDB-325819 | Changsha Developer Technology iView Editor Markdown cross site scripting VDB-325819 | CTI Indicators (IOB, IOC, TTP) Submit #652402 | Changsha Developer Technology Co., Ltd. iView Editor <=1.1.1 XSS vulnerability https://github.com/duckpigdog/CVE/blob/main/iView%20Editor%20XSS.docx |
| Total.js–CMS | A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-09-26 | 2.4 | CVE-2025-11019 | VDB-325962 | Total.js CMS Files Menu cross site scripting VDB-325962 | CTI Indicators (IOB, IOC, TTP) Submit #651427 | Total.js CMS v19.9.0 Cross Site Scripting |
| givanz–Vvveb | A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once again the project maintainer reacted very professional: “I accept the existence of these vulnerabilities. (…) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release.” | 2025-09-26 | 2.4 | CVE-2025-11027 | VDB-325965 | givanz Vvveb SVG File cross site scripting VDB-325965 | CTI Indicators (IOB, IOC, TTP) Submit #657184 | givanz Vvveb Vvveb 1.0.7.2 File Upload https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec |
| Projectworlds–Visitor Management System | A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-09-27 | 2.4 | CVE-2025-11067 | VDB-326106 | Projectworlds Visitor Management System Add Visitor myform.php cross site scripting VDB-326106 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659652 | projectworlds Visitor Management System V 1.0 Cross Site Scripting https://github.com/tddgns/cve/issues/2 |
| westboy–CicadasCMS | A vulnerability was found in westboy CicadasCMS 1.0. Affected by this vulnerability is an unknown functionality of the file /system/cms/category/save. The manipulation of the argument categoryName results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. | 2025-09-27 | 2.4 | CVE-2025-11068 | VDB-326107 | westboy CicadasCMS save cross site scripting VDB-326107 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #658064 | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS 1.0 Incomplete Denylist to Cross-Site Scripting https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS2.md |
| westboy–CicadasCMS | A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | 2025-09-27 | 2.4 | CVE-2025-11069 | VDB-326108 | westboy CicadasCMS Add Department save cross site scripting VDB-326108 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #659653 | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS v1.0 Cross Site Scripting https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS3.md |
| NVIDIA–NVIDIA CUDA Toolkit | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service. | 2025-09-24 | 2.5 | CVE-2025-23273 | https://nvd.nist.gov/vuln/detail/CVE-2025-23273 https://www.cve.org/CVERecord?id=CVE-2025-23273 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0. | 2025-09-23 | 2.4 | CVE-2025-59546 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Rob–W / cors-anywhere–Rob–W / cors-anywhere | Rob — W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections. | 2025-09-25 | not yet calculated | CVE-2020-36851 | https://github.com/Rob–W/cors-anywhere/issues/152 https://github.com/Rob–W/cors-anywhere/issues/78 https://www.certik.com/resources/blog/cors-anywhere-dangers-of-misconfigured-third-party-software https://www.vulncheck.com/advisories/rob-w-cors-anywhere-misconfigured-cors-proxy-allows-ssrf https://github.com/SocketDev/security-research/security/advisories/GHSA-9wmg-93pw-fc3g https://github.com/Rob–W/cors-anywhere/issues/521 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable. | 2025-09-24 | not yet calculated | CVE-2024-58241 | https://git.kernel.org/stable/c/cfdb13a54e05eb98d9940cb6d1a13e7f994d811f https://git.kernel.org/stable/c/989fa5171f005ecf63440057218d8aeb1795287d |
| Invoice Ninja–Invoice Ninja 5 | Incorrect handling of uploaded files in the admin “Restore” function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files. | 2025-09-22 | not yet calculated | CVE-2025-10009 | https://github.com/invoiceninja/invoiceninja/commit/02151b570b226b4584a8e61b06b10be9366da3de |
| OnePlus–OxygenOS | The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers. | 2025-09-23 | not yet calculated | CVE-2025-10184 | https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/ https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip |
| Perforce–Puppet Enterprise | In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can’t update to the latest version. | 2025-09-24 | not yet calculated | CVE-2025-10360 | https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255 |
| Google–Chrome | Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10500 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html https://issues.chromium.org/issues/435875050 |
| Google–Chrome | Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10501 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html https://issues.chromium.org/issues/440737137 |
| Google–Chrome | Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10502 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html https://issues.chromium.org/issues/438038775 |
| iMonitor Software Inc.–iMonitor EAM | iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents. | 2025-09-25 | not yet calculated | CVE-2025-10540 | https://r.sec-consult.com/imonitor |
| iMonitor Software Inc.–iMonitor EAM | iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITYSYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:sysupdate directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to privilege escalation. | 2025-09-25 | not yet calculated | CVE-2025-10541 | https://r.sec-consult.com/imonitor |
| iMonitor Software Inc.–iMonitor EAM | iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients. | 2025-09-25 | not yet calculated | CVE-2025-10542 | https://r.sec-consult.com/imonitor |
| AvePoint–DocAve | Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root. | 2025-09-26 | not yet calculated | CVE-2025-10544 | https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products |
| CleverControl–CleverControl employee monitoring software | The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe –insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed. | 2025-09-23 | not yet calculated | CVE-2025-10548 | https://r.sec-consult.com/clevercontrol |
| Google–Chrome | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10585 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html https://issues.chromium.org/issues/445380761 |
| Docker–Docker Desktop | In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket. | 2025-09-26 | not yet calculated | CVE-2025-10657 | https://docs.docker.com/desktop/release-notes |
| Dingtian–DT-R002 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user’s username without authentication. | 2025-09-25 | not yet calculated | CVE-2025-10879 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 |
| Dingtian–DT-R002 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary “Dingtian Binary” protocol password by sending an unauthenticated GET request. | 2025-09-25 | not yet calculated | CVE-2025-10880 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 |
| Google–Chrome | Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10890 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/430336833 |
| Google–Chrome | Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10891 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/443765373 |
| Google–Chrome | Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-09-24 | not yet calculated | CVE-2025-10892 | https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/444048019 |
| Syrotech Networks–Syrotech SY-GPON-2010-WADONT | This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device. | 2025-09-25 | not yet calculated | CVE-2025-10957 | https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0223 |
| TOTOLINK–X6000R | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708. | 2025-09-25 | not yet calculated | CVE-2025-11005 | https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0005/PANW-2025-0005.md |
| Asterisk–Asterisk | A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart. | 2025-09-23 | not yet calculated | CVE-2025-1131 | https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp |
| RTI–Connext Professional | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | 2025-09-23 | not yet calculated | CVE-2025-1255 | https://www.rti.com/vulnerabilities/#cve-2025-1255 |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | 2025-09-22 | not yet calculated | CVE-2025-25177 | https://www.imaginationtech.com/gpu-driver-vulnerabilities/ |
| Sourcecodester[.]com — EMS v1.0 | Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via ‘Add Designation.’ | 2025-09-26 | not yet calculated | CVE-2025-26258 | https://www.sourcecodester.com/php/17847/employee-management-system-using-php-and-mysql-source-code.html https://github.com/oye-ujjwal/CVEs/blob/main/Employee%20Management%20System%20App/CVE-2025-26258 |
| DREF — dref v0.1.2 | A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-09-25 | not yet calculated | CVE-2025-26278 | https://gist.github.com/tariqhawis/ad92d5e683f3a5d83e0629955ff42ad7 https://github.com/OrangeShieldInfos/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-26278 |
| Ericsson–Indoor Connect 8855 | Ericsson Indoor Connect 8855 contains a SQL injection vulnerability which if exploited can lead to unauthorized disclosure and modification of user and configuration data. | 2025-09-25 | not yet calculated | CVE-2025-27261 | https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 |
| Ericsson–Indoor Connect 8855 | Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification of user and configuration data. It may also be possible to execute commands with escalated privileges, impact service availability, as well as modify system files and configuration data. | 2025-09-25 | not yet calculated | CVE-2025-27262 | https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 |
| CSZCMS[.]com — CSZ-CMS v.1.3.0 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. | 2025-09-23 | not yet calculated | CVE-2025-29083 | https://github.com/fax77829yz/CSZ_CMS-exploit/blob/main/README.md#cve2 |
| CSZCMS[.]com — CSZ-CMS v.1.3.0 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. | 2025-09-23 | not yet calculated | CVE-2025-29084 | https://github.com/fax77829yz/CSZ_CMS-exploit/blob/main/README.md#cve1 |
| https//petstore[.]swagger[.]io / OpenAPI 3 petstore — petstore v.1.0.7 | An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint | 2025-09-25 | not yet calculated | CVE-2025-29155 | https://github.com/swagger-api/swagger-petstore https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml https://gist.github.com/HouqiyuA/4efd1aac7c7c7ab0cd5db48d62541a74 |
| https//petstore[.]swagger[.]io / OpenAPI 3 petstore — petstore v.1.0.7 | Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet | 2025-09-25 | not yet calculated | CVE-2025-29156 | https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fswagger-api%2Fswagger-petstore&sa=D&sntz=1&usg=AOvVaw0bPYxOZ-XKNAbTj4h0EOMD https://gist.github.com/HouqiyuA/9d2c3f0ba075d01631aff879546e419c |
| https//petstore[.]swagger[.]io / OpenAPI 3 petstore — petstore v.1.0.7 | An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version | 2025-09-25 | not yet calculated | CVE-2025-29157 | https://github.com/swagger-api/swagger-petstore https://petstore3.swagger.io/#/pet/updatePet https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443 |
