High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| ABB–ABB Ability Edgenius | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | 2025-11-20 | 9.6 | CVE-2025-10571 | https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch   |
| AMD–AMD StoreMI | A DLL hijacking vulnerability in AMD StoreMIâ„¢ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2025-11-23 | 7.3 | CVE-2024-21922 | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4010.html   |
| AMD–AMD StoreMI | Incorrect default permissions in AMD StoreMIâ„¢ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2025-11-23 | 7.3 | CVE-2024-21923 | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4010.html   |
| appsbd–Vitepos Point of Sale (POS) for WooCommerce | The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when processing category images. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site’s server which makes remote code execution possible. | 2025-11-21 | 8.8 | CVE-2025-13156 | https://www.wordfence.com/threat-intel/vulnerabilities/id/bd478bb7-f0d7-4a29-8236-96ad69b5ae67?source=cve https://plugins.trac.wordpress.org/changeset/3398044   |
| Broadcom–BCM5820X | A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability. | 2025-11-17 | 8.7 | CVE-2025-31361 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2174   |
| Broadcom–BCM5820X | A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability. | 2025-11-17 | 8.7 | CVE-2025-31649 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2173   |
| Broadcom–BCM5820X | A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability. | 2025-11-17 | 8.8 | CVE-2025-32089 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2188   |
| Broadcom–BCM5820X | A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. | 2025-11-17 | 8.8 | CVE-2025-36553 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2189   |
| Broadcom–BCM5820X | Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 2 (`WBIO_USH_GET_IDENTITY`) with an improper `ReceiveBuferSize` value. | 2025-11-17 | 7.3 | CVE-2025-36460 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175   |
| Broadcom–BCM5820X | Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`. | 2025-11-17 | 7.3 | CVE-2025-36461 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175   |
| Broadcom–BCM5820X | Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 3 (`WBIO_USH_CREATE_CHALLENGE`) with an invalid `ReceiveBuferSize`. | 2025-11-17 | 7.3 | CVE-2025-36462 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175   |
| Broadcom–BCM5820X | Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`. | 2025-11-17 | 7.3 | CVE-2025-36463 | https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175   |
| bww–URL Image Importer | The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the ‘uimptr_import_image_from_url()’ function which writes the file to the server before performing proper validation. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible via the uploaded PHP file. | 2025-11-21 | 8.8 | CVE-2025-12138 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1da18430-1bd0-4f63-9e22-5d26de2be410?source=cve https://plugins.trac.wordpress.org/browser/url-image-importer/trunk/url-image-importer.php#L198 https://plugins.trac.wordpress.org/browser/url-image-importer/trunk/url-image-importer.php#L1319 https://plugins.trac.wordpress.org/browser/url-image-importer/trunk/url-image-importer.php#L1353 https://plugins.trac.wordpress.org/browser/url-image-importer/trunk/url-image-importer.php#L1358 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3395852%40url-image-importer&new=3395852%40url-image-importer&sfp_email=&sfph_mail=#file9   |
| Campcodes–Online Polling System | A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing manipulation of the argument myusername can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | 2025-11-23 | 7.3 | CVE-2025-13556 | VDB-333323 | Campcodes Online Polling System checklogin.php sql injection VDB-333323 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696614 | Campcodes Online Polling System V1.0 SQL Injection https://github.com/ProgramShowMaker/CVE/issues/2 https://www.campcodes.com/   |
| Campcodes–Online Polling System | A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-11-23 | 7.3 | CVE-2025-13557 | VDB-333324 | Campcodes Online Polling System registeracc.php sql injection VDB-333324 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696615 | Campcodes Online Polling System V1.0 SQL Injection https://github.com/ProgramShowMaker/CVE/issues/3 https://www.campcodes.com/   |
| Campcodes–Retro Basketball Shoes Online Store | A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | 2025-11-19 | 7.3 | CVE-2025-13410 | VDB-332937 | Campcodes Retro Basketball Shoes Online Store receipt.php sql injection VDB-332937 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #693696 | campcodes Retro Basketball Shoes Online Store V1.0 SQL injection https://github.com/laosijivul/cve/issues/3 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2025-11-17 | 7.3 | CVE-2025-13271 | VDB-332606 | Campcodes School Fees Payment Management System ajax.php sql injection VDB-332606 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690044 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/18 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Affected is an unknown function of the file /manage_course.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | 2025-11-17 | 7.3 | CVE-2025-13272 | VDB-332607 | Campcodes School Fees Payment Management System manage_course.php sql injection VDB-332607 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690046 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/19 https://www.campcodes.com/   |
| Campcodes–School File Management System | A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing manipulation of the argument stud_no results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. | 2025-11-23 | 7.3 | CVE-2025-13555 | VDB-333322 | Campcodes School File Management System Login index.php sql injection VDB-333322 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696516 | Campcodes School File Management System V1.0 SQL Injection https://github.com/arpcyber070/CVE/issues/4 https://www.campcodes.com/   |
| Campcodes–Supplier Management System | A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | 2025-11-17 | 7.3 | CVE-2025-13291 | VDB-332632 | Campcodes Supplier Management System confirm_order.php sql injection VDB-332632 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691620 | Campcodes Campcodes Supplier Management System V1.0 SQL Injection https://github.com/Fex212/CVE/issues/1 https://www.campcodes.com/   |
| Campcodes–Supplier Management System | A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-11-23 | 7.3 | CVE-2025-13554 | VDB-333321 | Campcodes Supplier Management System Login index.php sql injection VDB-333321 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696515 | Campcodes Supplier Management System V1.0 SQL Injection https://github.com/arpcyber060/CVE/issues/3 https://www.campcodes.com/   |
| Chunghwa Telecom–TenderDocTransfer | TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user’s system. | 2025-11-17 | 8.1 | CVE-2025-13282 | https://www.twcert.org.tw/tw/cp-132-10510-3719c-1.html https://www.twcert.org.tw/en/cp-139-10511-10f3a-2.html   |
| Chunghwa Telecom–TenderDocTransfer | TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user’s system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes. | 2025-11-17 | 7.1 | CVE-2025-13283 | https://www.twcert.org.tw/tw/cp-132-10510-3719c-1.html https://www.twcert.org.tw/en/cp-139-10511-10f3a-2.html   |
| code-projects–Nero Social Networking Site | A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | 2025-11-17 | 7.3 | CVE-2025-13277 | VDB-332612 | code-projects Nero Social Networking Site friendsphoto.php sql injection VDB-332612 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690140 | code-projects Nero Social Networking Site 1.0 SQL Injection https://github.com/daojian1/Nero-Social-Networking-Site-V1.0_004 https://code-projects.org/   |
| code-projects–Online Shop Project | A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | 2025-11-20 | 7.3 | CVE-2025-13449 | VDB-333019 | code-projects Online Shop Project login.php sql injection VDB-333019 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #694653 | SourceCodester Online Shop Project V1.0 SQL Injection https://github.com/xiaojuzirr/cve/issues/3 https://code-projects.org/   |
| code-projects–Simple Pizza Ordering System | A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-11-18 | 7.3 | CVE-2025-13323 | VDB-332662 | code-projects Simple Pizza Ordering System listorder.php sql injection VDB-332662 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691844 | code-projects Simple Pizza Ordering System 1.0 SQL Injection https://github.com/daojian1/Simple-Pizza-Ordering-System_V1.0_003 https://code-projects.org/   |
| CodeAstro–Simple Inventory System | A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-17 | 7.3 | CVE-2025-13280 | VDB-332615 | CodeAstro Simple Inventory System Login index.php sql injection VDB-332615 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691380 | codeastro Simple Inventory System V1.0 SQL Injection https://github.com/umu123456/cvesimpleInventorysystem/issues/1 https://codeastro.com/   |
| codehub666–94list | A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-11-19 | 7.3 | CVE-2025-13395 | VDB-332923 | codehub666 94list function.php login sql injection VDB-332923 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #692095 | github 94list (Current release) SQL Injection https://github.com/codehub666/94list/issues/63 https://github.com/codehub666/94list/issues/63#issue-3607918945   |
| codepeople–CP Contact Form with PayPal | The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the ‘cp_contactformpp_ipncheck’ query parameter) that processes payment confirmations without any authentication, nonce verification, or PayPal IPN signature validation. This makes it possible for unauthenticated attackers to mark form submissions as paid without making actual payments by sending forged payment notification requests with arbitrary POST data (payment_status, txn_id, payer_email). | 2025-11-22 | 7.5 | CVE-2025-13384 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6639c3d8-8f26-4ee5-8c4b-2efcf34668a2?source=cve https://plugins.trac.wordpress.org/browser/cp-contact-form-with-paypal/tags/1.3.56/cp_contactformpp_functions.php#L541 https://plugins.trac.wordpress.org/browser/cp-contact-form-with-paypal/tags/1.3.56/cp_contactformpp_functions.php#L877 https://plugins.trac.wordpress.org/browser/cp-contact-form-with-paypal/tags/1.3.56/cp_contactformpp_functions.php#L925 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399104%40cp-contact-form-with-paypal&new=3399104%40cp-contact-form-with-paypal&sfp_email=&sfph_mail=   |
| codesnippetspro–Code Snippets | The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin’s use of extract() on attacker-controlled shortcode attributes within the `evaluate_shortcode_from_flat_file` method, which can be used to overwrite the `$filepath` variable and subsequently passed to require_once. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server via the `[code_snippet]` shortcode using PHP filter chains granted they can trick an administrator into enabling the “Enable file-based execution” setting and creating at least one active Content snippet. | 2025-11-19 | 8 | CVE-2025-13035 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c7247c-2fc3-46ff-858e-2242b7211476?source=cve https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.8.1/php/front-end/class-front-end.php#L295 https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.8.1/php/front-end/class-front-end.php#L296 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3397635%40code-snippets%2Ftrunk&old=3395415%40code-snippets%2Ftrunk&sfp_email=&sfph_mail=#file23   |
| D-Link–DIR-822K | A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used. | 2025-11-23 | 8.8 | CVE-2025-13547 | VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption VDB-333314 | CTI Indicators (IOB, IOC, IOA) Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate) https://github.com/QIU-DIE/CVE/issues/30 https://github.com/QIU-DIE/CVE/issues/42 https://www.dlink.com/   |
| D-Link–DIR-822K | A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-11-23 | 8.8 | CVE-2025-13548 | VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow VDB-333315 | CTI Indicators (IOB, IOC, IOA) Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate) https://github.com/QIU-DIE/CVE/issues/31 https://github.com/QIU-DIE/CVE/issues/43 https://www.dlink.com/   |
| D-Link–DIR-822K | A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | 2025-11-23 | 8.8 | CVE-2025-13549 | VDB-333316 | D-Link DIR-822K formNtp sub_455524 buffer overflow VDB-333316 | CTI Indicators (IOB, IOC, IOA) Submit #693776 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow https://github.com/QIU-DIE/CVE/issues/32 https://www.dlink.com/   |
| D-Link–DIR-822K | A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-23 | 8.8 | CVE-2025-13550 | VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow VDB-333317 | CTI Indicators (IOB, IOC, IOA) Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate) https://github.com/QIU-DIE/CVE/issues/33 https://github.com/QIU-DIE/CVE/issues/47 https://www.dlink.com/   |
| D-Link–DIR-822K | A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | 2025-11-23 | 8.8 | CVE-2025-13551 | VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow VDB-333318 | CTI Indicators (IOB, IOC, IOA) Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate) https://github.com/QIU-DIE/CVE/issues/35 https://github.com/QIU-DIE/CVE/issues/46 https://www.dlink.com/   |
| D-Link–DIR-822K | A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | 2025-11-23 | 8.8 | CVE-2025-13552 | VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow VDB-333319 | CTI Indicators (IOB, IOC, IOA) Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate) https://github.com/QIU-DIE/CVE/issues/36 https://github.com/QIU-DIE/CVE/issues/44 https://www.dlink.com/   |
| D-Link–DIR-852 | A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-11-23 | 7.3 | CVE-2025-13562 | VDB-333327 | D-Link DIR-852 gena.cgi command injection VDB-333327 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #697063 | D-Link DIR-852 1.00 Command Injection https://github.com/YZS17/CVE/blob/main/DLink/DLink-DIR852/RCE2.md https://www.dlink.com/   |
| D-Link–DWR-M920 | A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-11-17 | 8.8 | CVE-2025-13304 | VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow VDB-332644 | CTI Indicators (IOB, IOC, IOA) Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate) Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate) Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate) Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate) https://github.com/LX-LX88/cve/issues/11 https://www.dlink.com/   |
| D-Link–DWR-M920 | A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-11-17 | 8.8 | CVE-2025-13305 | VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow VDB-332645 | CTI Indicators (IOB, IOC, IOA) Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate) Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate) Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate) Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate) https://github.com/LX-LX88/cve/issues/12 https://www.dlink.com/   |
| D-Link–DWR-M920 | A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-11-23 | 8.8 | CVE-2025-13553 | VDB-333320 | D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow VDB-333320 | CTI Indicators (IOB, IOC, IOA) Submit #695435 | D-Link DWR-M920 v1.1.50 Buffer Overflow https://github.com/QIU-DIE/CVE/issues/45 https://www.dlink.com/   |
| dajiaji–hpke-js | hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal() calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. This issue has been patched in version 1.7.5. | 2025-11-21 | 9.1 | CVE-2025-64767 | https://github.com/dajiaji/hpke-js/security/advisories/GHSA-73g8-5h73-26h4 https://github.com/dajiaji/hpke-js/commit/94a767c9b9f37ce48d5cd86f7017d8cacd294aaf https://github.com/dajiaji/hpke-js/blob/b7fd3592c7c08660c98289d67c6bb7f891af75c4/packages/core/src/senderContext.ts#L22-L34   |
| devcode-it–openstamanager | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full system compromise. This issue has been patched in version 2.9.5. | 2025-11-19 | 8.8 | CVE-2025-65103 | https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j   |
| Digiwin–EasyFlow GP | EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service. | 2025-11-17 | 7.5 | CVE-2025-13165 | https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html   |
| Eksagate Electronic Engineering and Computer Industry Trade Inc.–Webpack Management System | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management System: through 20251119. | 2025-11-19 | 9.8 | CVE-2025-10437 | https://www.usom.gov.tr/bildirim/tr-25-0401   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-21 | 9.8 | CVE-2025-11456 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a6f362c1-fe64-4be1-9713-14c0561a59ce?source=cve https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-three.php?rev=3332203 https://wordpress.org/plugins/elex-helpdesk-customer-support-ticket-system/ https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-three.php   |
| esm-dev–esm.sh | esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., package/../../tmp/evil.js). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. This issue has been patched in version 136. | 2025-11-19 | 8.2 | CVE-2025-65025 | https://github.com/esm-dev/esm.sh/security/advisories/GHSA-h3mw-4f23-gwpw https://github.com/esm-dev/esm.sh/commit/9d77b88c320733ff6689d938d85d246a3af9af16   |
| flothemesplugins–Flo Forms Easy Drag & Drop Form Builder | The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint (`flo_form_submit`) without proper file content validation. This makes it possible for unauthenticated attackers to upload malicious SVG files containing JavaScript that executes when an administrator views the uploaded file in the WordPress admin interface, leading to potential full site compromise. | 2025-11-21 | 7.1 | CVE-2025-13159 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8c529017-2fb9-4665-97a6-3ec062908299?source=cve https://plugins.trac.wordpress.org/browser/flo-forms/trunk/includes/class-flo-forms.php#L301 https://plugins.trac.wordpress.org/browser/flo-forms/trunk/public/class-flo-forms-public.php#L502 https://plugins.trac.wordpress.org/browser/flo-forms/trunk/admin/class-flo-forms-admin.php#L821   |
| Fortinet–FortiClientWindows | A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via “fortips_74.sys”. The attacker would need to bypass the Windows heap integrity protections | 2025-11-18 | 7.1 | CVE-2025-46373 | https://fortiguard.fortinet.com/psirt/FG-IR-25-125   |
| Fortinet–FortiClientWindows | An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection. | 2025-11-18 | 7.1 | CVE-2025-47761 | https://fortiguard.fortinet.com/psirt/FG-IR-25-112   |
| Fortinet–FortiVoice | An improper neutralization of special elements used in an SQL Command (“SQL Injection”) vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. | 2025-11-18 | 7.7 | CVE-2025-58692 | https://fortiguard.fortinet.com/psirt/FG-IR-25-666   |
| freeprojectscodes–Sports Club Management System | A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-11-19 | 7.3 | CVE-2025-13422 | VDB-332944 | freeprojectscodes Sports Club Management System change_s_pwd.php sql injection VDB-332944 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696004 | freeprojectscodes Sports Club Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/10   |
| g33kyrash–Online-Banking-System | A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-11-17 | 7.3 | CVE-2025-13276 | VDB-332611 | g33kyrash Online-Banking-System index.php sql injection VDB-332611 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690087 | Report_Online-Banking-System web 1.0 SQL Injection https://github.com/Nianalb/Report_Online-Banking-System/blob/main/SQL.docx   |
| genetechproducts–Pie Forms Drag & Drop Form Builder | The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. This is due to insufficient file type validation where the validate_classic method validates file extensions and sets error messages but does not prevent the file upload process from continuing. This makes it possible for unauthenticated attackers to upload files with dangerous extensions such as PHP, which makes remote code execution possible. In order to exploit this vulnerability, the attacker needs to guess the directory in which the file is placed (which is a somewhat predictable hash). In addition to that, the file name is generated using a secure hash method, limiting the exploitability of this vulnerability. | 2025-11-18 | 8.1 | CVE-2025-12528 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4941a0ce-67f1-430d-bbad-3c97a4ed449e?source=cve https://plugins.trac.wordpress.org/browser/pie-forms-for-wp/tags/1.6/includes/fields/fileupload.php#L331 https://plugins.trac.wordpress.org/browser/pie-forms-for-wp/tags/1.6/includes/fields/fileupload.php#L475 https://plugins.trac.wordpress.org/browser/pie-forms-for-wp/tags/1.6/includes/fields/fileupload.php#L18   |
| Grafana–Grafana Enterprise | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: – `enableSCIM` feature flag set to true – `user_sync_enabled` config option in the `[auth.scim]` block set to true | 2025-11-21 | 10 | CVE-2025-41115 | https://grafana.com/security/security-advisories/CVE-2025-41115   |
| Gravity Forms–Gravity Forms | The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through the chunked upload mechanism. This makes it possible for unauthenticated attackers to upload executable .phar files and achieve remote code execution on the server, granted they can discover or enumerate the upload path. In order for an attacker to achieve RCE, the web server needs to be set up to process .phar file as PHP via file handler mapping or similar. | 2025-11-18 | 8.1 | CVE-2025-12974 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b6395439-da45-4b64-8e30-b106dffd46c1?source=cve https://github.com/pronamic/gravityforms/blob/06de1b7e169e4f073e9d0d491e17b89365b48c20/includes/upload.php#L97 https://github.com/pronamic/gravityforms/blob/06de1b7e169e4f073e9d0d491e17b89365b48c20/common/common.php#L4178 https://docs.gravityforms.com/gravityforms-change-log/   |
| HAProxy Technologies–HAProxy Community Edition | Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. | 2025-11-19 | 7.5 | CVE-2025-11230 | https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability   |
| HashiCorp–Tooling | Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in Vault Terraform Provider v5.5.0. | 2025-11-21 | 7.4 | CVE-2025-13357 | https://discuss.hashicorp.com/t/hcsec-2025-33-vault-terraform-provider-applied-incorrect-defaults-for-ldap-auth-method/76822   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking 100 Series Cellular Bridge | A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations. | 2025-11-18 | 7.5 | CVE-2025-37161 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS-CX | A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | 2025-11-18 | 7.8 | CVE-2025-37155 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking Management Software (Airwave) | A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. | 2025-11-18 | 7.2 | CVE-2025-37163 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US   |
| homarr-labs–homarr | Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user’s browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker’s account to the “credentials-admin” group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | 2025-11-19 | 8.1 | CVE-2025-64759 | https://github.com/homarr-labs/homarr/security/advisories/GHSA-wj62-c5gr-2×53 https://github.com/homarr-labs/homarr/commit/aaa23f37321be1e110f722b36889b2fd3bea2059   |
| husainali52–WP AUDIO GALLERY | The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the `wpag_uploadaudio_callback()` AJAX handler not properly validating user-supplied file paths in the `audio_upload` parameter before passing them to `unlink()`. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when critical files like wp-config.php are deleted. | 2025-11-21 | 8.1 | CVE-2025-13322 | https://www.wordfence.com/threat-intel/vulnerabilities/id/101675ae-88cf-42fc-b9ea-5dd37cdf7464?source=cve https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L150 https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L513 https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L607   |
| IBM–IBM Planning Analytics Local | IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system. | 2025-11-17 | 8 | CVE-2025-36357 | https://www.ibm.com/support/pages/node/7251265   |
| IBM–Storage Virtualize | IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. | 2025-11-17 | 7.5 | CVE-2025-36118 | https://www.ibm.com/support/pages/node/7250954   |
| IBM–webMethods Integration | IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data. | 2025-11-20 | 8.8 | CVE-2025-36072 | https://www.ibm.com/support/pages/node/7252090   |
| ideastocode–Enable SVG, WebP, and ICO Upload | The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitization while being accepted as a valid ICO file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-18 | 8.8 | CVE-2025-13069 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5716c4e1-a6d3-42e8-b90c-d16f204c8503?source=cve https://wordpress.org/plugins/enable-svg-webp-ico-upload/   |
| ikhodal–Category and Product Woocommerce Tabs | The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the ‘template’ parameter in the categoryProductTab() function. This makes it possible for authenticated attackers, with contributor level access and above, to include and execute arbitrary .php files on the server. | 2025-11-18 | 8.8 | CVE-2025-13088 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c3938bbb-dc3d-4550-a05d-0cde970e38f8?source=cve https://plugins.trac.wordpress.org/browser/category-and-product-woocommerce-tabs/tags/1.0/include/wccategorytab.php#L108   |
| iqonicdesign–WPBookit | The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘css_code’ parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the save_custome_code() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 7.2 | CVE-2025-12135 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7d7b2c79-c4f7-4611-a22a-685d4421a4ab?source=cve https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/class.wpb-admin-routes-handler.php#L15 https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/class.wpb-admin-routes.php#L118 https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-setting-controller.php#L16 https://github.com/d0n601/CVE-2025-12135 https://ryankozak.com/posts/cve-2025-12135/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398463%40wpbookit&new=3398463%40wpbookit&sfp_email=&sfph_mail=   |
| isaacs–node-glob | Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/–cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0. | 2025-11-17 | 7.5 | CVE-2025-64756 | https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2 https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146   |
| itsourcecode–Human Resource Management System | A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-11-19 | 7.3 | CVE-2025-13420 | VDB-332942 | itsourcecode Human Resource Management System EventStore.php sql injection VDB-332942 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #695952 | itsourcecode Human Resource Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/8 https://itsourcecode.com/   |
| itsourcecode–Human Resource Management System | A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-11-19 | 7.3 | CVE-2025-13421 | VDB-332943 | itsourcecode Human Resource Management System NoticeStore.php sql injection VDB-332943 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #695953 | itsourcecode Human Resource Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/9 https://itsourcecode.com/   |
| itsourcecode–Inventory Management System | A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-11-17 | 7.3 | CVE-2025-13257 | VDB-332592 | itsourcecode Inventory Management System index.php sql injection VDB-332592 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687863 | itsourcecode Inventory Management System V1.0 SQL Injection https://github.com/iamzzzzz/iam/issues/3 https://itsourcecode.com/   |
| itsourcecode–Online File Management System | A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | 2025-11-21 | 7.3 | CVE-2025-13485 | VDB-333085 | itsourcecode Online File Management System ajax.php sql injection VDB-333085 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696405 | Itsourcecode Itsourcecode Online File Management System V1.0 SQL Injection https://github.com/jaisurya-me/CVE/issues/1 https://itsourcecode.com/   |