| Nagios–Nagios XI | Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user. | 2025-09-25 | not yet calculated | CVE-2025-34227 | https://www.nagios.com/changelog/ https://www.nagios.com/products/security/ https://www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injection |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncate_folio_batch_exceptionals() Commit 0e2f80afcfa6(“fs/dax: ensure all pages are idle prior to filesystem unmount”) introduced the WARN_ON_ONCE to capture whether the filesystem has removed all DAX entries or not and applied the fix to xfs and ext4. Apply the missed fix on erofs to fix the runtime warning: [ 5.266254] ————[ cut here ]———— [ 5.266274] WARNING: CPU: 6 PID: 3109 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xff/0x260 [ 5.266294] Modules linked in: [ 5.266999] CPU: 6 UID: 0 PID: 3109 Comm: umount Tainted: G S 6.16.0+ #6 PREEMPT(voluntary) [ 5.267012] Tainted: [S]=CPU_OUT_OF_SPEC [ 5.267017] Hardware name: Dell Inc. OptiPlex 5000/05WXFV, BIOS 1.5.1 08/24/2022 [ 5.267024] RIP: 0010:truncate_folio_batch_exceptionals+0xff/0x260 [ 5.267076] Code: 00 00 41 39 df 7f 11 eb 78 83 c3 01 49 83 c4 08 41 39 df 74 6c 48 63 f3 48 83 fe 1f 0f 83 3c 01 00 00 43 f6 44 26 08 01 74 df <0f> 0b 4a 8b 34 22 4c 89 ef 48 89 55 90 e8 ff 54 1f 00 48 8b 55 90 [ 5.267083] RSP: 0018:ffffc900013f36c8 EFLAGS: 00010202 [ 5.267095] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 5.267101] RDX: ffffc900013f3790 RSI: 0000000000000000 RDI: ffff8882a1407898 [ 5.267108] RBP: ffffc900013f3740 R08: 0000000000000000 R09: 0000000000000000 [ 5.267113] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 5.267119] R13: ffff8882a1407ab8 R14: ffffc900013f3888 R15: 0000000000000001 [ 5.267125] FS: 00007aaa8b437800(0000) GS:ffff88850025b000(0000) knlGS:0000000000000000 [ 5.267132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5.267138] CR2: 00007aaa8b3aac10 CR3: 000000024f764000 CR4: 0000000000f52ef0 [ 5.267144] PKRU: 55555554 [ 5.267150] Call Trace: [ 5.267154] <TASK> [ 5.267181] truncate_inode_pages_range+0x118/0x5e0 [ 5.267193] ? save_trace+0x54/0x390 [ 5.267296] truncate_inode_pages_final+0x43/0x60 [ 5.267309] evict+0x2a4/0x2c0 [ 5.267339] dispose_list+0x39/0x80 [ 5.267352] evict_inodes+0x150/0x1b0 [ 5.267376] generic_shutdown_super+0x41/0x180 [ 5.267390] kill_block_super+0x1b/0x50 [ 5.267402] erofs_kill_sb+0x81/0x90 [erofs] [ 5.267436] deactivate_locked_super+0x32/0xb0 [ 5.267450] deactivate_super+0x46/0x60 [ 5.267460] cleanup_mnt+0xc3/0x170 [ 5.267475] __cleanup_mnt+0x12/0x20 [ 5.267485] task_work_run+0x5d/0xb0 [ 5.267499] exit_to_user_mode_loop+0x144/0x170 [ 5.267512] do_syscall_64+0x2b9/0x7c0 [ 5.267523] ? __lock_acquire+0x665/0x2ce0 [ 5.267535] ? __lock_acquire+0x665/0x2ce0 [ 5.267560] ? lock_acquire+0xcd/0x300 [ 5.267573] ? find_held_lock+0x31/0x90 [ 5.267582] ? mntput_no_expire+0x97/0x4e0 [ 5.267606] ? mntput_no_expire+0xa1/0x4e0 [ 5.267625] ? mntput+0x24/0x50 [ 5.267634] ? path_put+0x1e/0x30 [ 5.267647] ? do_faccessat+0x120/0x2f0 [ 5.267677] ? do_syscall_64+0x1a2/0x7c0 [ 5.267686] ? from_kgid_munged+0x17/0x30 [ 5.267703] ? from_kuid_munged+0x13/0x30 [ 5.267711] ? __do_sys_getuid+0x3d/0x50 [ 5.267724] ? do_syscall_64+0x1a2/0x7c0 [ 5.267732] ? irqentry_exit+0x77/0xb0 [ 5.267743] ? clear_bhb_loop+0x30/0x80 [ 5.267752] ? clear_bhb_loop+0x30/0x80 [ 5.267765] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 5.267772] RIP: 0033:0x7aaa8b32a9fb [ 5.267781] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 e9 83 0d 00 f7 d8 [ 5.267787] RSP: 002b:00007ffd7c4c9468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 5.267796] RAX: 0000000000000000 RBX: 00005a61592a8b00 RCX: 00007aaa8b32a9fb [ 5.267802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005a61592b2080 [ 5.267806] RBP: 00007ffd7c4c9540 R08: 00007aaa8b403b20 R09: 0000000000000020 [ 5.267812] R10: 0000000000000001 R11: 0000000000000246 R12: 00005a61592a8c00 [ 5.267817] R13: 00000000 —truncated— | 2025-09-23 | not yet calculated | CVE-2025-39868 | https://git.kernel.org/stable/c/91c34cd6ca1bc67ccf2d104834956af56b5893de https://git.kernel.org/stable/c/181993bb0d626cf88cc803f4356ce5c5abe86278 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_map[i][1] = i; The bug manifested as kernel crashes with “Oops – undefined instruction” on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang. Change the allocation to use sizeof(*queue_priority_map) which automatically gets the correct size for the 2D array structure. | 2025-09-23 | not yet calculated | CVE-2025-39869 | https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93 https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5 https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It’s simpler to just re-write it in a cleaner way. The issues here are: 1) If “idxd->max_wqs” is <= 0 then we call put_device(conf_dev) when “conf_dev” hasn’t been initialized. 2) If kzalloc_node() fails then again “conf_dev” is invalid. It’s either uninitialized or it points to the “conf_dev” from the previous iteration so it leads to a double free. It’s better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located. | 2025-09-23 | not yet calculated | CVE-2025-39870 | https://git.kernel.org/stable/c/25e6146c2812487a88f619d5ff6efbdcd5b2bc31 https://git.kernel.org/stable/c/df82c7901513fd0fc738052a8e6a330d92cc8ec9 https://git.kernel.org/stable/c/ec5430d090d0b6ace8fefa290fc37e88930017d2 https://git.kernel.org/stable/c/9f0e225635475b2285b966271d5e82cba74295b1 https://git.kernel.org/stable/c/39aaa337449e71a41d4813be0226a722827ba606 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Remove improper idxd_free The call to idxd_free() introduces a duplicate put_device() leading to a reference count underflow: refcount_t: underflow; use-after-free. WARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110 … Call Trace: <TASK> idxd_remove+0xe4/0x120 [idxd] pci_device_remove+0x3f/0xb0 device_release_driver_internal+0x197/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x74/0xf0 pci_unregister_driver+0x2e/0xb0 idxd_exit_module+0x34/0x7a0 [idxd] __do_sys_delete_module.constprop.0+0x183/0x280 do_syscall_64+0x54/0xd70 entry_SYSCALL_64_after_hwframe+0x76/0x7e The idxd_unregister_devices() which is invoked at the very beginning of idxd_remove(), already takes care of the necessary put_device() through the following call path: idxd_unregister_devices() -> device_unregister() -> put_device() In addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may trigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is called immediately after, it can result in a use-after-free. Remove the improper idxd_free() to avoid both the refcount underflow and potential memory corruption during module unload. | 2025-09-23 | not yet calculated | CVE-2025-39871 | https://git.kernel.org/stable/c/0e95ee7f532b21206fe3f1c4054002b0d21e3b9c https://git.kernel.org/stable/c/dd7a7e43269711d757fc260b0bbdf7138f75de11 https://git.kernel.org/stable/c/da4fbc1488a4cec6748da685181ee4449a878dac https://git.kernel.org/stable/c/f41c538881eec4dcf5961a242097d447f848cda6 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function. | 2025-09-23 | not yet calculated | CVE-2025-39872 | https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_can xcan_write_frame() keeps using SKB after the call. Fix that by only calling can_put_echo_skb() after the code is done touching the SKB. The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side so the order of operations does not matter. An earlier fix commit 3d3c817c3a40 (“can: xilinx_can: Fix usage of skb memory”) did not move the can_put_echo_skb() call far enough. [mkl: add “commit” in front of sha1 in patch description] [mkl: fix indention] | 2025-09-23 | not yet calculated | CVE-2025-39873 | https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa641f2fedbd3b44c https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f384510a54258f28f https://git.kernel.org/stable/c/668cc1e3bb21101d074e430de1b7ba8fd10189e7 https://git.kernel.org/stable/c/ef79f00be72bd81d2e1e6f060d83cf7e425deee4 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTM_NEWLINK Syzkaller managed to lock the lower device via ETHTOOL_SFEATURES: netdev_lock include/linux/netdevice.h:2761 [inline] netdev_lock_ops include/net/netdev_lock.h:42 [inline] netdev_sync_lower_features net/core/dev.c:10649 [inline] __netdev_update_features+0xcb1/0x1be0 net/core/dev.c:10819 netdev_update_features+0x6d/0xe0 net/core/dev.c:10876 macsec_notify+0x2f5/0x660 drivers/net/macsec.c:4533 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85 call_netdevice_notifiers_extack net/core/dev.c:2267 [inline] call_netdevice_notifiers net/core/dev.c:2281 [inline] netdev_features_change+0x85/0xc0 net/core/dev.c:1570 __dev_ethtool net/ethtool/ioctl.c:3469 [inline] dev_ethtool+0x1536/0x19b0 net/ethtool/ioctl.c:3502 dev_ioctl+0x392/0x1150 net/core/dev_ioctl.c:759 It happens because lower features are out of sync with the upper: __dev_ethtool (real_dev) netdev_lock_ops(real_dev) ETHTOOL_SFEATURES __netdev_features_change netdev_sync_upper_features disable LRO on the lower if (old_features != dev->features) netdev_features_change fires NETDEV_FEAT_CHANGE macsec_notify NETDEV_FEAT_CHANGE netdev_update_features (for each macsec dev) netdev_sync_lower_features if (upper_features != lower_features) netdev_lock_ops(lower) # lower == real_dev stuck … netdev_unlock_ops(real_dev) Per commit af5f54b0ef9e (“net: Lock lower level devices when updating features”), we elide the lock/unlock when the upper and lower features are synced. Makes sure the lower (real_dev) has proper features after the macsec link has been created. This makes sure we never hit the situation where we need to sync upper flags to the lower. | 2025-09-23 | not yet calculated | CVE-2025-39874 | https://git.kernel.org/stable/c/d7624629ccf47135c65fef0701fa0d9a115b87f3 https://git.kernel.org/stable/c/0f82c3ba66c6b2e3cde0f255156a753b108ee9dc |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when executing the ethtool loopback test. This occurs because there is no associated q_vector for the test ring when it is set up, as interrupts are typically not added to the test rings. Since commit 5ef44b3cb43b removed the napi_id assignment in __xdp_rxq_info_reg(), there is no longer a need to pass a napi_id to it. Therefore, simply use 0 as the last parameter. | 2025-09-23 | not yet calculated | CVE-2025-39875 | https://git.kernel.org/stable/c/473be7d39efd3be383e9c0c8e44b53508b4ffeb5 https://git.kernel.org/stable/c/75871a525a596ff4d16c4aebc0018f8d0923c9b1 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev. | 2025-09-23 | not yet calculated | CVE-2025-39876 | https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad21f691390651752 https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9829ef822f3c32e7 https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5 https://git.kernel.org/stable/c/eb148d85e126c47d65be34f2a465d69432ca5541 https://git.kernel.org/stable/c/03e79de4608bdd48ad6eec272e196124cefaf798 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in state_show() state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. This allows a use-after-free race: CPU 0 CPU 1 —– —– state_show() damon_sysfs_turn_damon_on() ctx = kdamond->damon_ctx; mutex_lock(&damon_sysfs_lock); damon_destroy_ctx(kdamond->damon_ctx); kdamond->damon_ctx = NULL; mutex_unlock(&damon_sysfs_lock); damon_is_running(ctx); /* ctx is freed */ mutex_lock(&ctx->kdamond_lock); /* UAF */ (The race can also occur with damon_sysfs_kdamonds_rm_dirs() and damon_sysfs_kdamond_release(), which free or replace the context under damon_sysfs_lock.) Fix by taking damon_sysfs_lock before dereferencing the context, mirroring the locking used in pid_show(). The bug has existed since state_show() first accessed kdamond->damon_ctx. | 2025-09-23 | not yet calculated | CVE-2025-39877 | https://git.kernel.org/stable/c/3858c44341ad49dc7544b19cc9f9ecffaa7cc50e https://git.kernel.org/stable/c/60d7a3d2b985a395318faa1d88da6915fad11c19 https://git.kernel.org/stable/c/26d29b2ac87a2989071755f9828ebf839b560d4c https://git.kernel.org/stable/c/4e87f461d61959647464a94d11ae15c011be58ce https://git.kernel.org/stable/c/3260a3f0828e06f5f13fac69fb1999a6d60d9cff |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit ce80b76dd327 (“ceph: introduce ceph_process_folio_batch() method”) by moving code from ceph_writepages_start() to this function. This new function is supposed to return an error code which is checked by the caller (now ceph_process_folio_batch()), and on error, the caller invokes redirty_page_for_writepage() and then breaks from the loop. However, the refactoring commit has gone wrong, and it by accident, it always returns 0 (= success) because it first NULLs the pointer and then returns PTR_ERR(NULL) which is always 0. This means errors are silently ignored, leaving NULL entries in the page array, which may later crash the kernel. The simple solution is to call PTR_ERR() before clearing the pointer. | 2025-09-23 | not yet calculated | CVE-2025-39878 | https://git.kernel.org/stable/c/dd1616ecbea920d228c56729461ed223cc501425 https://git.kernel.org/stable/c/249e0a47cdb46bb9eae65511c569044bd8698d7d |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ceph: always call ceph_shift_unused_folios_left() The