| itsourcecode–Online Voting System | A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | 2025-11-17 | 7.3 | CVE-2025-13285 | VDB-332625 | itsourcecode Online Voting System login.php sql injection VDB-332625 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690884 | itsourcecode Online Voting System V1.0 SQL Injection Submit #690887 | itsourcecode Online Voting System V1.0 SQL Injection (Duplicate) https://github.com/WANGshuyan2025/cve/issues/6 https://itsourcecode.com/   |
| itsourcecode–Web-Based Internet Laboratory Management System | A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | 2025-11-17 | 7.3 | CVE-2025-13297 | VDB-332637 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection VDB-332637 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691786 | itsourcecode Web-Based Internet Laboratory Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/3 https://itsourcecode.com/   |
| itsourcecode–Web-Based Internet Laboratory Management System | A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | 2025-11-17 | 7.3 | CVE-2025-13298 | VDB-332638 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection VDB-332638 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691787 | itsourcecode Web-Based Internet Laboratory Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/4 https://itsourcecode.com/   |
| itsourcecode–Web-Based Internet Laboratory Management System | A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | 2025-11-17 | 7.3 | CVE-2025-13299 | VDB-332639 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection VDB-332639 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691789 | itsourcecode Web-Based Internet Laboratory Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/5 https://itsourcecode.com/   |
| itsourcecode–Web-Based Internet Laboratory Management System | A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-11-17 | 7.3 | CVE-2025-13300 | VDB-332640 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection VDB-332640 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691790 | itsourcecode Web-Based Internet Laboratory Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/6 https://itsourcecode.com/   |
| itsourcecode–Web-Based Internet Laboratory Management System | A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | 2025-11-17 | 7.3 | CVE-2025-13301 | VDB-332641 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection VDB-332641 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691793 | itsourcecode Web-Based Internet Laboratory Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/7 https://itsourcecode.com/   |
| jackdewey–Community Events | The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘dayofyear’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-11-19 | 7.5 | CVE-2025-12646 | https://www.wordfence.com/threat-intel/vulnerabilities/id/579b6eb0-dbb7-4586-aecc-f295889a2b2b?source=cve https://plugins.trac.wordpress.org/changeset/3396731/community-events/trunk/community-events.php   |
| jemoreto–Multiple Roles per User | The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘mrpu_add_multiple_roles_ui’ and ‘mrpu_save_multiple_user_roles’ functions in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, granted the ‘edit_users’ capability, to edit any user’s role, including promoting users to Administrator and demoting Administrators to lower-privileged roles. | 2025-11-18 | 7.2 | CVE-2025-11620 | https://www.wordfence.com/threat-intel/vulnerabilities/id/30741601-50b9-4799-a340-11f6ffa59553?source=cve https://plugins.trac.wordpress.org/browser/multiple-roles-per-user/trunk/multiple-roles-per-user.php#L54 https://plugins.trac.wordpress.org/browser/multiple-roles-per-user/trunk/multiple-roles-per-user.php#L121   |
| listingthemes–WP Directory Kit | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the ‘columns_search’ parameter of the select_2_ajax() function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-11-21 | 7.5 | CVE-2025-13138 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0cad8c48-5c96-484c-acda-b33d8d8d10d3?source=cve https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.4.3/application/controllers/Wdk_frontendajax.php#L546 https://wordpress.org/plugins/wpdirectorykit/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3396348%40wpdirectorykit&new=3396348%40wpdirectorykit&sfp_email=&sfph_mail=   |
| lsfusion–platform | A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-17 | 7.3 | CVE-2025-13262 | VDB-332597 | lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal VDB-332597 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689414 | lsFusion 6.1 Arbitrary File Upload https://github.com/lsfusion/platform/issues/1544 https://github.com/lsfusion/platform/issues/1544#issue-3589610731   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in the request. This allows unauthorized users to finalize other users’ polls and convert them into events without proper authorization checks, potentially disrupting user workflows and causing data integrity and availability issues. This issue has been patched in version 4.5.4. | 2025-11-19 | 9.1 | CVE-2025-65021 | https://github.com/lukevella/rallly/security/advisories/GHSA-x7w2-g548-4qg8 https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to authorize deletions, enabling attackers to remove other users (including poll owners) from polls. This impacts the integrity and availability of poll participation data. This issue has been patched in version 4.5.4. | 2025-11-19 | 8.1 | CVE-2025-65029 | https://github.com/lukevella/rallly/security/advisories/GHSA-f8jc-6746-ww95 https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not verify whether the user performing the action is the poll owner. As a result, any user can disrupt polls created by others, leading to a loss of integrity and availability across the application. This issue has been patched in version 4.5.4. | 2025-11-19 | 8.1 | CVE-2025-65033 | https://github.com/lukevella/rallly/security/advisories/GHSA-4p93-v53r-vch3 https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and compromise both availability and integrity of poll data. This issue has been patched in version 4.5.4. | 2025-11-19 | 8.1 | CVE-2025-65034 | https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID for deletion and does not validate whether the requesting user owns the comment or has permission to remove it. This issue has been patched in version 4.5.4. | 2025-11-19 | 7.1 | CVE-2025-65030 | https://github.com/lukevella/rallly/security/advisories/GHSA-4j32-25f9-qgfm https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| METZ CONNECT–Energy-Controlling EWIO2-M | The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials. | 2025-11-18 | 9.8 | CVE-2025-41733 | https://certvde.com/de/advisories/VDE-2025-097   |
| METZ CONNECT–Energy-Controlling EWIO2-M | An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices. | 2025-11-18 | 9.8 | CVE-2025-41734 | https://certvde.com/de/advisories/VDE-2025-097   |
| METZ CONNECT–Energy-Controlling EWIO2-M | A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. | 2025-11-18 | 8.8 | CVE-2025-41735 | https://certvde.com/de/advisories/VDE-2025-097   |
| METZ CONNECT–Energy-Controlling EWIO2-M | A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. | 2025-11-18 | 8.8 | CVE-2025-41736 | https://certvde.com/de/advisories/VDE-2025-097   |
| METZ CONNECT–Energy-Controlling EWIO2-M | Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules. | 2025-11-18 | 7.5 | CVE-2025-41737 | https://certvde.com/de/advisories/VDE-2025-097   |
| Microsoft–Azure Bastion Developer | Azure Bastion Elevation of Privilege Vulnerability | 2025-11-20 | 10 | CVE-2025-49752 | Azure Bastion Elevation of Privilege Vulnerability   |
| Microsoft–Azure Monitor Control Service | Azure Monitor Elevation of Privilege Vulnerability | 2025-11-20 | 8.6 | CVE-2025-62207 | Azure Monitor Elevation of Privilege Vulnerability   |
| Microsoft–Dynamics OmniChannel SDK Storage Containers | Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. | 2025-11-20 | 8.8 | CVE-2025-64655 | Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability   |
| Microsoft–Microsoft 365 Defender Portal | Microsoft Defender Portal Spoofing Vulnerability | 2025-11-20 | 8.3 | CVE-2025-62459 | Microsoft Defender Portal Spoofing Vulnerability   |
| Microsoft–Microsoft SharePoint Online | Microsoft SharePoint Online Elevation of Privilege Vulnerability | 2025-11-20 | 9.8 | CVE-2025-59245 | Microsoft SharePoint Online Elevation of Privilege Vulnerability   |
| Mitsubishi Electric Corporation–MILCO.S Setting Application | Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) all versions, and MILCO.S Easy Switch Application (IR) all versions allows a local attacker to execute malicious code by having installer to load a malicious DLL. However, if the signer name “Mitsubishi Electric Lighting” appears on the “Digital Signatures” tab of the properties for “MILCO.S Lighting Control.exe”, the application is a fixed one. This vulnerability only affects when the installer is run, not after installation. If a user downloads directly from Mitsubishi Electric website and installs the affected product, there is no risk of malicious code being introduced. | 2025-11-18 | 7 | CVE-2025-10089 | https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-015_en.pdf https://jvn.jp/vu/JVNVU97181602/   |
| Muse Group–MuseHub | A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:Program FilesWindowsAppsMuse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-20 | 7 | CVE-2025-13433 | VDB-332977 | Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path VDB-332977 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687547 | Muse Group MuseHub 2.1.0.1567 Unquoted Search Path https://github.com/lakshayyverma/CVE-Discovery/blob/main/Musehub.md   |
| n/a–cbor2 through version 5.7.0 | Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An incorrect variable reference and missing state reset in the chunk processing loop causes buffer_length to not be reset to zero after UTF-8 character consumption. This results in subsequent chunk_length calculations producing negative values (e.g., chunk_length = 65536 – buffer_length), which are passed as signed integers to the read() method, potentially triggering unlimited read operations and resource exhaustion. (2) Memory Leak via Missing Reference Count Release (CWE-401): The main processing loop fails to release Python object references (Py_DECREF) for chunk objects allocated in each iteration. For CBOR strings longer than 65536 bytes, this causes cumulative memory leaks proportional to the payload size, enabling memory exhaustion attacks through repeated processing of large CBOR payloads. Both vulnerabilities can be exploited remotely without authentication by sending specially-crafted CBOR data containing definite-length text strings with multi-byte UTF-8 characters positioned at 65536-byte chunk boundaries. Successful exploitation results in denial of service through process crashes (CBORDecodeEOF exceptions) or memory exhaustion. The vulnerabilities affect all applications using cbor2’s C extension to process untrusted CBOR data, including web APIs, IoT data collectors, and message queue processors. Fixed in commit 851473490281f82d82560b2368284ef33cf6e8f9 pushed with released version 5.7.1. | 2025-11-18 | 7.5 | CVE-2025-64076 | https://github.com/agronholm/cbor2/issues/264 https://github.com/agronholm/cbor2/pull/265 https://github.com/agronholm/cbor2/commit/851473490281f82d82560b2368284ef33cf6e8f9   |
| Narkom Communication and Software Technologies Trade Ltd. Co.–Pyxis Signage | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Stored XSS.This issue affects Pyxis Signage: through 31012025. | 2025-11-20 | 7.2 | CVE-2025-0643 | https://www.usom.gov.tr/bildirim/tr-25-0404   |
| Narkom Communication and Software Technologies Trade Ltd. Co.–Pyxis Signage | Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025. | 2025-11-20 | 7.2 | CVE-2025-0645 | https://www.usom.gov.tr/bildirim/tr-25-0404   |
| nazsabuz–WP Dropzone | The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any file type validation occurs. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-18 | 8.8 | CVE-2025-12775 | https://www.wordfence.com/threat-intel/vulnerabilities/id/afd7aeb7-2c6f-4b23-b8b1-52fb010e5aac?source=cve https://plugins.trac.wordpress.org/browser/wp-dropzone/tags/1.1.0/includes/class-plugin.php#L88 https://plugins.trac.wordpress.org/browser/wp-dropzone/tags/1.1.0/includes/class-plugin.php#L127 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3395966%40wp-dropzone&new=3395966%40wp-dropzone&sfp_email=&sfph_mail=   |
| Nettec AS–Digi On-Prem Manager | An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack. | 2025-11-17 | 8.8 | CVE-2025-13319 | https://dom.nettec.no/security-advisories/DOM-25-001/   |
| nmedia–Simple User Registration | The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpr_admin_msg’ parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 7.2 | CVE-2025-12160 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9bb5e60d-f7c9-4b47-ba6f-0f2d1d060263?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3396064%40wp-registration&new=3396064%40wp-registration&sfp_email=&sfph_mail=   |
| nootheme–Realty Portal | The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘rp_save_property_settings’ function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-11-21 | 8.8 | CVE-2025-11985 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e8263908-95b3-4b72-a9de-a982618eba2c?source=cve https://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/property/process/ajax-save-property-setting.php#L189 https://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/property/process/ajax-save-property-setting.php#L198 https://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/functions/enqueue.php#L224 https://cwe.mitre.org/data/definitions/862.html https://developer.wordpress.org/reference/functions/current_user_can/   |
| NVIDIA–NVIDIA Isaac-GR00T N1.5 | NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-11-18 | 7.8 | CVE-2025-33183 | https://nvd.nist.gov/vuln/detail/CVE-2025-33183 https://www.cve.org/CVERecord?id=CVE-2025-33183 https://nvidia.custhelp.com/app/answers/detail/a_id/5725   |
| NVIDIA–NVIDIA Isaac-GR00T N1.5 | NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-11-18 | 7.8 | CVE-2025-33184 | https://nvd.nist.gov/vuln/detail/CVE-2025-33184 https://www.cve.org/CVERecord?id=CVE-2025-33184 https://nvidia.custhelp.com/app/answers/detail/a_id/5725   |