function ceph_process_folio_batch() sets folio_batch entries to NULL, which is an illegal state. Before folio_batch_release() crashes due to this API violation, the function ceph_shift_unused_folios_left() is supposed to remove those NULLs from the array. However, since commit ce80b76dd327 (“ceph: introduce ceph_process_folio_batch() method”), this shifting doesn’t happen anymore because the “for” loop got moved to ceph_process_folio_batch(), and now the `i` variable that remains in ceph_writepages_start() doesn’t get incremented anymore, making the shifting effectively unreachable much of the time. Later, commit 1551ec61dc55 (“ceph: introduce ceph_submit_write() method”) added more preconditions for doing the shift, replacing the `i` check (with something that is still just as broken): – if ceph_process_folio_batch() fails, shifting never happens – if ceph_move_dirty_page_in_page_array() was never called (because ceph_process_folio_batch() has returned early for some of various reasons), shifting never happens – if `processed_in_fbatch` is zero (because ceph_process_folio_batch() has returned early for some of the reasons mentioned above or because ceph_move_dirty_page_in_page_array() has failed), shifting never happens Since those two commits, any problem in ceph_process_folio_batch() could crash the kernel, e.g. this way: BUG: kernel NULL pointer dereference, address: 0000000000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) – not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] SMP NOPTI CPU: 172 UID: 0 PID: 2342707 Comm: kworker/u778:8 Not tainted 6.15.10-cm4all1-es #714 NONE Hardware name: Dell Inc. PowerEdge R7615/0G9DHV, BIOS 1.6.10 12/08/2023 Workqueue: writeback wb_workfn (flush-ceph-1) RIP: 0010:folios_put_refs+0x85/0x140 Code: 83 c5 01 39 e8 7e 76 48 63 c5 49 8b 5c c4 08 b8 01 00 00 00 4d 85 ed 74 05 41 8b 44 ad 00 48 8b 15 b0 > RSP: 0018:ffffb880af8db778 EFLAGS: 00010207 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000003 RDX: ffffe377cc3b0000 RSI: 0000000000000000 RDI: ffffb880af8db8c0 RBP: 0000000000000000 R08: 000000000000007d R09: 000000000102b86f R10: 0000000000000001 R11: 00000000000000ac R12: ffffb880af8db8c0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff9bd262c97000 FS: 0000000000000000(0000) GS:ffff9c8efc303000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000034 CR3: 0000000160958004 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ceph_writepages_start+0xeb9/0x1410 The crash can be reproduced easily by changing the ceph_check_page_before_write() return value to `-E2BIG`. (Interestingly, the crash happens only if `huge_zero_folio` has already been allocated; without `huge_zero_folio`, is_huge_zero_folio(NULL) returns true and folios_put_refs() skips NULL entries instead of dereferencing them. That makes reproducing the bug somewhat unreliable. See https://lore.kernel.org/20250826231626.218675-1-max.kellermann@ionos.com for a discussion of this detail.) My suggestion is to move the ceph_shift_unused_folios_left() to right after ceph_process_folio_batch() to ensure it always gets called to fix up the illegal folio_batch state. | 2025-09-23 | not yet calculated | CVE-2025-39879 | https://git.kernel.org/stable/c/289b6615cf553d98509a9b273195d9936da1cfb2 https://git.kernel.org/stable/c/cce7c15faaac79b532a07ed6ab8332280ad83762 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member without checking that the union member is active (i.e. msgr1 is in use). On 64-bit systems, con->v1.auth_retry overlaps with con->v2.out_iter, so such a read is almost guaranteed to return a bogus value instead of 0 when msgr2 is in use. This ends up being fairly benign because the side effect is just the invalidation of the authorizer and successive fetching of new tickets. con->v1.connect_seq overlaps with con->v2.conn_bufs and the fact that it’s being written to can cause more serious consequences, but luckily it’s not something that happens often. | 2025-09-23 | not yet calculated | CVE-2025-39880 | https://git.kernel.org/stable/c/591ea9c30737663a471b2bb07b27ddde86b020d5 https://git.kernel.org/stable/c/23538cfbeed87159a5ac6c61e7a6de3d8d4486a8 https://git.kernel.org/stable/c/35dbbc3dbf8bccb2d77c68444f42c1e6d2d27983 https://git.kernel.org/stable/c/6bd8b56899be0b514945f639a89ccafb8f8dfaef https://git.kernel.org/stable/c/cdbc9836c7afadad68f374791738f118263c5371 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure Stall Information) monitoring mechanism: BUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140 Read of size 8 at addr ffff3de3d50bd308 by task systemd/1 psi_trigger_poll+0x3c/0x140 cgroup_pressure_poll+0x70/0xa0 cgroup_file_poll+0x8c/0x100 kernfs_fop_poll+0x11c/0x1c0 ep_item_poll.isra.0+0x188/0x2c0 Allocated by task 1: cgroup_file_open+0x88/0x388 kernfs_fop_open+0x73c/0xaf0 do_dentry_open+0x5fc/0x1200 vfs_open+0xa0/0x3f0 do_open+0x7e8/0xd08 path_openat+0x2fc/0x6b0 do_filp_open+0x174/0x368 Freed by task 8462: cgroup_file_release+0x130/0x1f8 kernfs_drain_open_files+0x17c/0x440 kernfs_drain+0x2dc/0x360 kernfs_show+0x1b8/0x288 cgroup_file_show+0x150/0x268 cgroup_pressure_write+0x1dc/0x340 cgroup_file_write+0x274/0x548 Reproduction Steps: 1. Open test/cpu.pressure and establish epoll monitoring 2. Disable monitoring: echo 0 > test/cgroup.pressure 3. Re-enable monitoring: echo 1 > test/cgroup.pressure The race condition occurs because: 1. When cgroup.pressure is disabled (echo 0 > cgroup.pressure), it: – Releases PSI triggers via cgroup_file_release() – Frees of->priv through kernfs_drain_open_files() 2. While epoll still holds reference to the file and continues polling 3. Re-enabling (echo 1 > cgroup.pressure) accesses freed of->priv epolling disable/enable cgroup.pressure fd=open(cpu.pressure) while(1) … epoll_wait kernfs_fop_poll kernfs_get_active = true echo 0 > cgroup.pressure … cgroup_file_show kernfs_show // inactive kn kernfs_drain_open_files cft->release(of); kfree(ctx); … kernfs_get_active = false echo 1 > cgroup.pressure kernfs_show kernfs_activate_one(kn); kernfs_fop_poll kernfs_get_active = true cgroup_file_poll psi_trigger_poll // UAF … end: close(fd) To address this issue, introduce kernfs_get_active_of() for kernfs open files to obtain active references. This function will fail if the open file has been released. Replace kernfs_get_active() with kernfs_get_active_of() to prevent further operations on released file descriptors. | 2025-09-23 | not yet calculated | CVE-2025-39881 | https://git.kernel.org/stable/c/34d9cafd469c69ad85e6a36b4303c78382cf5c79 https://git.kernel.org/stable/c/854baafc00c433cccbe0ab4231b77aeb9b637b77 https://git.kernel.org/stable/c/7e64474aba78d240f7804f48f2d454dcca78b15f https://git.kernel.org/stable/c/ac5cda4fae8818cf1963317bb699f7f2f85b60af https://git.kernel.org/stable/c/3c9ba2777d6c86025e1ba4186dc5cd930e40ec5f |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The for_each_child_of_node() helper drops the reference it takes to each node as it iterates over children and an explicit of_node_put() is only needed when exiting the loop early. Drop the recently introduced bogus additional reference count decrement at each iteration that could potentially lead to a use-after-free. | 2025-09-23 | not yet calculated | CVE-2025-39882 | https://git.kernel.org/stable/c/b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d https://git.kernel.org/stable/c/b58a26cdd4795c1ce6a80e38e9348885555dacd6 https://git.kernel.org/stable/c/c4901802ed1ce859242e10af06e6a7752cba0497 https://git.kernel.org/stable/c/4de37a48b6b58faaded9eb765047cf0d8785ea18 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include/linux/page-flags.h:616! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40 RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Call Trace: <TASK> unpoison_memory+0x2f3/0x590 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xd5/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f08f0314887 RSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887 RDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001 RBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 R13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00 </TASK> Modules linked in: hwpoison_inject —[ end trace 0000000000000000 ]— RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Kernel panic – not syncing: Fatal exception Kernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) —[ end Kernel panic – not syncing: Fatal exception ]— The root cause is that unpoison_memory() tries to check the PG_HWPoison flags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is triggered. This can be reproduced by below steps: 1.Offline memory block: echo offline > /sys/devices/system/memory/memory12/state 2.Get offlined memory pfn: page-types -b n -rlN 3.Write pfn to unpoison-pfn echo <pfn> > /sys/kernel/debug/hwpoison/unpoison-pfn This scenario can be identified by pfn_to_online_page() returning NULL. And ZONE_DEVICE pages are never expected, so we can simply fail if pfn_to_online_page() == NULL to fix the bug. | 2025-09-23 | not yet calculated | CVE-2025-39883 | https://git.kernel.org/stable/c/e4ec6def5643a1c9511115b3884eb879572294c6 https://git.kernel.org/stable/c/3d278e89c2ea62b1aaa4b0d8a9766a35b3a3164a https://git.kernel.org/stable/c/7618fd443aa4cfa553a64cacf5721581653ee7b0 https://git.kernel.org/stable/c/63a327a2375a8ce7a47dec5aaa4d8a9ae0a00b96 https://git.kernel.org/stable/c/d613f53c83ec47089c4e25859d5e8e0359f6f8da |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix subvolume deletion lockup caused by inodes xarray race There is a race condition between inode eviction and inode caching that can cause a live struct btrfs_inode to be missing from the root->inodes xarray. Specifically, there is a window during evict() between the inode being unhashed and deleted from the xarray. If btrfs_iget() is called for the same inode in that window, it will be recreated and inserted into the xarray, but then eviction will delete the new entry, leaving nothing in the xarray: Thread 1 Thread 2 ————————————————————— evict() remove_inode_hash() btrfs_iget_path() btrfs_iget_locked() btrfs_read_locked_inode() btrfs_add_inode_to_root() destroy_inode() btrfs_destroy_inode() btrfs_del_inode_from_root() __xa_erase In turn, this can cause issues for subvolume deletion. Specifically, if an inode is in this lost state, and all other inodes are evicted, then btrfs_del_inode_from_root() will call btrfs_add_dead_root() prematurely. If the lost inode has a delayed_node attached to it, then when btrfs_clean_one_deleted_snapshot() calls btrfs_kill_all_delayed_nodes(), it will loop forever because the delayed_nodes xarray will never become empty (unless memory pressure forces the inode out). We saw this manifest as soft lockups in production. Fix it by only deleting the xarray entry if it matches the given inode (using __xa_cmpxchg()). | 2025-09-23 | not yet calculated | CVE-2025-39884 | https://git.kernel.org/stable/c/9ba898c9fcbe6ebb88bcd4df8aab0f90090d202e https://git.kernel.org/stable/c/f1498abaf74f8d7b1e7001f16ed77818d8ae6a59 https://git.kernel.org/stable/c/f6a6c280059c4ddc23e12e3de1b01098e240036f |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591 ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142 do_page_mkwrite+0x14d/0x310 mm/memory.c:3361 wp_page_shared mm/memory.c:3762 [inline] do_wp_page+0x268d/0x5800 mm/memory.c:3981 handle_pte_fault mm/memory.c:6068 [inline] __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364 do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline] RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline] RIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline] RIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26 Code: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89 f7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 <f3> a4 0f 1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41 RSP: 0018:ffffc9000403f950 EFLAGS: 00050256 RAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038 RDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060 RBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42 R10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098 R13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060 copy_to_user include/linux/uaccess.h:225 [inline] fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145 ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532 __do_sys_ioctl fs/ioctl.c:596 [inline] __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f13850fd9 RSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9 RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 RBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0 R13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b ocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since v2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the extent list of this running mmap executable. The user supplied buffer to hold the fiemap information page faults calling ocfs2_page_mkwrite() which will take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same semaphore. This recursive semaphore will hold filesystem locks and causes a hang of the fileystem. The ip_alloc_sem protects the inode extent list and size. Release the read semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap() and ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock on the last extent but simplifies the error path. | 2025-09-23 | not yet calculated | CVE-2025-39885 | https://git.kernel.org/stable/c/36054554772f95d090eb45793faf6aa3c0254b02 https://git.kernel.org/stable/c/0709bc11b942870fc0a7be150e42aea42321093a https://git.kernel.org/stable/c/1d3c96547ee2ddeaddf8f19a3ef99ea06cc8115e https://git.kernel.org/stable/c/9efcb7a8b97310efed995397941a292cf89fa94f https://git.kernel.org/stable/c/04100f775c2ea501927f508f17ad824ad1f23c8d |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Currently, calling bpf_map_kmalloc_node() from __bpf_async_init() can cause various locking issues; see the following stack trace (edited for style) as one example: … [10.011566] do_raw_spin_lock.cold [10.011570] try_to_wake_up (5) double-acquiring the same [10.011575] kick_pool rq_lock, causing a hardlockup [10.011579] __queue_work [10.011582] queue_work_on [10.011585] kernfs_notify [10.011589] cgroup_file_notify [10.011593] try_charge_memcg (4) memcg accounting raises an [10.011597] obj_cgroup_charge_pages MEMCG_MAX event [10.011599] obj_cgroup_charge_account [10.011600] __memcg_slab_post_alloc_hook [10.011603] __kmalloc_node_noprof … [10.011611] bpf_map_kmalloc_node [10.011612] __bpf_async_init [10.011615] bpf_timer_init (3) BPF calls bpf_timer_init() [10.011617] bpf_prog_xxxxxxxxxxxxxxxx_fcg_runnable [10.011619] bpf__sched_ext_ops_runnable [10.011620] enqueue_task_scx (2) BPF runs with rq_lock held [10.011622] enqueue_task [10.011626] ttwu_do_activate [10.011629] sched_ttwu_pending (1) grabs rq_lock … The above was reproduced on bpf-next (b338cf849ec8) by modifying ./tools/sched_ext/scx_flatcg.bpf.c to call bpf_timer_init() during ops.runnable(), and hacking the memcg accounting code a bit to make a bpf_timer_init() call more likely to raise an MEMCG_MAX event. We have also run into other similar variants (both internally and on bpf-next), including double-acquiring cgroup_file_kn_lock, the same worker_pool::lock, etc. As suggested by Shakeel, fix this by using __GFP_HIGH instead of GFP_ATOMIC in __bpf_async_init(), so that e.g. if try_charge_memcg() raises an MEMCG_MAX event, we call __memcg_memory_event() with @allow_spinning=false and avoid calling cgroup_file_notify() there. Depends on mm patch “memcg: skip cgroup_file_notify if spinning is not allowed”: https://lore.kernel.org/bpf/20250905201606.66198-1-shakeel.butt@linux.dev/ v0 approach s/bpf_map_kmalloc_node/bpf_mem_alloc/ https://lore.kernel.org/bpf/20250905061919.439648-1-yepeilin@google.com/ v1 approach: https://lore.kernel.org/bpf/20250905234547.862249-1-yepeilin@google.com/ | 2025-09-23 | not yet calculated | CVE-2025-39886 | https://git.kernel.org/stable/c/449682e76f32601f211816d3e2100bed87e67a4c https://git.kernel.org/stable/c/cd1fd26bb13473c1734e3026b2b97025a0a4087b https://git.kernel.org/stable/c/ac70cd446f83ccb25532b343919ab86eacdcd06a https://git.kernel.org/stable/c/6d78b4473cdb08b74662355a9e8510bde09c511e |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmap_parselist() A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm: osnoise_cpus Not tainted 6.17.0-rc4-00201-gd69eb204c255 #138 PREEMPT(voluntary) RIP: 0010:bitmap_parselist+0x53/0x3e0 Call Trace: <TASK> osnoise_cpus_write+0x7a/0x190 vfs_write+0xf8/0x410 ? do_sys_openat2+0x88/0xd0 ksys_write+0x60/0xd0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> This issue can be reproduced by below code: fd=open(“/sys/kernel/debug/tracing/osnoise/cpus”, O_WRONLY); write(fd, “0-2”, 0); When user pass ‘count=0’ to osnoise_cpus_write(), kmalloc() will return ZERO_SIZE_PTR (16) and cpulist_parse() treat it as a normal value, which trigger the null pointer dereference. Add check for the parameter ‘count’. | 2025-09-23 | not yet calculated | CVE-2025-39887 | https://git.kernel.org/stable/c/e33228a2cc7ff706ca88533464e8a3b525b961ed https://git.kernel.org/stable/c/c1628c00c4351dd0727ef7f670694f68d9e663d8 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns. | 2025-09-23 | not yet calculated | CVE-2025-39888 | https://git.kernel.org/stable/c/623719227b114d73a2cee45f1b343ced63ce09ec https://git.kernel.org/stable/c/9d81ba6d49a7457784f0b6a71046818b86ec7e44 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder – Invalid Encryption Key Size – 128 bit This tests the security key with size from 1 to 15 bytes while the Security Mode 4 Level 4 requests 16 bytes key size. Currently PTS fails with the following logs: – expected:Connection Response: Code: [3 (0x03)] Code Identifier: (lt)WildCard: Exists(gt) Length: [8 (0x0008)] Destination CID: (lt)WildCard: Exists(gt) Source CID: [64 (0x0040)] Result: [3 (0x0003)] Connection refused – Security block Status: (lt)WildCard: Exists(gt), but received:Connection Response: Code: [3 (0x03)] Code Identifier: [1 (0x01)] Length: [8 (0x0008)] Destination CID: [64 (0x0040)] Source CID: [64 (0x0040)] Result: [0 (0x0000)] Connection Successful Status: [0 (0x0000)] No further information available And HCI logs: < HCI Command: Read Encrypti.. (0x05|0x0008) plen 2 Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.) > HCI Event: Command Complete (0x0e) plen 7 Read Encryption Key Size (0x05|0x0008) ncmd 1 Status: Success (0x00) Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.) Key size: 7 > ACL Data RX: Handle 14 flags 0x02 dlen 12 L2CAP: Connection Request (0x02) ident 1 len 4 PSM: 4097 (0x1001) Source CID: 64 < ACL Data TX: Handle 14 flags 0x00 dlen 16 L2CAP: Connection Response (0x03) ident 1 len 8 Destination CID: 64 Source CID: 64 Result: Connection successful (0x0000) Status: No further information available (0x0000) | 2025-09-24 | not yet calculated | CVE-2025-39889 | https://git.kernel.org/stable/c/24b2cdfc16e9bd6ab3d03b8e01c590755bd3141f https://git.kernel.org/stable/c/c6d527bbd3d3896375079f5dbc8b7f96734a3ba5 https://git.kernel.org/stable/c/9e3114958d87ea88383cbbf38c89e04b8ea1bce5 https://git.kernel.org/stable/c/d49798ecd26e0ee7995a7fc1e90ca5cd9b4402d6 https://git.kernel.org/stable/c/d4ca2fd218caafbf50e3343ba1260c6a23b5676a https://git.kernel.org/stable/c/522e9ed157e3c21b4dd623c79967f72c21e45b78 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps is not freed in the failure case, causing a memory leak. The following trace is observed in kmemleak: unreferenced object 0xffff8b3eb5789c00 (size 1024): comm “softirq”, pid 0, jiffies 4294942577 hex dump (first 32 bytes): 00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 …………{… 01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00 ………….8.. backtrace (crc 44e1c357): __kmalloc_noprof+0x30b/0x410 ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k] ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k] ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k] ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k] ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k] ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k] ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k] ath12k_ce_recv_process_cb+0x218/0x300 [ath12k] ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k] process_one_work+0x219/0x680 bh_worker+0x198/0x1f0 tasklet_action+0x13/0x30 handle_softirqs+0xca/0x460 __irq_exit_rcu+0xbe/0x110 irq_exit_rcu+0x9/0x30 Free svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 | 2025-09-24 | not yet calculated | CVE-2025-39890 | https://git.kernel.org/stable/c/99dbad1b01d3b2f361a9db55c1af1212be497a3d https://git.kernel.org/stable/c/3a392f874ac83a77ad0e53eb8aafdbeb787c9298 https://git.kernel.org/stable/c/1089f65b2de78c7837ef6b4f26146a5a5b0b9749 https://git.kernel.org/stable/c/89142d34d5602c7447827beb181fa06eb08b9d5c |
| Nedatec Consulting–Prevengos | SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”. | 2025-09-25 | not yet calculated | CVE-2025-40698 | https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-prevengos-nedatec-consulting |
| Ericsson–Indoor Connect 8855 | Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification of of user and configuration data. It may also be possible to execute commands with escalated privileges, impact service availability, as well as modify system files and configuration data. | 2025-09-25 | not yet calculated | CVE-2025-40836 | https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 |
| Ericsson–Indoor Connect 8855 | Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. | 2025-09-25 | not yet calculated | CVE-2025-40837 | https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 |
| Ericsson–Indoor Connect 8855 | Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of user accounts. | 2025-09-25 | not yet calculated | CVE-2025-40838 | https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 |
| Liferay–Portal | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user’s browser. | 2025-09-24 | not yet calculated | CVE-2025-43779 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43779 |
| Liferay–Portal | Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via the REST APIs. | 2025-09-22 | not yet calculated | CVE-2025-43806 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43806 |
| Liferay–Portal | Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field. | 2025-09-22 | not yet calculated | CVE-2025-43807 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43807 |
| Liferay–Portal | Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter. | 2025-09-22 | not yet calculated | CVE-2025-43810 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43810 |
| Liferay–Portal | In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote authenticated users to obtain a user’s password reminder answer via the audit events. | 2025-09-22 | not yet calculated | CVE-2025-43814 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43814 |
| Liferay–Portal | A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint. | 2025-09-25 | not yet calculated | CVE-2025-43816 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816 |
| Liferay–Portal | A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old user session by SLO API | 2025-09-24 | not yet calculated | CVE-2025-43819 | https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43819 |
| https://2wcom[.]com — IP-4c 2.16 | In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. | 2025-09-22 | not yet calculated | CVE-2025-43953 | https://2wcom.com https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-43953 |
| pocketvj[.]com — pocketvj-cp-v3 | An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. | 2025-09-23 | not yet calculated | CVE-2025-45326 | https://github.com/magdesign/PocketVJ-CP-v3/releases/tag/release https://gist.github.com/mamdouhalrekabi-ops/3e230eb973101aa6ac7003427a723e29 |
| RTI–Connext Professional | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 2025-09-23 | not yet calculated | CVE-2025-4582 | https://www.rti.com/vulnerabilities/#cve-2025-4582 |
| Arandasoft[.]com – PassRecovery v1.0 | An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST request to /user/existdirectory/1. | 2025-09-26 | not yet calculated | CVE-2025-45994 | https://github.com/spoNge369/CVE/blob/main/CVE-2025-45994/README.md https://arandasoft.com/en/productos/password-recovery/ |
| PyTorch[.]org – PyTorch v2.6.0 and below | In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. | 2025-09-25 | not yet calculated | CVE-2025-46148 | https://github.com/pytorch/pytorch/issues/151198 https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093 https://github.com/pytorch/pytorch/pull/152993 https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a |
| PyTorch[.]org – PyTorch v2.6.0 and below | In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. | 2025-09-25 | not yet calculated | CVE-2025-46149 | https://github.com/pytorch/pytorch/issues/147848 https://github.com/pytorch/pytorch/pull/147961 https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a |
| PyTorch[.]org – PyTorch v2.6.0 and below | In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. | 2025-09-25 | not yet calculated | CVE-2025-46150 | https://github.com/pytorch/pytorch/issues/141538 https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658 https://github.com/pytorch/pytorch/pull/144395 https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a |
| PyTorch[.]org – PyTorch v2.6.0 and below | In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the “other” argument. | 2025-09-25 | not yet calculated | CVE-2025-46152 | https://github.com/pytorch/pytorch/issues/143555 https://github.com/pytorch/pytorch/pull/143635 https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a |
| PyTorch[.]org – PyTorch v3.7.0 and below | PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. | 2025-09-25 | not yet calculated | CVE-2025-46153 | https://github.com/pytorch/pytorch/issues/142853 https://github.com/pytorch/pytorch/pull/143460 https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a https://github.com/pytorch/pytorch/compare/v2.6.0…v2.7.0 https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. | 2025-09-22 | not yet calculated | CVE-2025-46711 | https://www.imaginationtech.com/gpu-driver-vulnerabilities/ |
| Go standard library–net/http | When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections. | 2025-09-22 | not yet calculated | CVE-2025-47910 | https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 |
| Apache Software Foundation–Apache IoTDB | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue. | 2025-09-24 | not yet calculated | CVE-2025-48392 | https://lists.apache.org/thread/1rn0637hptglmctf8cqd9425bj4q21td |
| Apache Software Foundation–Apache IoTDB | Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue. | 2025-09-24 | not yet calculated | CVE-2025-48459 | https://lists.apache.org/thread/mr84n19nv8d0bmcrfsj3mm5ff5qn4q2f |
| Stormshield Network Security – SNS and FW before 5.0.1 | An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing. | 2025-09-25 | not yet calculated | CVE-2025-48707 | https://advisories.stormshield.eu/2025-003/ |
| RTI–Connext Professional | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 2025-09-23 | not yet calculated | CVE-2025-4993 | https://www.rti.com/vulnerabilities/#cve-2025-4993 |
| Ubuntu 22.04.4 LTS — tcpreplay-4.5.1 | A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service. | 2025-09-23 | not yet calculated | CVE-2025-51005 | https://github.com/appneta/tcpreplay/issues/925 https://github.com/sy460129/CVE-2025-51005 |
| Ubuntu 22.04.4 LTS — tcpreplay-4.5.1 | Within tcpreplay’s tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. | 2025-09-22 | not yet calculated | CVE-2025-51006 | https://github.com/appneta/tcpreplay/issues/926 https://github.com/sy460129/CVE-2025-51006 |
| Pivotx[.]com – CMS v3.0.0 | Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field. | 2025-09-22 | not yet calculated | CVE-2025-52367 | http://pivotx.com https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3 |
| TOTOLINK–X6000R | Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | 2025-09-23 | not yet calculated | CVE-2025-52905 | https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0001/PANW-2025-0001.md |
| TOTOLINK–X6000R | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | 2025-09-24 | not yet calculated | CVE-2025-52906 | https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0002/PANW-2025-0002.md |
| TOTOLINK–X6000R | Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | 2025-09-24 | not yet calculated | CVE-2025-52907 | https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0003/PANW-2025-0003.md |
| AMD–Kintex 7-Series FPGA | Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. | 2025-09-24 | not yet calculated | CVE-2025-54520 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8018.html |
| Apache Software Foundation–Apache Airflow | Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a “write-only” model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option. This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior. Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4. | 2025-09-26 | not yet calculated | CVE-2025-54831 | https://lists.apache.org/thread/vblmfqtydrp5zgn2q8tj3slk5podxspf |
| Meta Platforms, Inc–Llama Stack | Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. | 2025-09-24 | not yet calculated | CVE-2025-55178 | https://www.facebook.com/security/advisories/cve-2025-55178 https://github.com/llamastack/llama-stack/pull/3281 https://github.com/llamastack/llama-stack/releases/tag/v0.2.20 |
| Drivelock[.]com – Drivelock v24.1.5, 24.2.5, 25.2.6, 25.1.2, 25.1.4 | In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges. | 2025-09-26 | not yet calculated | CVE-2025-55187 | https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/Aenderungen_Patch2.htm https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm |
| PyTorch[.]org – PyTorch v2.8.0 | An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | 2025-09-25 | not yet calculated | CVE-2025-55551 | https://github.com/pytorch/pytorch/issues/151401 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.8.0 | pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. | 2025-09-25 | not yet calculated | CVE-2025-55552 | https://github.com/pytorch/pytorch/issues/147847 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.7.0 | A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). | 2025-09-25 | not yet calculated | CVE-2025-55553 | https://github.com/pytorch/pytorch/issues/151432 https://github.com/pytorch/pytorch/pull/154645 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.8.0 | pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). | 2025-09-25 | not yet calculated | CVE-2025-55554 | https://github.com/pytorch/pytorch/issues/151510 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| TensorFlow[.]org — TensorFlow v2.18.0 | TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. | 2025-09-25 | not yet calculated | CVE-2025-55556 | https://github.com/tensorflow/tensorflow/issues/82317 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.7.0 | A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). | 2025-09-25 | not yet calculated | CVE-2025-55557 | https://github.com/pytorch/pytorch/issues/151738 https://github.com/pytorch/pytorch/pull/151931 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.7.0 | A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). | 2025-09-25 | not yet calculated | CVE-2025-55558 | https://github.com/pytorch/pytorch/issues/151523 https://github.com/pytorch/pytorch/pull/151887 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| TensorFlow[.]org — TensorFlow v2.18.0 | An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to ‘valid’ in tf.keras.layers.Conv2D. | 2025-09-25 | not yet calculated | CVE-2025-55559 | https://github.com/tensorflow/tensorflow/issues/84205 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| PyTorch[.]org – PyTorch v2.7.0 | An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. | 2025-09-25 | not yet calculated | CVE-2025-55560 | https://github.com/pytorch/pytorch/issues/151522 https://github.com/pytorch/pytorch/pull/151897 https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc |
| MUPDF[.]com — MuPDF 1.26.4 EPUB Rendering | A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain. | 2025-09-23 | not yet calculated | CVE-2025-55780 | https://bugs.ghostscript.com/show_bug.cgi?id=708720 https://github.com/ISH2YU/CVE-2025-55780/tree/main https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=bdd5d241748807378a78a622388e0312332513c5 |
| Wavlink[.]com — M86X3A_V240730 | Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system | 2025-09-26 | not yet calculated | CVE-2025-55847 | https://github.com/meigui637/iot_zone/blob/main/%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md |
| DLink – DIR-823 firmware 20250416 | An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by ‘&’to allow injection of reverse connection commands. | 2025-09-26 | not yet calculated | CVE-2025-55848 | https://www.dlink.com/en/security-bulletin/ https://github.com/meigui637/iot_zone/blob/main/%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md |
| Alpes[.]com — ARD GEC before v.2025-04-23 | SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php | 2025-09-22 | not yet calculated | CVE-2025-55885 | http://alpes.com http://ard.com https://services.ard.fr/index.php https://github.com/0xZeroSec/CVE-2025-55885 |
| n/a – ARD Insecure Direct Object Reference (IDOR) | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization. | 2025-09-22 | not yet calculated | CVE-2025-55886 | https://services.ard.fr https://github.com/0xZeroSec/CVE-2025-55886 |
| n/a–ARD Insecure Direct Object Reference (IDOR) | Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim. | 2025-09-22 | not yet calculated | CVE-2025-55887 | http://alpes.com http://ard.com https://services.ard.fr/index.php https://github.com/0xZeroSec/CVE-2025-55887 |
| n/a–ARD Ajax transaction manager | Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions. | 2025-09-22 | not yet calculated | CVE-2025-55888 | http://alpes.com http://ard.com https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager https://github.com/0xZeroSec/CVE-2025-55888 |
| PHPGurukul[.]com — PHPGurukul Park Ticketing Management System v2.0 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request. | 2025-09-22 | not yet calculated | CVE-2025-56074 | https://github.com/baixiaobi/Park/blob/main/foreigner-bwdates-reports-details.php%20SQL%20Injection.md |
| PHPGurukul[.]com — PHPGurukul Park Ticketing Management System v2.0 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request. | 2025-09-22 | not yet calculated | CVE-2025-56075 | https://github.com/baixiaobi/Park/blob/main/normal-bwdates-reports-details.php%20SQL%20%20Injection.md |
| Indian Bank IndSMART — IndSMART Android App 3.8.1 | Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. | 2025-09-23 | not yet calculated | CVE-2025-56146 | https://medium.com/@parvbajaj2000/cve-2025-56146-missing-ssl-certificate-validation-in-indian-bank-indsmart-android-app-9db200ac1c69 |
| Router-network[.]com — Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 | Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control of the router without authentication. | 2025-09-24 | not yet calculated | CVE-2025-56241 | https://www.exploit-db.com/exploits/52093 https://github.com/amirhosseinjamshidi64/Aztech-POC https://gist.github.com/amirhosseinjamshidi64/cca123a0dda5a17f3708ffc2dd2a7a45 |
| YzmCMS[.]com — YzmCMS thru 7.3 | Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page. | 2025-09-23 | not yet calculated | CVE-2025-56304 | http://yzmcms.com https://www.yzmcms.com/ https://gitee.com/cyjsyj/cve/wikis/CVE-2025-56304?sort_id=14635721 |
| Shenzhen C-Data Technology Co. — FD602GW-DX-R410 | In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability. | 2025-09-23 | not yet calculated | CVE-2025-56311 | https://github.com/wrathfulDiety/fd602gw-dx-r410-csrf-advisory https://github.com/wrathfulDiety/CVE-2025-56311 |
| Notepad-plus-plus[.]org — Notepad++ v8.8.3 | Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. | 2025-09-26 | not yet calculated | CVE-2025-56383 | https://github.com/notepad-plus-plus/notepad-plus-plus https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept |
| Ubuntu 22.04.3 LTS — free5GC Version: 4.0.1 | Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow. | 2025-09-23 | not yet calculated | CVE-2025-56394 | https://github.com/free5gc/free5gc/issues/690 https://gist.github.com/DDGod2025/532691e3e2db9b47c67c3d153c026e62 |
| mercusys[.]com — DMW305R(EU)_V3.30_1.11.2 Build 241223 | Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure. | 2025-09-26 | not yet calculated | CVE-2025-56463 | https://packetstormsecurity.com https://github.com/MatJosephs/CVEs/tree/main/CVE-2025-56463 |