| oc3dots–S2B AI Assistant ChatBot, ChatGPT, OpenAI, Content & Image Generator | The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-21 | 7.2 | CVE-2025-12973 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ac9d2b64-aff6-418a-bfe7-ec91b177ad6b?source=cve https://plugins.trac.wordpress.org/browser/s2b-ai-assistant/trunk/lib/helpers/Utils.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399267%40s2b-ai-assistant&new=3399267%40s2b-ai-assistant&sfp_email=&sfph_mail= https://github.com/d0n601/CVE-2025-12973 https://ryankozak.com/posts/cve-2025-12973/   |
| OpenStack–Keystone | OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. | 2025-11-17 | 7.5 | CVE-2025-65073 | https://www.openwall.com/lists/oss-security/2025/11/04/2   |
| Piwigo–Piwigo | Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request’s Host header and is not validated at all. Therefore, an attacker can send a password-reset URL with a modified hostname to an existing user whose username or email the attacker knows or guesses. This issue has been patched in version 15.7.0. | 2025-11-18 | 8.1 | CVE-2025-62406 | https://github.com/Piwigo/Piwigo/security/advisories/GHSA-9986-w7jf-33f6 https://github.com/Piwigo/Piwigo/commit/9d2565465efc3570963ff431b45cad21610f6692   |
| portabilis–i-educar | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application’s database. This vulnerability is caused by the improper handling of the cod_agenda request parameter, which is directly concatenated into multiple SQL queries without proper sanitization. This issue has been patched in commit b473f92. | 2025-11-19 | 7.2 | CVE-2025-65022 | https://github.com/portabilis/i-educar/security/advisories/GHSA-4hrj-5gwx-r4w4 https://github.com/portabilis/i-educar/commit/b473f92b5326f45d7bce2de93a5381bed7ca8ac7   |
| portabilis–i-educar | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application’s database. This vulnerability is caused by the improper handling of the cod_funcionario_vinculo GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit a00dfa3. | 2025-11-19 | 7.2 | CVE-2025-65023 | https://github.com/portabilis/i-educar/security/advisories/GHSA-8rv6-x8h9-fjfc https://github.com/portabilis/i-educar/commit/a00dfa3f129bc84e27873aa01cbd3f82e5b6c6c8   |
| portabilis–i-educar | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application’s database. This vulnerability is caused by the improper handling of the cod_agenda GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit 3e9763a. | 2025-11-19 | 7.2 | CVE-2025-65024 | https://github.com/portabilis/i-educar/security/advisories/GHSA-6c8p-xqcv-rghx https://github.com/portabilis/i-educar/commit/3e9763a561b328edaed21a7dc2e0dba0bbbc6e22   |
| premmerce–Premmerce Wholesale Pricing for WooCommerce | The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘ID’ parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php “premmerce_update_price_type” action, causing cosmetic corruption of the admin interface. The ‘price_type’ parameter of the “premmerce_delete_price_type” is also vulnerable. | 2025-11-18 | 7.1 | CVE-2025-12411 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1e4e27e0-bbb0-498a-b425-9e9d60dfed0f?source=cve https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Models/Model.php#L171 https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Admin/Admin.php#L83   |
| projectworlds–Advanced Library Management System | A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | 2025-11-23 | 7.3 | CVE-2025-13572 | VDB-333336 | projectworlds Advanced Library Management System delete_admin.php sql injection VDB-333336 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698645 | projectworlds Advanced Library Management System V1.0 SQL Injection https://github.com/GYSakura/tmp/blob/main/report.md   |
| rajeshsingh520–Live sales notification for WooCommerce | The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the “getOrders” function lacking proper authorization and capability checks when the plugin is configured to display recent order information. This makes it possible for unauthenticated attackers to extract sensitive customer information including buyer first names, city, state, country, purchase time and date, and product details. | 2025-11-18 | 7.5 | CVE-2025-12955 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1cebcf16-ae7f-45c4-8e1d-80ede4c32106?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394241%40live-sales-notifications-for-woocommerce&old=3389540%40live-sales-notifications-for-woocommerce&sfp_email=&sfph_mail=   |
| Ribose–RNP | In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality. The vulnerability affects only public key encryption (PKESK packets).  Passphrase-based encryption (SKESK packets) is not affected. Root cause: Vulnerable session key buffer used in PKESK packet generation. The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization logic inside `encrypted_build_skesk()` only randomized the key for the SKESK path and omitted it for the PKESK path. | 2025-11-21 | 7.5 | CVE-2025-13470 | Introducing commit Ubuntu package Arch Linux AUR package Bugzilla report (may become public) https://bugzilla.redhat.com/show_bug.cgi?id=2415863 https://access.redhat.com/security/cve/cve-2025-13402 https://open.ribose.com/advisories/ra-2025-11-20/ https://github.com/rnpgp/rnp/releases/tag/v0.18.1   |
| RooCodeInc–Roo-Code | Roo Code is an AI-powered autonomous coding agent that lives in users’ editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7. | 2025-11-21 | 8.1 | CVE-2025-65946 | https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p https://github.com/RooCodeInc/Roo-Code/pull/7667 https://github.com/RooCodeInc/Roo-Code/commit/b50104cc5987ce64f5154309d967ae8c74cfd1f3   |
| SEIKO EPSON CORPORATION–EPSON WebConfig for SEIKO EPSON Projector Products | EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user’s password may be identified through a brute force attack. | 2025-11-21 | 9.8 | CVE-2025-64310 | https://www.epson.jp/support/misc_t/251120_oshirase.htm https://jvn.jp/en/vu/JVNVU95021911/   |
| Siemens–PS/IGES Parasolid Translator Component | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755) | 2025-11-17 | 7.8 | CVE-2025-40936 | https://cert-portal.siemens.com/productcert/html/ssa-241605.html   |
| simonhaenisch–md-to-pdf | md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. This issue has been patched in version 5.2.5. | 2025-11-21 | 10 | CVE-2025-65108 | https://github.com/simonhaenisch/md-to-pdf/security/advisories/GHSA-547r-qmjm-8hvw https://github.com/simonhaenisch/md-to-pdf/commit/46bdcf2051c8d1758b391c1353185a179a47a4d9   |
| smackcoders–WP Import Ultimate CSV XML Importer for WordPress | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the import_single_post_as_csv function within SingleImportExport.php. This makes it possible for authenticated attackers, with administrator-level access or higher, to inject a PHP object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-11-19 | 7.2 | CVE-2025-13145 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5e441699-4c78-4277-8ac1-f33b810e78cb?source=cve https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/trunk/SingleImportExport.php#L116 https://plugins.trac.wordpress.org/changeset/3397842/wp-ultimate-csv-importer/trunk/SingleImportExport.php   |
| SMCI–MBD-X13SEDW-F | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | 2025-11-18 | 7.2 | CVE-2025-8076 | https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025   |
| SMCI–X13SEDW-F | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | 2025-11-18 | 7.2 | CVE-2025-8727 | https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025   |
| smub–Giveaways and Contests by RafflePress Get More Website Traffic, Email Subscribers, and Social Followers | The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-19 | 7.2 | CVE-2025-12484 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7cda6aad-36e1-45c7-af46-a7b90bb2d339?source=cve https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L539 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L543 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L547 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L551 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L555 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L559 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/rafflepress.php#L563 https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.19/app/entry.php#L110 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3398188%40rafflepress&old=3346436%40rafflepress&sfp_email=&sfph_mail=   |
| SolarWinds–Serv-U | A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | 2025-11-18 | 9.1 | CVE-2025-40547 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40547 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm   |
| SolarWinds–Serv-U | A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | 2025-11-18 | 9.1 | CVE-2025-40548 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40548 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm   |
| SolarWinds–Serv-U | A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. | 2025-11-18 | 9.1 | CVE-2025-40549 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40549 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm   |
| SourceCodester–Company Website CMS | A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | 2025-11-23 | 7.3 | CVE-2025-13560 | VDB-333325 | SourceCodester Company Website CMS reset-password.php sql injection VDB-333325 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696637 | sourcecodester Company Website CMS V1.0 SQL InjectionSQL https://github.com/miwangdemaoxianzhe/CVE/issues/1 https://www.sourcecodester.com/   |
| SourceCodester–Company Website CMS | A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2025-11-23 | 7.3 | CVE-2025-13561 | VDB-333326 | SourceCodester Company Website CMS index.php sql injection VDB-333326 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696684 | sourcecodester Company Website CMS V1.0 SQL InjectionSQL https://github.com/miwangdemaoxianzhe/CVE/issues/2 https://www.sourcecodester.com/   |
| SourceCodester–Online Shop Project | A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-11-20 | 7.3 | CVE-2025-13451 | VDB-333021 | SourceCodester Online Shop Project action.php sql injection VDB-333021 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #694674 | SourceCodester Online Shop Project V1.0 SQL Injection https://github.com/xiaojuzirr/cve/issues/4 https://www.sourcecodester.com/   |
| SourceCodester–Train Station Ticketing System | A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-11-18 | 7.3 | CVE-2025-13344 | VDB-332762 | SourceCodester Train Station Ticketing System ajax.php sql injection VDB-332762 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691940 | SourceCodester Train Station Ticketing System V1.0 SQL Injection https://github.com/puppytgyh/-CVE/issues/14 https://www.sourcecodester.com/   |
| stellarwp–GiveWP Donation Plugin and Fundraising Platform | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Avatars must be enabled in the WordPress install in order to exploit the vulnerability. | 2025-11-19 | 7.2 | CVE-2025-13206 | https://www.wordfence.com/threat-intel/vulnerabilities/id/95823720-e1dc-46c1-887b-ffd877b2fbe5?source=cve https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/templates/shortcode-donor-wall.php#L59 https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/includes/process-donation.php#L1230 https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/includes/class-give-donor.php#L1135 https://plugins.trac.wordpress.org/changeset/3398128/   |
| Tenda–AC20 | A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | 2025-11-17 | 8.8 | CVE-2025-13258 | VDB-332593 | Tenda AC20 WifiExtraSet buffer overflow VDB-332593 | CTI Indicators (IOB, IOC, IOA) Submit #688716 | Tenda AC20 Router Affected firmware version: <= V16.03.08.12 Buffer Overflow https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md#poc https://www.tenda.com.cn/   |
| Tenda–AC21 | A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | 2025-11-20 | 8.8 | CVE-2025-13445 | VDB-333017 | Tenda AC21 SetIpMacBind stack-based overflow VDB-333017 | CTI Indicators (IOB, IOC, IOA) Submit #694066 | Tenda AC21 V16.03.08.16 Buffer Overflow https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md https://www.tenda.com.cn/   |
| Tenda–AC21 | A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-11-20 | 8.8 | CVE-2025-13446 | VDB-333018 | Tenda AC21 SetSysTimeCfg stack-based overflow VDB-333018 | CTI Indicators (IOB, IOC, IOA) Submit #694425 | Tenda AC21 V16.03.08.16 Buffer Overflow Submit #694430 | Tenda AC21 V16.03.08.16 Buffer Overflow (Duplicate) https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN8.md https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN9.md https://www.tenda.com.cn/   |
| Tenda–CH22 | A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | 2025-11-17 | 8.8 | CVE-2025-13288 | VDB-332628 | Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow VDB-332628 | CTI Indicators (IOB, IOC, IOA) Submit #691594 | Tenda Technology Co., Ltd. Tenda V1.0.0.1 Buffer Overflow https://github.com/yyyy1g/CVE/issues/1 https://www.tenda.com.cn/   |
| Tenda–CH22 | A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-11-19 | 8.8 | CVE-2025-13400 | VDB-332926 | Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow VDB-332926 | CTI Indicators (IOB, IOC, IOA) Submit #692145 | Tenda CH22 V1.0.0.1 Buffer Overflow https://github.com/f000x0/cve/issues/14 https://www.tenda.com.cn/   |
| The Browser Company of New York–Dia | This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI (like a fake address bar.) | 2025-11-21 | 7.4 | CVE-2025-13132 | https://www.diabrowser.com/security/bulletins#CVE-2025-13132   |
| ThinPLUS–ThinPLUS | ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 2025-11-17 | 9.8 | CVE-2025-13284 | https://www.twcert.org.tw/tw/cp-132-10512-e196b-1.html https://www.twcert.org.tw/en/cp-139-10513-0d82b-2.html   |
| thorsten–phpMyFAQ | phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with ‘Configuration Edit’ permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14. | 2025-11-17 | 7.2 | CVE-2025-62519 | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4 https://github.com/thorsten/phpMyFAQ/compare/4.0.13…4.0.14   |