| chinabugotech — chinabugotech hutool before 5.8. | An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class. | 2025-09-25 | not yet calculated | CVE-2025-56769 | https://github.com/chinabugotech/hutool/issues/3994 |
| n/a — Datart 1.0.0-rc.3 | Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name. | 2025-09-24 | not yet calculated | CVE-2025-56815 | https://github.com/running-elephant/datart/tags https://github.com/xiaoxiaoranxxx/CVE-2025-56815 |
| n/a — Datart 1.0.0-rc.3 | Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML’s unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE). | 2025-09-24 | not yet calculated | CVE-2025-56816 | https://github.com/running-elephant/datart https://github.com/xiaoxiaoranxxx/CVE-2025-56815 |
| n/a — Datart 1.0.0-rc.3 | An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. | 2025-09-24 | not yet calculated | CVE-2025-56819 | https://h2database.com/html/features.html#runscript https://github.com/h2database/h2database https://github.com/xyyzxc/CVE-2025-56819 |
| MagicProject AI – MagicProject v9.19.1 | MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a multipart/form-data POST request. Due to insufficient input sanitization, attackers can inject HTML-based JavaScript payloads. This payload is stored and rendered unsanitized in subsequent views, leading to execution in other users’ browsers when they access affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not implement a Content Security Policy (CSP) or adequate input filtering to prevent such attacks. A fix should include proper sanitization, output encoding, and strong CSP enforcement to mitigate exploitation. | 2025-09-22 | not yet calculated | CVE-2025-57203 | https://codecanyon.net/item/magicai-openai-content-text-image-chat-code-generator-as-saas/45408109 |
| Codecanyon[.]net – POS w/ Inventory Mgt & HRM v5 | Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted to the product-creation endpoint via a standard POST form. Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is stored and subsequently rendered unsanitized in downstream views, leading to JavaScript execution in other users’ browsers when they access the affected product pages. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially enabling session hijacking, privilege escalation within the application, data exfiltration, or administrative account takeover. The application also lacks a restrictive Content Security Policy (CSP), increasing exploitability. | 2025-09-22 | not yet calculated | CVE-2025-57204 | https://codecanyon.net/item/stockyultimate-inventory-management-system-with-pos/31445124 https://grumpz.net/cve-2025-57204-stored-xss-in-stocky-pos-with-inventory-management-and-hrm-ui-lib-50 |
| Codecanyon[.]net — iNiLabs School Express (SMS Express) 6.2 | iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/{id} endpoint (and similarly in Notice and Pages editors). Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is saved and later rendered unsanitized, resulting in JavaScript execution in other users’ browsers when they access the affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not enforce a restrictive Content Security Policy (CSP) or adequate filtering to prevent such attacks. | 2025-09-22 | not yet calculated | CVE-2025-57205 | https://codecanyon.net/item/inilabs-school-management-system-express/11630340 https://grumpz.net/cve-2025-57205-stored-xss-in-inilabs-school-express-62-sms-express |
| Todoist[.]com — Todoist v8484 | Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata. | 2025-09-26 | not yet calculated | CVE-2025-57292 | https://github.com/echoBRT/TodoistStoredXSS https://github.com/ASencerK/TodoistStoredXSS |
| npmjs[.]com — apidoc-core package version 0.15.0 | apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-25 | not yet calculated | CVE-2025-57317 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/apidoc-core%400.15.0/index.js https://github.com/OrangeShieldInfos/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57317 |
| n/a — Prototype Pollution toCsv function of csvjson thru 5.1.0 | A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57318 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/csvjson%405.1.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57318 |
| n/a — Prototype Pollution nestedRestore function of fast-redact 3.5.0 | fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. NOTE: the Supplier disputes this because the reporter only demonstrated access to properties by an internal utility function, and there is no means for achieving prototype pollution via the public API. | 2025-09-24 | not yet calculated | CVE-2025-57319 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/fast-redact%403.5.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57319 https://github.com/davidmarkclements/fast-redact/issues/75 |
| n/a — json-schema-editor-visual thru 1.1.1 | json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57320 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/json-schema-editor-visual%401.1.1/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57320 |
| n/a — magix-combine-ex versions thru 1.2.10 | A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57321 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/magix-combine-ex%401.2.10/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57321 |
| n/a — mpregular version 0.2.0 | mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57323 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/mpregular%400.2.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57323 |
| n/a — SingleInstanceStateController.initializeState function 5.3.0 | parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57324 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324 |
| n/a — rollbar v2.26.4 | rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57325 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/rollbar%402.26.4/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57325 |
| n/a — sassdoc-extras v2.5.1 | A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57326 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/sassdoc-extras%402.5.1/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57326 |
| n/a — spmrc version 1.2.0 | spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57327 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/spmrc%401.2.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57327 |
| n/a — toggle-array v1.0.1 | toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57328 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/toggle-array%401.0.1/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57328 |
| npmjs[.]com — web3-core-method version 1.10.4 | web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57329 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/web3-core-method%401.10.4/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57329 |
| npmjs[.]com — web3-core-method version 1.10.4 | The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | 2025-09-24 | not yet calculated | CVE-2025-57330 | https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/web3-core-subscriptions%401.10.4/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57330 |
| npmjs[.]com — ‘dagre-d3-es’ Node.js package version 7.0.9 | A vulnerability exists in the ‘dagre-d3-es’ Node.js package version 7.0.9, specifically within the ‘bk’ module’s addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., “__proto__”), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure. | 2025-09-24 | not yet calculated | CVE-2025-57347 | https://github.com/tbo47/dagre-es/issues/52 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57347 |
| n/a — node-cube package (prior to version 5.0.0) | The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package’s resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date. | 2025-09-24 | not yet calculated | CVE-2025-57348 | https://github.com/node-cube/cube/issues/153 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57348 |
| n/a — MessageFormat 2 specification for JavaScript | The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., __proto__ ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component. | 2025-09-24 | not yet calculated | CVE-2025-57349 | https://github.com/messageformat/messageformat/issues/452 |
| n/a — csvtojson package prior to 2.0.10 | The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file. | 2025-09-24 | not yet calculated | CVE-2025-57350 | https://github.com/Keyang/node-csvtojson/issues/498 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57350 |
| n/a — ts-fns package prior 13.0.7 | A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object’s prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library’s public API functions. This issue remains unaddressed in the latest available version. | 2025-09-24 | not yet calculated | CVE-2025-57351 | https://github.com/tangshuang/ts-fns/issues/36 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57351 |
| n/a — min-document prior to 2.19.0 | A vulnerability exists in the ‘min-document’ package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the __proto__ property, an attacker can manipulate the prototype chain of JavaScript objects, leading to denial of service or arbitrary code execution. This issue arises from insufficient validation of attribute namespace removal operations, allowing unintended modification of critical object prototypes. The vulnerability remains unaddressed in the latest available version. | 2025-09-24 | not yet calculated | CVE-2025-57352 | https://github.com/Raynos/min-document/issues/54 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57352 |
| n/a — messageformat package for Node.js prior to v3.0.1 | The Runtime components of messageformat package for Node.js prior to version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing specially crafted input. This can result in the injection of arbitrary properties into the Object.prototype, potentially leading to denial of service conditions or unexpected application behavior. The vulnerability allows attackers to alter the prototype of base objects, impacting all subsequent object instances throughout the application’s lifecycle. This issue remains unaddressed in the latest available version. | 2025-09-24 | not yet calculated | CVE-2025-57353 | https://github.com/messageformat/messageformat/issues/453 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57353 |
| n/a — ‘counterpart’ library for Node.js prior to 0.18.6 | A vulnerability exists in the ‘counterpart’ library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library’s translation functionality by supplying maliciously crafted keys containing prototype chain elements (e.g., __proto__ ), leading to prototype pollution. This weakness enables adversaries to inject arbitrary properties into the JavaScript Object prototype through the first parameter of the translate method when combined with specific separator configurations, potentially resulting in denial-of-service conditions or remote code execution in vulnerable applications. The issue arises from the library’s failure to properly validate or neutralize special characters in translation key inputs before processing. | 2025-09-24 | not yet calculated | CVE-2025-57354 | https://github.com/martinandert/counterpart/issues/54 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57354 |
| n/a — Admin Log Viewer of S-Cart prior to 10.0.3 | A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator’s browser when they view the security log page, which could lead to session hijacking or other malicious actions. | 2025-09-23 | not yet calculated | CVE-2025-57407 | https://github.com/s-cart/core/blob/7c9aa42761be5fd0131c61dbe2b5323beb96d5dd/src/Admin/Controllers/AdminLogController.php https://github.com/gp247net/core/releases/tag/1.1.24 |
| creacast[.]com — Creacast Creabox Manager 4.4.4 | Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. | 2025-09-22 | not yet calculated | CVE-2025-57430 | http://www.creacast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57430 |
| sound4[.]com — Sound4 PULSE-ECO AES67 v1.22 | The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | 2025-09-22 | not yet calculated | CVE-2025-57431 | https://www.sound4.com https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57431 |