| UTT– 750W | A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-20 | 7.3 | CVE-2025-13442 | VDB-333015 | UTT 进取 750W formPdbUpConfig system command injection VDB-333015 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #688782 | UTT (AiTai) Jinqi 750W <=v5v3.2.2-191225 Buffer Overflow https://github.com/alc9700jmo/CVE/issues/20   |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1. | 2025-11-21 | 8.8 | CVE-2025-62164 | https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf https://github.com/vllm-project/vllm/pull/27204 https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b   |
| walterpinem–OneClick Chat to Order | The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the ‘wa_order_thank_you_override’ function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view sensitive customer information including names, email addresses, phone numbers, billing/shipping addresses, order contents, and payment methods by simply changing the order ID in the URL. | 2025-11-22 | 7.5 | CVE-2025-13526 | https://www.wordfence.com/threat-intel/vulnerabilities/id/547a0c73-044e-49ba-9bec-4f80b41b8ea2?source=cve https://plugins.trac.wordpress.org/browser/oneclick-whatsapp-order/trunk/includes/buttons/wa-order-thank-you.php#L126 https://plugins.trac.wordpress.org/changeset/3391625/   |
| wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0. | 2025-11-21 | 7.7 | CVE-2025-30201 | https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x https://github.com/wazuh/wazuh/pull/30060 https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a   |
| Wireshark Foundation–Wireshark | Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service | 2025-11-21 | 7.8 | CVE-2025-13499 | https://www.wireshark.org/security/wnpa-sec-2025-06.html GitLab Issue #20823   |
| withastro–astro | Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8. | 2025-11-19 | 7.1 | CVE-2025-64764 | https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723 https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91   |
| wpwham–Checkout Files Upload for WooCommerce | The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in image files that will execute whenever a user accesses the injected page. | 2025-11-18 | 7.2 | CVE-2025-4212 | https://www.wordfence.com/threat-intel/vulnerabilities/id/09d9785a-db71-4735-b86b-7fa10cf36a0b?source=cve https://plugins.trac.wordpress.org/changeset?old_path=/checkout-files-upload-woocommerce/tags/2.2.1&new_path=/checkout-files-upload-woocommerce/tags/2.2.2   |
| WSO2–WSO2 API Manager | A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate-based authentication in certain default configurations, the affected components may permit unauthenticated requests even when mTLS is enabled. This condition occurs when relying on the default mTLS settings for System REST APIs or when the mTLS authenticator is enabled for SOAP services, causing these interfaces to accept requests without enforcing additional authentication. Successful exploitation allows a malicious actor with network access to the affected endpoints to gain administrative privileges and perform unauthorized operations. The vulnerability is exploitable only when the impacted mTLS flows are enabled and accessible in a given deployment. Other certificate-based authentication mechanisms such as Mutual TLS OAuth client authentication and X.509 login flows are not affected, and APIs served through the API Gateway of WSO2 API Manager remain unaffected. | 2025-11-18 | 9.8 | CVE-2025-9312 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4494/   |
| WSO2–WSO2 Open Banking AM | A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation, it is ineffective in this context because it allows cookies to be sent with cross-origin top-level navigations using GET requests. A malicious actor can exploit this vulnerability by tricking an authenticated user into visiting a crafted link, leading the browser to issue unintended state-changing requests. Successful exploitation could result in unauthorized operations such as data modification, account changes, or other administrative actions. According to WSO2 Secure Production Guidelines, exposure of Carbon console services to untrusted networks is discouraged, which may reduce the impact in properly secured deployments. | 2025-11-18 | 8.8 | CVE-2025-6670 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4117/   |
| zozothemes–Zegen Core | The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the ‘/custom-font-code/custom-fonts-uploads.php’ file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-21 | 8.8 | CVE-2025-11087 | https://www.wordfence.com/threat-intel/vulnerabilities/id/145deebd-1e15-4f8a-878c-9424c2cd9601?source=cve https://themeforest.net/item/zegen-church-wordpress-theme/25116823   |
| Zyxel–DX3300-T0 firmware | A post-authentication command injection vulnerability in the “priv” parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device. | 2025-11-18 | 8.8 | CVE-2025-8693 | https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025   |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| 1000projects–Design & Development of Student Database Management System | A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13289 | VDB-332629 | 1000projects Design & Development of Student Database Management System SubjectDetails.php sql injection VDB-332629 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691612 | 1000projects Design & Development of Student Database Management System V1.0 SQL Injection https://github.com/f14g-orz/CVE/issues/2   |
| _luigi–The Permalinks Cascade | The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized administrative actions such as enabling or disabling automatic pinging settings and modifying page exclusion settings. | 2025-11-18 | 4.3 | CVE-2025-12372 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c08d420d-d521-4215-9ef7-b5d1c44a19d3?source=cve https://plugins.trac.wordpress.org/browser/the-permalinks-cascade/tags/2.2/admin/admin-controller.class.php#L109 https://plugins.trac.wordpress.org/browser/the-permalinks-cascade/tags/2.2/includes/core.class.php#L36   |
| admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages | The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the ‘uip_process_block_query’ AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks. | 2025-11-21 | 6.5 | CVE-2025-10938 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d8aa06eb-774a-4cd9-bd35-2d6409475696?source=cve https://wordpress.org/plugins/uipress-lite/   |
| admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘uip_save_ui_template’ function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript. | 2025-11-21 | 6.4 | CVE-2025-11003 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a01ccc-c98e-4fcc-8eaf-721ec46584fc?source=cve https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/core/uiBuilder.php#L613 https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/classes/PostTypes/UiTemplates.php#L416   |
| admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uip_save_site_option() function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary plugin settings. Other AJAX actions are also affected. | 2025-11-21 | 4.3 | CVE-2025-11815 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8d7397-0201-4194-8604-057f905ef10b?source=cve https://plugins.trac.wordpress.org/browser/uipress-lite/trunk/admin/core/ajax-functions.php#L396 https://plugins.trac.wordpress.org/changeset/3398753/   |
| aioseo–Broken Link Checker by AIOSEO Easily Fix/Monitor Internal and External links | The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only checks for a broad capability (aioseo_blc_broken_links_page) that is granted to contributor level users, without verifying the user’s permission to perform actions on the specific post being targeted. This makes it possible for authenticated attackers, with contributor level access and above, to trash arbitrary posts via the DELETE /wp-json/aioseoBrokenLinkChecker/v1/post endpoint. | 2025-11-18 | 5.4 | CVE-2025-11734 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0254cd1b-f8f6-400e-a48e-81bd553fe8d1?source=cve https://plugins.trac.wordpress.org/changeset/3390304/broken-link-checker-seo   |
| alekv–Pixel Manager for WooCommerce Track Conversions and Analytics, Google Ads, TikTok and more | The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to. | 2025-11-18 | 5.3 | CVE-2025-12545 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9babb946-4033-4e66-8f59-b73185ffcd49?source=cve https://plugins.trac.wordpress.org/browser/woocommerce-google-adwords-conversion-tracking-tag/tags/1.49.2/includes/pixels/class-pixel-manager.php#L343 https://plugins.trac.wordpress.org/browser/woocommerce-google-adwords-conversion-tracking-tag/tags/1.49.2/includes/pixels/class-pixel-manager.php#L1235   |
| amans2k–FunnelKit Funnel Builder for WooCommerce Checkout | The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wfop_phone` shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied `default` attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-19 | 6.4 | CVE-2025-12878 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6f54053e-30ff-449b-b696-92d503011a4d?source=cve https://wordpress.org/plugins/funnel-builder https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.2/modules/optins/merge-tags/class-bwf-optin-tags.php#L30 https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.2/modules/optins/merge-tags/class-bwf-optin-tags.php#L96 https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.2/modules/optins/merge-tags/class-bwf-optin-tags.php#L101 https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.2/modules/optins/merge-tags/class-bwf-optin-tags.php#L116 https://plugins.trac.wordpress.org/changeset/3397106/funnel-builder/tags/3.13.1.3/merge-tags/class-bwf-contact-tags.php   |
| AMD–AMD EPYC 9004 Series Processors | A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. | 2025-11-21 | 5.3 | CVE-2025-29934 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3029.html   |
| AMD–AMD Prof | Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. | 2025-11-21 | 5.5 | CVE-2025-48502 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html   |
| antiochinteractive–Shortcode for Google Street View | The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘streetview’ shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the ‘id’ attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11808 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a8a5b5ce-9975-449b-bdd1-d139f1360297?source=cve https://plugins.trac.wordpress.org/browser/wp-google-street-view-shortcode/tags/0.5.7/gsv-shortcode.php#L108   |
| arkadiykilesso–Download Panel (Biggiko Team) | The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the ‘wp_ajax_save_settings’ AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the `dlpn_save_settings()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to arbitrarily modify plugin settings including display text, download links, button colors, and other visual customizations. | 2025-11-18 | 4.3 | CVE-2025-12961 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a1df7e-1a57-45b3-a4b3-cb3218782ad9?source=cve https://plugins.trac.wordpress.org/browser/download-panel/tags/1.3.3/plugin.php#L50 https://plugins.trac.wordpress.org/browser/download-panel/tags/1.3.3/plugin.php#L51   |
| artibot–ArtiBot Free Chat Bot for WebSites | The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-11-18 | 6.1 | CVE-2025-12078 | https://www.wordfence.com/threat-intel/vulnerabilities/id/efe48adb-af9f-45dc-b693-ae56dce1bfe2?source=cve https://wordpress.org/plugins/artibot/   |
| ashraf-kabir–travel-agency | A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-23 | 6.3 | CVE-2025-13544 | VDB-333311 | ashraf-kabir travel-agency customer_register.php unrestricted upload VDB-333311 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690975 | travel-agency web 1 File Upload Vulnerability https://github.com/www223-ai/CVE/blob/main/travel-File%20Upload.docx   |
| ashraf-kabir–travel-agency | A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-11-23 | 6.3 | CVE-2025-13546 | VDB-333313 | ashraf-kabir travel-agency Search results.php sql injection VDB-333313 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691466 | travel-agency web 1 SQL Injection vulnerability https://github.com/www223-ai/CVE/blob/main/travel-sql2.docx   |
| ashraf-kabir–travel-agency | A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-23 | 4.7 | CVE-2025-13545 | VDB-333312 | ashraf-kabir travel-agency index.php sql injection VDB-333312 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690978 | travel-agency web 1 SQL Injection Vulnerability https://github.com/www223-ai/CVE/blob/main/travel-sql.docx   |
| awensley–Project Honey Pot Spam Trap | The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-18 | 6.1 | CVE-2025-12406 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e774476d-3696-4489-b028-16c25f8db1ca?source=cve https://plugins.trac.wordpress.org/browser/project-honey-pot-spam-trap/tags/1.0.1/project_honey_pot.php#L244 https://plugins.trac.wordpress.org/browser/project-honey-pot-spam-trap/tags/1.0.1/project_honey_pot.php#L248 https://plugins.trac.wordpress.org/browser/project-honey-pot-spam-trap/tags/1.0.1/project_honey_pot.php#L293   |
| AWS–Wickr | Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13. | 2025-11-21 | 5.7 | CVE-2025-13524 | https://aws.amazon.com/security/security-bulletins/AWS-2025-029/ https://docs.aws.amazon.com/wickr/latest/enterpriseadminguide/clients-release-notes-6.62.html   |
| ays-pro–Quiz Maker | The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only validates a nonce, but that same nonce is publicly available to all site visitors via the quiz_maker_ajax_public localized script data. This makes it possible for unauthenticated attackers to extract sensitive data including quiz answers for any quiz question. | 2025-11-19 | 5.3 | CVE-2025-12426 | https://www.wordfence.com/threat-intel/vulnerabilities/id/bc524e3e-9b7c-47ae-ab44-c327b287b81a?source=cve https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/public/class-quiz-maker-public.php#L8490 https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/includes/class-quiz-maker.php#L393 https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/public/class-quiz-maker-public.php#L179   |
| bandido–Checkbox | The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘wp_ajax_nopriv_checkbox_clean_log’ AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files. | 2025-11-21 | 5.3 | CVE-2025-12170 | https://www.wordfence.com/threat-intel/vulnerabilities/id/16735e63-d652-4b0e-b454-2bd13368d8a7?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3392710%40checkbox&new=3392710%40checkbox&sfp_email=&sfph_mail=   |