| blackmagicdesign[.]com — Blackmagic Web Presenter version 3.3 | Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface. | 2025-09-22 | not yet calculated | CVE-2025-57432 | https://www.blackmagicdesign.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57432 |
| 2wcom[.]com — IP-4c 2.15.5 | The 2wcom IP-4c 2.15.5 device’s web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system’s security posture, as these hashes could be cracked offline, granting attackers administrative access to the device. | 2025-09-22 | not yet calculated | CVE-2025-57433 | https://www.2wcom.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57433 |
| Creatcast[.]com — Creacast Creabox Manager v4.4.4 | Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows. | 2025-09-22 | not yet calculated | CVE-2025-57434 | http://www.creacast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57434 |
| blackmagicdesign[.]com — Blackmagic Web Presenter version 3.3 | The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: – Model, version, and unique identifiers – Network settings including IP, MAC, DNS – Current stream platform, stream key, and streaming URL – Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance. | 2025-09-22 | not yet calculated | CVE-2025-57437 | https://www.blackmagicdesign.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57437 |
| 2wcom[.]com — IP-4c 2.15.5 | The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifying requests. | 2025-09-22 | not yet calculated | CVE-2025-57438 | https://www.2wcom.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57438 |
| Creatcast[.]com — Creacast Creabox Manager v4.4.4 | Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution. | 2025-09-22 | not yet calculated | CVE-2025-57439 | http://www.creacast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57439 |
| blackmagicdesign[.]com — Blackmagic ATEM Mini Pro 2.7 | The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the “ATEM Ethernet Protocol 1.0”, provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device – effectively gaining full remote control. | 2025-09-22 | not yet calculated | CVE-2025-57440 | https://www.blackmagicdesign.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57440 |
| blackmagicdesign[.]com — Blackmagic ATEM Mini Pro 2.7 | The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks. | 2025-09-22 | not yet calculated | CVE-2025-57441 | https://www.blackmagicdesign.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-57441 |
| lf-o-ran-sc.atlassian[.]net/browse/RIC-1073 — ric-plt-submgr | An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component. | 2025-09-25 | not yet calculated | CVE-2025-57446 | https://lf-o-ran-sc.atlassian.net/browse/RIC-1073 https://github.com/ting1197/vulnerability-research/tree/main/CVE-2025-57446 |
| AiKaan Cloud Controller – n/a | AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates “Open Remote Terminal” from the AiKaan dashboard, the controller sends this same static private key to the target device. The device then uses it to establish a reverse SSH tunnel to a remote access server, enabling browser-based SSH access for the administrator. Because the same `proxyuser` account and SSH key are reused across all customer environments: – An attacker who obtains the key (e.g., by intercepting it in transit, extracting it from the remote access server, or from a compromised admin account) can impersonate any managed device. – They can establish unauthorized reverse SSH tunnels and interact with devices without the owner’s consent. This is a design flaw in the authentication model: compromise of a single key compromises the trust boundary between the controller and devices. | 2025-09-22 | not yet calculated | CVE-2025-57601 | https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve1-shared-ssh-key.md |
| AiKaan IoT Manager — n/a | Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can lead to remote code execution, information disclosure, and privilege escalation across customer environments. | 2025-09-22 | not yet calculated | CVE-2025-57602 | https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuser-shell.md |
| AiKaan IoT Manager — n/a | Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department | 2025-09-22 | not yet calculated | CVE-2025-57605 | https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.md |
| Totolink[.]net – N600R v4.3.0 | A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. | 2025-09-25 | not yet calculated | CVE-2025-57623 | https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/CONTENT_LENGTH.md https://gist.github.com/z472421519/d17061ea79a72d39fe69c000fa1a6280 |
| n/a — libsmb2 6.2 | libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation. | 2025-09-25 | not yet calculated | CVE-2025-57632 | https://github.com/sahlberg/libsmb2 https://github.com/sahlberg/libsmb2/blob/master/lib/compat.c#L569 https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e |
| DLink – DI – 7100G Firmware C1 2020-02-21 | OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter “time”. | 2025-09-23 | not yet calculated | CVE-2025-57636 | https://www.dlink.com/en/security-bulletin/ https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_1.md |
| DLink – DI – 7100G Firmware C1 2020-02-21 | Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code. | 2025-09-23 | not yet calculated | CVE-2025-57637 | https://www.dlink.com/en/security-bulletin/ https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_2.md |
| Tenda – Tenda AC9 V1.0 | Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value. | 2025-09-23 | not yet calculated | CVE-2025-57638 | https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda1.md |
| Tenda – Tenda AC9 V1.0 | OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file. | 2025-09-23 | not yet calculated | CVE-2025-57639 | https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda2.md |
| papermark[.]com — Papermark 0.20.0 | Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the “POST /api/file/s3/get-presigned-get-url-proxy” API | 2025-09-22 | not yet calculated | CVE-2025-57682 | https://papermark.com/ https://github.com/mfts/papermark https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-57682 |
| b-link[.]net[.]cn — BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, BL-LTE300_DA4 V1.2.3 models | The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/set_serial_cfg interface to gain the highest level of device privileges without authorization, enabling them to remotely execute malicious commands. | 2025-09-22 | not yet calculated | CVE-2025-57685 | https://www.b-link.net.cn/ http://bl-ac2100.com https://github.com/mono7s/LB-Link/blob/main/bs_SetSerial.md |
| n/a — PiranhaCMS 12.0 | PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser. | 2025-09-26 | not yet calculated | CVE-2025-57692 | https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0 https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md |
| kata-containers–kata-containers | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0. | 2025-09-23 | not yet calculated | CVE-2025-58354 | https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0 |
| doxense[.]com — DOXENSE WATCHDOC prior to 6.1.1.5332 | In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface. | 2025-09-26 | not yet calculated | CVE-2025-58384 | https://update.doxense.com/ https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58384.htm |
| doxense[.]com — DOXENSE WATCHDOC prior to 6.1.1.5332 | In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data). | 2025-09-26 | not yet calculated | CVE-2025-58385 | https://update.doxense.com/ https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58385.htm |
| Apache Software Foundation–Apache ZooKeeper | Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.) | 2025-09-24 | not yet calculated | CVE-2025-58457 | https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx |
| Langfuse[.]com — Langfuse 3.1 | Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry. | 2025-09-24 | not yet calculated | CVE-2025-59305 | https://depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study |
| mafintosh–tar-fs | tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. | 2025-09-24 | not yet calculated | CVE-2025-59343 | https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 |
| Squid Web Proxy Cache — Version 7.1 | Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | 2025-09-26 | not yet calculated | CVE-2025-59362 | https://github.com/squid-cache/squid/pull/2149 https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md |
| Flock Safety Bravo Edge Compute Device – n/a | Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls. | 2025-09-25 | not yet calculated | CVE-2025-59402 | https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf https://www.flocksafety.com/products https://www.flocksafety.com/products/license-plate-readers https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ |
| Flock Safety Bravo Edge Compute Device – n/a | Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions. | 2025-09-25 | not yet calculated | CVE-2025-59404 | https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf https://www.flocksafety.com/products https://www.flocksafety.com/products/license-plate-readers https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ |
| Flock Safety Bravo Edge Compute Device – n/a | Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections. | 2025-09-25 | not yet calculated | CVE-2025-59408 | https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf https://www.flocksafety.com/products https://www.flocksafety.com/products/license-plate-readers https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ |
| langgenius–dify | Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other users chats, if they know the conversation_id. This impacts the confidentiality of chats. This issue has been patched in version 1.9.0. | 2025-09-25 | not yet calculated | CVE-2025-59422 | https://github.com/langgenius/dify/security/advisories/GHSA-jg5j-c9pq-w894 https://github.com/langgenius/dify/commit/b2d8a7eaf1693841411934e2056042845ab4f354 |
| ongres–scram | SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted. This vulnerability has been patched in version 3.1 by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison. | 2025-09-22 | not yet calculated | CVE-2025-59432 | https://github.com/ongres/scram/security/advisories/GHSA-3wfh-36rx-9537 https://github.com/ongres/scram/commit/f04975680d4a67bc84cc6c61bbffd5186223e2e2 https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D) |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0. | 2025-09-24 | not yet calculated | CVE-2025-59524 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0. | 2025-09-24 | not yet calculated | CVE-2025-59525 | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 |
| eladnava–mailgen | mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email). | 2025-09-22 | not yet calculated | CVE-2025-59526 | https://github.com/eladnava/mailgen/security/advisories/GHSA-j2xj-h7w5-r7vp https://github.com/eladnava/mailgen/commit/741a0190ddae0f408b22ae3b5f0f4c3f5cf4f11d |
| openai–codex | Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions – this did not impact the network-disabled sandbox restriction. This issue has been patched in Codex CLI 0.39.0 that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, and not the one generated by the model. Users running 0.38.0 or earlier should update immediately via their package manager or by reinstalling the latest Codex CLI to ensure sandbox boundaries are enforced. If using the Codex IDE extension, users should immediately update to 0.4.12 for a fix of the sandbox issue. | 2025-09-22 | not yet calculated | CVE-2025-59532 | https://github.com/openai/codex/security/advisories/GHSA-w5fx-fh39-j5rw https://github.com/openai/codex/commit/8595237505a1e0faabc2af3db805b66ce3ae182d https://github.com/openai/codex/releases/tag/rust-v0.39.0 |
| dnnsoftware–Dnn.Platform | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in version 10.1.0. | 2025-09-23 | not yet calculated | CVE-2025-59548 | https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-5fj9-542v-w4rq |
| http4s–http4s | Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31. | 2025-09-23 | not yet calculated | CVE-2025-59822 | https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr https://github.com/http4s/http4s/commit/dd518f7c967e5165813b8d4a48a82b8fab852d41 |