| bartboy011–Bulma Shortcodes | The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11802 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e119d542-7cac-47e4-ae13-5382911f1f5e?source=cve https://plugins.trac.wordpress.org/browser/bulma-shortcodes/tags/1.0/inc/components.php#L36   |
| bdeleasa–WP Company Info | The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ attribute of the ‘social-networks’ shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11826 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6743a762-6d40-4ed9-95f2-f1b405683f26?source=cve https://plugins.trac.wordpress.org/browser/wp-company-info/tags/1.9.0/classes/class-wp-company-info-social-links.php#L244   |
| bdthemes–Element Pack Addons for Elementor | The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget’s marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 5.4 | CVE-2025-13196 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0da6a080-260f-4b19-a32c-453d2781389a?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3396544%40bdthemes-element-pack-lite&old=3395028%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=   |
| beycanpress–Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO | The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the ‘createSaleRecord’ function in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to manipulate presales counters. | 2025-11-21 | 5.3 | CVE-2025-11771 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c5793f-4d98-4ec1-a9b6-6e7c3f8b6099?source=cve https://plugins.trac.wordpress.org/browser/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/tags/2.4.6/app/RestAPI.php#L275   |
| beycanpress–Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO | The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘saveDeployedContract’ function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the WordPress option `tokenico_deployed_contracts`, poisoning the smart contract addresses displayed. | 2025-11-21 | 4.3 | CVE-2025-11773 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e02597b1-eea6-4fdd-baeb-527201d1c61f?source=cve https://plugins.trac.wordpress.org/browser/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/tags/2.4.6/app/RestAPI.php#L108   |
| bhargavbhandari90–Meta Display Block | The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meta Display Block in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-12088 | https://www.wordfence.com/threat-intel/vulnerabilities/id/68251e79-d064-4be4-a218-92a03e27b59d?source=cve https://wordpress.org/plugins/meta-display-block/   |
| billybigpotatoes–BrightTALK WordPress Shortcode | The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘format’ shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11770 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3e3b5433-e17b-4ece-9e5c-ef4d818068dc?source=cve https://plugins.trac.wordpress.org/browser/brighttalk-wp-shortcode/tags/2.4.0/brighttalk-wp-shortcode.php#L130   |
| Black Duck–Black Duck SCA | Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible. Exploitation does not grant full system control, but it may enable unauthorized changes to project configurations or access to system sensitive information. | 2025-11-21 | 5.4 | CVE-2025-0504 | https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2025-0504   |
| BlackBerry–BlackBerry AtHoc (OnPrem) | An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). | 2025-11-19 | 5 | CVE-2025-12766 | https://support.blackberry.com/pkb/s/article/140929   |
| bplugins–Icon List Block Add Icon-Based Lists with Custom Styles | The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response. | 2025-11-18 | 6.4 | CVE-2025-12376 | https://www.wordfence.com/threat-intel/vulnerabilities/id/438e2911-7663-44fe-883f-19ad29972aac?source=cve https://plugins.trac.wordpress.org/browser/icon-list-block/tags/1.2.0/bplugins_sdk/inc/Base/FSActivate.php#L168   |
| brainstormforce–SureForms Contact Form, Custom Form Builder, Calculator & More | The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces (wp_rest) to unauthenticated users via the ‘wp_ajax_nopriv_rest-nonce’ action. While the plugin legitimately needs to support unauthenticated form submissions, it incorrectly uses generic REST nonces instead of form-specific nonces. This makes it possible for unauthenticated attackers to bypass CSRF protection on REST API endpoints that rely solely on nonce verification without additional authentication checks, allowing them to trigger unauthorized actions such as the plugin’s own post-submission hooks and potentially other plugins’ REST endpoints. | 2025-11-19 | 5.3 | CVE-2025-12535 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b083cf9d-bcfe-4234-a816-2d216da28b57?source=cve https://plugins.trac.wordpress.org/browser/sureforms/tags/1.13.1/inc/background-process.php#L74 https://plugins.trac.wordpress.org/browser/sureforms/tags/1.13.1/inc/admin-ajax.php#L45 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3391762%40sureforms%2Ftrunk&old=3382423%40sureforms%2Ftrunk&sfp_email=&sfph_mail=   |
| Campcodes–Retro Basketball Shoes Online Store | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | 2025-11-19 | 4.7 | CVE-2025-13411 | VDB-332938 | Campcodes Retro Basketball Shoes Online Store admin_football.php unrestricted upload VDB-332938 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #693697 | campcodes Retro Basketball Shoes Online Store V1.0 Unrestricted Upload https://github.com/laosijivul/cve/issues/2 https://www.campcodes.com/   |
| Campcodes–Retro Basketball Shoes Online Store | A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used. | 2025-11-19 | 4.7 | CVE-2025-13423 | VDB-332945 | Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload VDB-332945 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696051 | Campcodes Retro Basketball Shoes Online Store v1.0 Unrestricted Upload https://github.com/Abxery/cveee/issues/6 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13269 | VDB-332604 | Campcodes School Fees Payment Management System ajax.php sql injection VDB-332604 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690034 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/17 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | 2025-11-17 | 6.3 | CVE-2025-13270 | VDB-332605 | Campcodes School Fees Payment Management System ajax.php sql injection VDB-332605 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690039 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/16 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-11-17 | 6.3 | CVE-2025-13273 | VDB-332608 | Campcodes School Fees Payment Management System ajax.php sql injection VDB-332608 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690048 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/20 https://www.campcodes.com/   |
| Campcodes–School Fees Payment Management System | A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_fees. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | 2025-11-17 | 6.3 | CVE-2025-13274 | VDB-332609 | Campcodes School Fees Payment Management System ajax.php sql injection VDB-332609 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690886 | Campcodes School Fees Payment Management System V1.0 SQL Injection https://github.com/ASantsSec/CVE/issues/21 https://www.campcodes.com/   |
| Campcodes–Supplier Management System | A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit_unit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | 2025-11-17 | 6.3 | CVE-2025-13259 | VDB-332594 | Campcodes Supplier Management System edit_unit.php sql injection VDB-332594 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #688780 | campcodes Supplier Management System V1.0 SQL Injection https://github.com/arpcyber060/CVE/issues/1 https://www.campcodes.com/   |
| Campcodes–Supplier Management System | A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13260 | VDB-332595 | Campcodes Supplier Management System edit_product.php sql injection VDB-332595 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689268 | campcodes Supplier Management System V1.0 SQL Injection https://github.com/arpcyber070/CVE/issues/1 https://www.campcodes.com/   |
| Campcodes–Supplier Management System | A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-11-20 | 4.7 | CVE-2025-13424 | VDB-332946 | Campcodes Supplier Management System add_product.php sql injection VDB-332946 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696053 | campcodes Supplier Management System V1.0 SQL Injection https://github.com/arpcyber070/CVE/issues/3 https://www.campcodes.com/   |
| code-projects–Courier Management System | A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-17 | 6.3 | CVE-2025-13303 | VDB-332642 | code-projects Courier Management System search-edit.php sql injection VDB-332642 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691792 | code-projects Courier Management System V1.0 SQL Injection https://github.com/labi1106/cve/issues/2 https://code-projects.org/   |
| code-projects–Courier Management System | A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-11-19 | 6.3 | CVE-2025-13396 | VDB-332924 | code-projects Courier Management System add-office.php sql injection VDB-332924 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #692127 | code-projects Courier Management System V1.0 SQL Injection https://github.com/beamyou/CVE/issues/1 https://code-projects.org/   |
| code-projects–Courier Management System | A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | 2025-11-17 | 4.7 | CVE-2025-13302 | VDB-332643 | code-projects Courier Management System add-new-officer.php sql injection VDB-332643 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691791 | code-projects Courier Management System V1.0 SQL Injection https://github.com/labi1106/cve/issues/1 https://code-projects.org/   |
| code-projects–Nero Social Networking Site | A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | 2025-11-17 | 6.3 | CVE-2025-13279 | VDB-332614 | code-projects Nero Social Networking Site profilefriends.php sql injection VDB-332614 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690963 | code-projects Nero Social Networking Site 1.0 SQL Injection https://github.com/daojian1/Nero-Social-Networking-Site-V1.0_005 https://github.com/daojian1/Nero-Social-Networking-Site-V1.0_005/blob/main/report.md https://code-projects.org/   |
| code-projects–Simple Food Ordering System | A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13290 | VDB-332631 | code-projects Simple Food Ordering System saveorder.php sql injection VDB-332631 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691619 | code-projects Simple Food Ordering System 1.0 Unrestricted Upload https://github.com/liaoliao-hla/cve/issues/1 https://code-projects.org/   |
| code-projects–Simple Food Ordering System | A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-23 | 6.3 | CVE-2025-13571 | VDB-333335 | code-projects Simple Food Ordering System listorder.php sql injection VDB-333335 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698495 | Code-Projects Simple Food Ordering System 1.0 SQL Injection https://github.com/jjjjj-zr/jjjjjzr/issues/1 https://code-projects.org/   |
| codepeople–Appointment Booking Calendar | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint (cpabc_appointments_check_IPN_verification) that trusts attacker-supplied payment notifications without verifying their origin, authenticity, or requiring proper authorization checks. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and insert them into the live calendar via the ‘cpabc_ipncheck’ parameter, triggering administrative and customer notification emails and disrupting operations. | 2025-11-22 | 5.3 | CVE-2025-13317 | https://www.wordfence.com/threat-intel/vulnerabilities/id/638217c4-7a37-49e4-8660-5510ace692ec?source=cve https://plugins.trac.wordpress.org/browser/appointment-booking-calendar/tags/1.3.96/inc/cpabc_apps_go.inc.php#L14 https://plugins.trac.wordpress.org/browser/appointment-booking-calendar/tags/1.3.96/inc/cpabc_apps_go.inc.php#L363 https://plugins.trac.wordpress.org/browser/appointment-booking-calendar/tags/1.3.96/inc/cpabc_apps_go.inc.php#L476 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399113%40appointment-booking-calendar&new=3399113%40appointment-booking-calendar&sfp_email=&sfph_mail=   |
| codepeople–Booking Calendar Contact Form | The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and bypass payment requirements via the ‘dex_bccf_ipn’ parameter. | 2025-11-22 | 5.3 | CVE-2025-13318 | https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0ae2c-6b08-4b71-a728-c60722ec20c7?source=cve https://plugins.trac.wordpress.org/browser/booking-calendar-contact-form/tags/1.2.59/dex_bccf.php#L1409 https://plugins.trac.wordpress.org/browser/booking-calendar-contact-form/trunk/dex_bccf.php#L1409 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399906%40booking-calendar-contact-form&new=3399906%40booking-calendar-contact-form&sfp_email=&sfph_mail=   |
| codeyatri–Gutenify Visual Site Builder Blocks & Site Templates. | The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-8605 | https://www.wordfence.com/threat-intel/vulnerabilities/id/853b86ca-0231-4b1c-b1d2-b8c23dbdc3c5?source=cve https://wordpress.org/plugins/gutenify/#developers   |
| coffeebite–Padlet Shortcode | The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘key’ parameter in the ‘wallwisher’ shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-12660 | https://www.wordfence.com/threat-intel/vulnerabilities/id/09989141-43ba-446c-8230-0485add7a1e2?source=cve https://wordpress.org/plugins/wallwisher-shortcode/ https://plugins.trac.wordpress.org/browser/wallwisher-shortcode/tags/1.3/wallwisher.php#L22   |
| cozmoslabs–User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-19 | 6.4 | CVE-2025-13054 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3830ae19-cafc-40db-afde-2424cae23031?source=cve https://plugins.trac.wordpress.org/changeset/3397155/profile-builder   |
| cyberlord92–WP Login and Register using JWT | The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘mo_jwt_generate_new_api_key’ function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate a new API key on site’s that do not have an API key configured and subsequently use that to access restricted endpoints. | 2025-11-19 | 4.3 | CVE-2025-12822 | https://www.wordfence.com/threat-intel/vulnerabilities/id/966523a4-3d4b-444b-b9d0-63c72527a99f?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397900%40login-register-using-jwt&new=3397900%40login-register-using-jwt&sfp_email=&sfph_mail=   |
| D-Link–DWR-M920 | A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | 2025-11-17 | 6.3 | CVE-2025-13306 | VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate) Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate) Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate) https://github.com/LX-LX88/cve/issues/15 https://www.dlink.com/   |
| darto–Islamic Phrases | The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘phrases’ shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11768 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3e9bcc72-e434-4f6f-9e90-eec8cad31035?source=cve https://plugins.trac.wordpress.org/browser/islamic-phrases/tags/2.12.2015/islamic-phrases.php#L89   |
| davidangel–AudioTube | The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘caption’ shortcode attribute of the ‘audiotube’ shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11801 | https://www.wordfence.com/threat-intel/vulnerabilities/id/258a2d5d-a176-4b89-bc4c-089d072982dd?source=cve https://plugins.trac.wordpress.org/browser/audiotube/tags/0.0.3/index.php#L64   |
| denishua–Top Friends | The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the top_friends_options_subpanel() function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-18 | 4.3 | CVE-2025-12827 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8165196d-0117-473f-8ccf-57ffd3e08e16?source=cve https://plugins.trac.wordpress.org/browser/top-friends/tags/0.3/top-friends.php#L155   |
| DependencyTrack–frontend | @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEM_CONFIGURATION permission can configure a “welcome message”, which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not properly sanitize the HTML, allowing arbitrary JavaScript to be executed. Users with the SYSTEM_CONFIGURATION permission (i.e., administrators), can exploit this weakness to execute arbitrary JavaScript for users browsing to the login page. The issue has been fixed in version 4.13.6. | 2025-11-17 | 4.8 | CVE-2025-64758 | https://github.com/DependencyTrack/frontend/security/advisories/GHSA-7xvh-c266-cfr5 https://github.com/DependencyTrack/frontend/pull/1378 https://github.com/DependencyTrack/frontend/pull/986 https://github.com/DependencyTrack/frontend/commit/8fd757be612eaf4f35eadbe4c334204d7bd711be   |
| developdaly–Stock Tools | The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘image_height’ and ‘image_width’ shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11765 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1d852dba-39ea-4cc9-9fcf-7f2ac3e1b5d0?source=cve https://plugins.trac.wordpress.org/browser/stock-tools/tags/1.1/stock-tools.php#L67   |
| devitemsllc–HT Mega Absolute Addons For Elementor | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name whitelist allowing dangerous tags like ‘script’, ‘iframe’, and ‘object’ to be injected even though tag_escape() is used for sanitization. While some blocks use esc_html() for content, this can be bypassed using JavaScript encoding techniques (unquoted strings, backticks, String.fromCharCode()). This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-13141 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf04325-e313-4a68-89a0-b560bdef5a14?source=cve https://plugins.trac.wordpress.org/changeset/3398480/   |
| devsmip–BigBuy Dropshipping Connector for WooCommerce | The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to retrieve the output of phpinfo(). | 2025-11-21 | 5.3 | CVE-2025-12039 | https://www.wordfence.com/threat-intel/vulnerabilities/id/19a3d5a5-4673-41e7-9868-99699852f330?source=cve https://plugins.trac.wordpress.org/browser/bigbuy-wc-dropshipping-connector/tags/2.0.5/src/Controller/ApiController.php#L225 https://plugins.trac.wordpress.org/browser/bigbuy-wc-dropshipping-connector/tags/2.0.5/src/Controller/ApiController.php#L260   |
| dfactory–Responsive Lightbox & Gallery | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the ‘get_image_size_by_url’ function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | 2025-11-19 | 5.4 | CVE-2025-12359 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4c0bd6-f289-4a52-ac11-345076c32d84?source=cve https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-frontend.php#L1531 https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-fast-image.php#L25 https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/functions.php#L108 https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-galleries.php#L3648 https://research.cleantalk.org/cve-2025-12359 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3397940%40responsive-lightbox%2Ftrunk&old=3358021%40responsive-lightbox%2Ftrunk&sfp_email=&sfph_mail=   |
| Digiwin–EasyFlow GP | EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend. | 2025-11-17 | 4.9 | CVE-2025-13163 | https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html   |
| Digiwin–EasyFlow GP | EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend. | 2025-11-17 | 4.9 | CVE-2025-13164 | https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html   |
| Dreampie–Resty | A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-20 | 5.6 | CVE-2025-13435 | VDB-332979 | Dreampie Resty HttpClient HttpClient.java request path traversal VDB-332979 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687603 | Dreampie Resty Framework – HttpClient Module 1.3.1.SNAPSHOT Path Traversal / Directory Traversal (CWE-22) https://github.com/Xzzz111/exps/blob/main/archives/Resty-PathTraversal-01/cve_application.md   |
| Dromara–dataCompare | A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can be launched remotely. The exploit has been published and may be used. | 2025-11-17 | 6.3 | CVE-2025-13268 | VDB-332603 | Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection VDB-332603 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689460 | dromara dataCompare 1.0.1 Improper Input Validation https://github.com/dromara/dataCompare/issues/13   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘eh_crm_remove_agent’ function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the role and capabilities of any user with an Administrator, WSDesk Supervisor, or WSDesk Agents role. | 2025-11-21 | 5.3 | CVE-2025-10054 | https://www.wordfence.com/threat-intel/vulnerabilities/id/07c92f79-94ac-4153-9ab2-9608601508b0?source=cve https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php#L77 https://plugins.trac.wordpress.org/changeset/3399391/   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the ‘eh_crm_ticket_single_view_client’ due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of all support tickets. | 2025-11-21 | 4.3 | CVE-2025-10039 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d9ffc0af-9c3d-4f8e-ae0b-e51c0c67dfe1?source=cve https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions.php#L259 https://plugins.trac.wordpress.org/changeset/3391342/   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘eh_crm_settings_restore_trash’ AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore all deleted tickets. | 2025-11-21 | 4.3 | CVE-2025-12022 | https://www.wordfence.com/threat-intel/vulnerabilities/id/982b23c5-2414-48f7-a2f5-96fef54f8d69?source=cve https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-archive-ajax-functions.php   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets. | 2025-11-21 | 4.3 | CVE-2025-12023 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4599b145-cb89-48d4-8581-e1ee7a7bd323?source=cve https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions.php   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘eh_crm_settings_empty_trash’ function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to empty the ticket trash. | 2025-11-21 | 4.3 | CVE-2025-12085 | https://www.wordfence.com/threat-intel/vulnerabilities/id/89696d1c-8e6e-402a-9d7a-03fe0f364a72?source=cve https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php   |
| elextensions–ELEX WordPress HelpDesk & Customer Ticketing System | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wp_ajax_eh_crm_settings_empty_scheduled_actions’ AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the scheduled triggers option. | 2025-11-21 | 4.3 | CVE-2025-12169 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ae2ac493-e6df-4083-8601-65635ad342b2?source=cve https://plugins.trac.wordpress.org/changeset/3391816   |
| elextensions–WSChat WordPress Live Chat | The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘reset_settings’ AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin’s settings. | 2025-11-19 | 4.3 | CVE-2025-12751 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0be6658d-aec8-404c-a994-bde10a3cdbac?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3395773%40wschat-live-chat&new=3395773%40wschat-live-chat&sfp_email=&sfph_mail=   |
| esm-dev–esm.sh | esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a template literal without proper sanitization. An attacker can inject malicious JavaScript code using ${…} expressions within CSS files, which will execute when the module is imported by victim applications. This enables Cross-Site Scripting (XSS) in browsers and Remote Code Execution (RCE) in Electron applications. This issue has been patched in version 136. | 2025-11-19 | 6.1 | CVE-2025-65026 | https://github.com/esm-dev/esm.sh/security/advisories/GHSA-hcpf-qv9m-vfgp https://github.com/esm-dev/esm.sh/commit/87d2f6497574bf4448641a5527a3ac2beba5fd6c   |
| etruel–WP Delete Post Copies | The WP Delete Post Copies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-11-21 | 4.4 | CVE-2025-12066 | https://www.wordfence.com/threat-intel/vulnerabilities/id/92ab1f56-5ca6-48e8-b380-ac2e302d63d2?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394571%40etruel-del-post-copies&new=3394571%40etruel-del-post-copies&sfp_email=&sfph_mail=   |
| everviz–everviz Charts, Maps and Tables Interactive and responsive | The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz` shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a `<div id=…>` from the `type` and `hash` attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-11868 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f3b265d9-dddd-4cf7-8d1a-980fdd17777d?source=cve https://plugins.trac.wordpress.org/browser/everviz/tags/1.0/highcharts-editor.php#L136   |
| f1logic–WP Twitter Auto Publish | The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-11-18 | 6.1 | CVE-2025-12079 | https://www.wordfence.com/threat-intel/vulnerabilities/id/562456ac-a113-4b3d-bc5d-6dedde635d5e?source=cve https://wordpress.org/plugins/twitter-auto-publish/   |
| Facebook–WhatsApp Business for iOS | Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild. | 2025-11-18 | 5.4 | CVE-2025-55179 | https://www.facebook.com/security/advisories/cve-2025-55179 https://www.whatsapp.com/security/advisories/2025/   |
| farvehandleren–Custom Post Type | The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-21 | 4.3 | CVE-2025-13142 | https://www.wordfence.com/threat-intel/vulnerabilities/id/48fefbd5-d872-4f47-8696-d73fbc9133ed?source=cve https://plugins.trac.wordpress.org/browser/custom-post-type/tags/1.0/cupta-dmin.php#L29   |
| fastmover–Shortcodes Bootstrap | The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in the [notification] shortcode in all versions up to, and including, 1.1. This is due to missing input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11764 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d9363db7-4535-427d-a6ae-2580f215b965?source=cve https://plugins.trac.wordpress.org/browser/shortcodes-bootstrap/trunk/inc/dws_alert.php#L16   |
| Fortinet–FortiADC | An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. | 2025-11-18 | 6.3 | CVE-2025-48839 | https://fortiguard.fortinet.com/psirt/FG-IR-25-225   |
| Fortinet–FortiADC | A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL. | 2025-11-19 | 4.2 | CVE-2025-58412 | https://fortiguard.fortinet.com/psirt/FG-IR-25-736   |
| Fortinet–FortiClientWindows | An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password | 2025-11-18 | 4.9 | CVE-2025-54660 | https://fortiguard.fortinet.com/psirt/FG-IR-25-844   |
| Fortinet–FortiExtender | A buffer copy without checking size of input (‘classic buffer overflow’) in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. | 2025-11-18 | 6.3 | CVE-2025-46776 | https://fortiguard.fortinet.com/psirt/FG-IR-25-251   |
| Fortinet–FortiExtender | A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands. | 2025-11-18 | 5.2 | CVE-2025-46775 | https://fortiguard.fortinet.com/psirt/FG-IR-25-259   |
| Fortinet–FortiOS | A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets | 2025-11-18 | 6.9 | CVE-2025-53843 | https://fortiguard.fortinet.com/psirt/FG-IR-25-358   |
| Fortinet–FortiSandbox | An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file. | 2025-11-18 | 5 | CVE-2025-46215 | https://fortiguard.fortinet.com/psirt/FG-IR-24-501   |
| Fortinet–FortiSASE | A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets | 2025-11-18 | 6.9 | CVE-2025-58413 | https://fortiguard.fortinet.com/psirt/FG-IR-25-632   |
| Fortinet–FortiWeb | An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. | 2025-11-18 | 6.7 | CVE-2025-58034 | https://fortiguard.fortinet.com/psirt/FG-IR-25-513   |
| Fortinet–FortiWeb | A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data | 2025-11-18 | 4.8 | CVE-2025-59669 | https://fortiguard.fortinet.com/psirt/FG-IR-25-843   |
| fpcorso–Tips Shortcode | The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tip’ shortcode in all versions up to, and including, 0.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11767 | https://www.wordfence.com/threat-intel/vulnerabilities/id/34c13495-23c3-4b07-9bfb-678723daa43f?source=cve https://plugins.trac.wordpress.org/browser/tips-shortcode/tags/0.2.1/tips_shortcode.php#L33   |
| Gallagher–HBUS Devices | Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior. | 2025-11-18 | 5.7 | CVE-2025-52457 | https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52457   |
| Gallagher–High Sec End of Line Module | Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior. | 2025-11-18 | 5.7 | CVE-2025-52578 | https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52578   |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API. | 2025-11-21 | 5 | CVE-2025-9825 | https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ GitLab Issue #567301 HackerOne Bug Bounty Report #3319800   |