| gardener–gardener-extension-provider-aws | Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP providers prior to version 1.46.0. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This affects all Gardener installations where Terraformer is used/can be enabled for infrastructure provisioning with any of the affected components. This issue has been patched in Gardener Extensions for AWS providers version 1.64.0, Azure providers version 1.55.0, OpenStack providers version 1.49.0, and GCP providers version 1.46.0. | 2025-09-25 | not yet calculated | CVE-2025-59823 | https://github.com/gardener/gardener-extension-provider-aws/security/advisories/GHSA-227x-7mh8-3cf6 https://github.com/gardener/gardener-extension-provider-aws/releases/tag/v1.64.0 https://github.com/gardener/gardener-extension-provider-azure/releases/tag/v1.55.0 https://github.com/gardener/gardener-extension-provider-gcp/releases/tag/v1.46.0 https://github.com/gardener/gardener-extension-provider-openstack/releases/tag/v1.49.0 |
| siderolabs–omni | Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access. The WireGuard interface on Omni is configured to ensure that the source IP address of an incoming packet matches the IPv6 address assigned to the Talos peer. However, it performs no validation on the packet’s destination address. The Talos end of the SideroLink connection cannot be considered a trusted environment. Workloads running on Kubernetes, especially those configured with host networking, could gain direct access to this link. Therefore, a malicious workload could theoretically send arbitrary packets over the SideroLink interface. This issue has been patched in version 0.48.0. | 2025-09-24 | not yet calculated | CVE-2025-59824 | https://github.com/siderolabs/omni/security/advisories/GHSA-hqrf-67pm-wgfq https://github.com/siderolabs/omni/commit/a5efd816a239e6c9e5ea7c0d43c02c04504d7b60 |
| astral-sh–tokio-tar | astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, the Entry::allow_external_symlinks control (which defaults to true) could be bypassed via a pair of symlinks that individually point within the destination but combine to point outside of it. These behaviors could be used individually or combined to bypass the intended security control of limiting extraction to the given directory. This in turn would allow an attacker with a malicious tar archive to perform an arbitrary file write and potentially pivot into code execution. This issue has been patched in version 0.5.4. There is no workaround other than upgrading. | 2025-09-23 | not yet calculated | CVE-2025-59825 | https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3wgq-wrwc-vqmv https://github.com/astral-sh/uv/issues/12163 https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75 |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0. | 2025-09-24 | not yet calculated | CVE-2025-59827 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79 |
| anthropics–claude-code | Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn –version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. | 2025-09-24 | not yet calculated | CVE-2025-59828 | https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4 |
| snowyu–git-commiters.js | git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library’s primary exported API: gitCommiters(options, callback) which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not sanitize for user input or practice secure process execution API to separate commands from their arguments and as such, uncontrolled user input is concatenated into command execution. This issue has been patched in version 0.1.2. | 2025-09-25 | not yet calculated | CVE-2025-59831 | https://github.com/snowyu/git-commiters.js/security/advisories/GHSA-g38c-wxjf-xrh6 https://github.com/snowyu/git-commiters.js/commit/7f0abfedbf506e3a61ac875d91324a8dbe756e84 |
| monkeytypegame–monkeytype | Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been patched via commit f025b12. | 2025-09-25 | not yet calculated | CVE-2025-59838 | https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-j4xx-fww5-774w https://github.com/monkeytypegame/monkeytype/commit/f025b121cbe437e29de432b4aa72e0de22c755b7 |
| jupyterlab–jupyterlab | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if links generated by those extensions included target=_blank (no such extensions are known at time of writing) and they were to click on a link generated in LaTeX (typically visibly different from other links). This issue has been patched in version 4.4.8. | 2025-09-26 | not yet calculated | CVE-2025-59842 | https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The problem has been patched in FlagForge version 2.3.1. The fix removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.1 or later to eliminate exposure. There are no workarounds for this vulnerability. | 2025-09-26 | not yet calculated | CVE-2025-59843 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-qqjv-8r5p-7xpj |
| SonarSource–sonarqube-scan-action | SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially leading to exposure of sensitive environment variables and compromise of the runner environment. The vulnerability has been fixed in version 6.0.0. Users should upgrade to this version or later. | 2025-09-26 | not yet calculated | CVE-2025-59844 | https://github.com/SonarSource/sonarqube-scan-action/security/advisories/GHSA-5xq9-5g24-4g6f https://community.sonarsource.com/t/sonarqube-scanner-github-action-v6/149281 https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v6.0.0 |
| nearform–get-jwks | get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an unexpected issuer to be reused, resulting in a bypass of issuer validation. This design flaw enables a potential attack where a malicious actor crafts a pair of JWTs, the first one ensuring that a chosen public key is fetched and stored in the shared JWKS cache, and the second one leveraging that cached key to pass signature validation for a targeted iss value. The vulnerability will work only if the iss validation is done after the use of get-jwks for keys retrieval. This issue has been patched in version 11.0.2. | 2025-09-27 | not yet calculated | CVE-2025-59936 | https://github.com/nearform/get-jwks/security/advisories/GHSA-qc2q-qhf3-235m https://github.com/nearform/get-jwks/commit/1706a177a80a1759fe68e3339dc5a219ce03ddb9 |
| huggingface–huggingface/transformers | The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive. | 2025-09-23 | not yet calculated | CVE-2025-6921 | https://huntr.com/bounties/287d15a7-6e7c-45d2-8c05-11e305776f1f https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be |
| danny-avila–danny-avila/librechat | danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the ‘USER’ role to create agents despite having `CREATE: false` permission, as the check for `[‘USE’, ‘CREATE’]` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix. | 2025-09-23 | not yet calculated | CVE-2025-7106 | https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48 https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110 |
| run-llama–run-llama/llama_index | The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions. | 2025-09-27 | not yet calculated | CVE-2025-7647 | https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4 |
| Unknown–SureForms | The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks. | 2025-09-23 | not yet calculated | CVE-2025-8282 | https://wpscan.com/vulnerability/62680106-1313-4ef0-80a5-33e93b4221a1/ |
| RTI–Connext Professional | Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | 2025-09-23 | not yet calculated | CVE-2025-8410 | https://www.rti.com/vulnerabilities/#cve-2025-8410 |
| Python Packaging Authority–pip | When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn’t implement PEP 706. Note that upgrading pip to a “fixed” version for this vulnerability doesn’t fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip’s fallback implementation of tar extraction for Python versions that don’t implement PEP 706 and therefore are not secure to all vulnerabilities in the Python ‘tarfile’ module. If you’re using a Python version that implements PEP 706 then pip doesn’t use the “vulnerable” fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice. | 2025-09-24 | not yet calculated | CVE-2025-8869 | https://github.com/pypa/pip/pull/13550 https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/ |
| GE Vernova–S1 Agile Configuration Software | Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | 2025-09-22 | not yet calculated | CVE-2025-9038 | https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf |
| Unknown–Etsy Shop | The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | 2025-09-22 | not yet calculated | CVE-2025-9115 | https://wpscan.com/vulnerability/67721fa5-4d4f-468b-aa77-c406e68fcf17/ |
| Seagate–Toolkit | In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries. | 2025-09-26 | not yet calculated | CVE-2025-9267 | https://www.seagate.com/product-security/#security-advisories https://www.seagate.com/support/software/toolkit/ |
| Unknown–Admin and Site Enhancements (ASE) | The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads | 2025-09-22 | not yet calculated | CVE-2025-9487 | https://wpscan.com/vulnerability/b957b7c4-7a7c-497e-b8e4-499c821fb1b0/ |
| Viessmann–Vitogate 300 | An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the `/cgi-bin/vitogate.cgi` endpoint is affected, when the `form` JSON parameter is set to `form-0-2`. The vulnerability stems from the fact that that function at offset 0x21c24 does not properly sanitize supplied input before interpolating it into a format string which gets passed to `popen()`. Consequently, an authenticated attacker is able to inject arbitrary OS commands and thus gain code execution on affected devices. | 2025-09-23 | not yet calculated | CVE-2025-9494 | https://www.corporate.carrier.com/product-security/advisories-resources/ |
| Viessmann–Vitogate 300 | The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device. | 2025-09-23 | not yet calculated | CVE-2025-9495 | https://https://www.corporate.carrier.com/product-security/advisories-resources/ |
| Unknown–Markup Markdown | The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-09-22 | not yet calculated | CVE-2025-9540 | https://wpscan.com/vulnerability/79e606df-50a0-4639-b2d9-4a77111fd729/ |
| Unknown–Markup Markdown | The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-09-22 | not yet calculated | CVE-2025-9541 | https://wpscan.com/vulnerability/3828b320-9f7b-4a2a-a6b0-200b023d602c/ |
| Salesforce–Salesforce CLI | Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6. | 2025-09-23 | not yet calculated | CVE-2025-9844 | https://help.salesforce.com/s/articleView?id=005224301&type=1 |
| is-localhost-ip–is-localhost-ip | A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0. | 2025-09-22 | not yet calculated | CVE-2025-9960 | https://fluidattacks.com/advisories/registrada https://github.com/tinovyatkin/is-localhost-ip |
| Novakon–P series | A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2. | 2025-09-23 | not yet calculated | CVE-2025-9962 | https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ |
| Novakon–P series | A path traversal vulnerability in Novakon P series allows to expose the root file system “/” and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2. | 2025-09-23 | not yet calculated | CVE-2025-9963 | https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ |
| Novakon–P series | No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2. | 2025-09-23 | not yet calculated | CVE-2025-9964 | https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ |
| Novakon–P series | Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2. | 2025-09-23 | not yet calculated | CVE-2025-9965 | https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ |
| Novakon–P series | Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2. | 2025-09-23 | not yet calculated | CVE-2025-9966 | https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ |
| GALAYOU–G2 | GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera’s behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable. | 2025-09-22 | not yet calculated | CVE-2025-9983 | https://cert.pl/en/posts/2025/09/CVE-2025-9983 https://www.galayou-store.com/g2 |