| gn_themes–WP Shortcodes Plugin Shortcodes Ultimate | The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. If the ‘Unsafe features’ option is explicitly enabled by an administrator, this issue becomes exploitable by Contributor+ attackers | 2025-11-23 | 6.4 | CVE-2025-12800 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbb7db4-bef7-4799-9b65-ebe77976e21c?source=cve https://plugins.trac.wordpress.org/changeset/3397946/   |
| goauthentik–authentik | authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes. However, with a large amount of tasks in the backlog, this might take longer. authentik versions 2025.8.5 and 2025.10.2 fix this issue. A workaround involves creating a policy that explicitly checks whether the invitation is still valid, and then bind it to the invitation stage on the invitation flow, and denying access if the invitation is not valid. | 2025-11-19 | 5.8 | CVE-2025-64708 | https://github.com/goauthentik/authentik/security/advisories/GHSA-ch7q-53v8-73pc https://github.com/goauthentik/authentik/commit/6672e6aaa41e0f2c9bfb1e4d8b51cf114969e830   |
| goauthentik–authentik | authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and client_secret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even when the account was deactivated. Other permissions are correctly applied and federation with other providers still take assigned policies correctly into account. authentik versions 2025.8.5 and 2025.10.2 fix this issue. A workaround involves adding a policy to the application that explicitly checks if the service account is still valid, and deny access if not. | 2025-11-19 | 4.8 | CVE-2025-64521 | https://github.com/goauthentik/authentik/security/advisories/GHSA-xr73-jq5p-ch8r https://github.com/goauthentik/authentik/commit/9dbdfc3f1be0f1be36f8efce2442897b2a54a71c   |
| HashiCorp–Terraform Enterprise | Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3. | 2025-11-21 | 4.3 | CVE-2025-13432 | https://discuss.hashicorp.com/t/hcsec-2025-34-terraform-enterprise-state-versions-can-be-created-by-users-without-sufficient-write-access/76821   |
| HCL Software–Glovius Cloud | A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user’s web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint. | 2025-11-20 | 6.8 | CVE-2025-62346 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0126459   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networkign AOS-CX | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | 2025-11-18 | 6.7 | CVE-2025-37157 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking 100 Series Cellular Bridge | A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | 2025-11-18 | 6.5 | CVE-2025-37162 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS-CX | A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional. | 2025-11-18 | 6.8 | CVE-2025-37156 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS-CX | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | 2025-11-18 | 6.7 | CVE-2025-37158 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS-CX | A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data. | 2025-11-18 | 5.8 | CVE-2025-37159 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS-CX | A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data. | 2025-11-18 | 5.3 | CVE-2025-37160 | https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US   |
| humanityco–Cookie Notice & Compliance for GDPR / CCPA | The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cookies_accepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-22 | 6.4 | CVE-2025-11186 | https://www.wordfence.com/threat-intel/vulnerabilities/id/19700658-1bef-4e85-a995-d86fff508cdf?source=cve https://plugins.trac.wordpress.org/browser/cookie-notice/tags/2.5.7/cookie-notice.php#L1060 https://plugins.trac.wordpress.org/browser/cookie-notice/tags/2.5.7/cookie-notice.php#L1181   |
| IBM–Concert | IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-11-20 | 6.1 | CVE-2025-36153 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–Concert | IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. | 2025-11-20 | 6.2 | CVE-2025-36159 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–Concert | IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. | 2025-11-20 | 5.1 | CVE-2025-36158 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–Concert | IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. | 2025-11-20 | 5.3 | CVE-2025-36160 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–Concert | IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2025-11-20 | 5.9 | CVE-2025-36161 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–i | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view. | 2025-11-19 | 6.5 | CVE-2025-36371 | https://www.ibm.com/support/pages/node/7251699   |
| IBM–IBM Concert Software | IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. | 2025-11-21 | 6.3 | CVE-2025-36149 | https://www.ibm.com/support/pages/node/7252019   |
| IBM–IBM Planning Analytics Local | IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. | 2025-11-17 | 4.3 | CVE-2025-36299 | https://www.ibm.com/support/pages/node/7251265   |
| iCam365–P201 | The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information. | 2025-11-20 | 6.8 | CVE-2025-62674 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json https://icam365.net/en/aboutUs/   |
| iCam365–P201 | The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. | 2025-11-20 | 6.8 | CVE-2025-64770 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02 https://icam365.net/en/aboutUs/ https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json   |
| icegram–Email Subscribers & Newsletters Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce | The Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `trigger_mailing_queue_sending` function. This makes it possible for unauthenticated attackers to force immediate email sending, bypass the schedule, increase server load, and change plugin state (e.g., last-cron-hit), enabling abuse or DoS-like effects. | 2025-11-19 | 5.3 | CVE-2025-12349 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4cbe21-9f1b-425b-8141-ae075baaf717?source=cve https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.4/lite/includes/classes/class-es-queue.php#L54 https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.4/lite/includes/classes/class-es-queue.php#L1132 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394838%40email-subscribers%2Ftrunk&old=3393565%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=   |
| ideastocode–Enable SVG, WebP, and ICO Upload | The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-11-18 | 6.4 | CVE-2025-12457 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f267a5-012d-4b9a-a59d-9eccb04c557a?source=cve https://plugins.trac.wordpress.org/browser/enable-svg-webp-ico-upload/tags/1.1.2/includes/class-svg.php#L21   |
| integrationshotelrunner–HotelRunner Booking Widget | The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘hotelrunner’ shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-13135 | https://www.wordfence.com/threat-intel/vulnerabilities/id/df2854c4-5d57-4c39-a28f-41dab36a086e?source=cve https://wordpress.org/plugins/hotelrunner/#developers   |
| interledger–Coil Web Monetization | The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-18 | 4.3 | CVE-2025-9625 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa4cb93-7af3-4427-a17f-160b27fcebb8?source=cve https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/functions.php#L48 https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L202 https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L195   |
| Iqbolshoh–php-business-website | A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-11-17 | 4.7 | CVE-2025-13275 | VDB-332610 | Iqbolshoh php-business-website about.php unrestricted upload VDB-332610 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690049 | php-business-website web 1 Unrestricted Upload https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx   |
| itsourcecode–COVID Tracking System | A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | 2025-11-23 | 6.3 | CVE-2025-13567 | VDB-333331 | itsourcecode COVID Tracking System page sql injection VDB-333331 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698116 | itsourcecode COVID Tracking System V1.0 SQL Injection https://github.com/Abxery/cveee/issues/9 https://itsourcecode.com/   |
| itsourcecode–COVID Tracking System | A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | 2025-11-23 | 6.3 | CVE-2025-13568 | VDB-333332 | itsourcecode COVID Tracking System page sql injection VDB-333332 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698117 | itsourcecode COVID Tracking System V1.0 SQL Injection https://github.com/Abxery/cveee/issues/10 https://itsourcecode.com/   |
| itsourcecode–COVID Tracking System | A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-11-23 | 6.3 | CVE-2025-13569 | VDB-333333 | itsourcecode COVID Tracking System page sql injection VDB-333333 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698655 | itsourcecode COVID Tracking System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/58 https://itsourcecode.com/   |
| itsourcecode–COVID Tracking System | A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | 2025-11-23 | 6.3 | CVE-2025-13570 | VDB-333334 | itsourcecode COVID Tracking System page sql injection VDB-333334 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698656 | itsourcecode COVID Tracking System V1.0 SQL Injection https://github.com/yihaofuweng/cve/issues/59 https://itsourcecode.com/   |
| itsourcecode–Online Voting System | A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | 2025-11-17 | 6.3 | CVE-2025-13286 | VDB-332626 | itsourcecode Online Voting System ajax.php sql injection VDB-332626 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690888 | itsourcecode Online Voting System V1.0 SQL Injection https://github.com/WANGshuyan2025/cve/issues/8 https://itsourcecode.com/   |
| itsourcecode–Online Voting System | A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | 2025-11-17 | 6.3 | CVE-2025-13287 | VDB-332627 | itsourcecode Online Voting System index.php sql injection VDB-332627 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690889 | itsourcecode Online Voting System V1.0 SQL Injection Submit #690891 | itsourcecode Online Voting System V1.0 SQL Injection (Duplicate) https://github.com/WANGshuyan2025/cve/issues/9 https://itsourcecode.com/   |
| itsourcecode–Student Information System | A vulnerability was determined in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /enrollment_edit1.php. Executing manipulation of the argument en_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | 2025-11-18 | 6.3 | CVE-2025-13325 | VDB-332669 | itsourcecode Student Information System enrollment_edit1.php sql injection VDB-332669 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691929 | itsourcecode Student Information System V1.0 SQL Injection https://github.com/chenxiyue-2006/CVE/issues/1 https://itsourcecode.com/   |
| itvn9online–EchBay Admin Security | The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_ebnonce’ parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-11-21 | 6.1 | CVE-2025-11885 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7bd966-9a98-4192-83d9-e1682ec00a02?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398386%40echbay-admin-security&new=3398386%40echbay-admin-security&sfp_email=&sfph_mail=   |
| jameschz–Hush Framework | A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hushhush-libhushUtil.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER[‘HOST’] causes improper neutralization of http headers for scripting syntax. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-11-20 | 5.3 | CVE-2025-13434 | VDB-332978 | jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax VDB-332978 | CTI Indicators (IOB, IOC, IOA) Submit #687568 | jameschz Hush 2.0 Improper Neutralization of HTTP Headers for Scripting Syntax https://github.com/lakshayyverma/CVE-Discovery/blob/main/hush.md   |
| jcollings–Import WP Export and Import CSV and XML files to WordPress | The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp. | 2025-11-21 | 5.3 | CVE-2025-12894 | https://www.wordfence.com/threat-intel/vulnerabilities/id/28ca9590-dc0b-40c9-9de6-1480094ea8be?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394624%40jc-importer&new=3394624%40jc-importer&sfp_email=&sfph_mail=   |
| johnjamesjacoby–Post Type Switcher | The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type of arbitrary posts and pages they do not own, including those created by administrators, which can lead to site disruption, broken navigation, and SEO impact. | 2025-11-18 | 5.4 | CVE-2025-12524 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d875514c-c7d3-4236-842b-6e772048448d?source=cve https://plugins.trac.wordpress.org/browser/post-type-switcher/tags/4.0.0/post-type-switcher.php#L469 https://plugins.trac.wordpress.org/browser/post-type-switcher/tags/4.0.0/post-type-switcher.php#L486 https://cwe.mitre.org/data/definitions/639.html https://owasp.org/API-Security/editions/2023/en/0xa1-broken-object-level-authorization/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3391983%40post-type-switcher%2Ftrunk&old=3331072%40post-type-switcher%2Ftrunk&sfp_email=&sfph_mail=   |
| Kaspersky–Kaspersky Endpoint Security | Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques. | 2025-11-20 | 6.1 | CVE-2025-64984 | Advisory issued on November 18, 2025   |
| kurudrive–VK All in One Expansion Unit | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vkExUnit_cta_url’ and ‘vkExUnit_cta_button_text’ parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks from the wrong variable ($custom_field_name instead of $custom_field_options), causing the sanitization to never be applied. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that execute when a user accesses an injected page.”, | 2025-11-18 | 6.4 | CVE-2025-11265 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9e5a6158-03d4-4ac7-8a4b-666cedabb433?source=cve https://plugins.trac.wordpress.org/browser/vk-all-in-one-expansion-unit/tags/9.112.0.1/inc/call-to-action/package/class-vk-call-to-action.php#L198 https://plugins.trac.wordpress.org/browser/vk-all-in-one-expansion-unit/tags/9.112.0.1/inc/call-to-action/package/block/index.php#L259 https://plugins.trac.wordpress.org/browser/vk-all-in-one-expansion-unit/tags/9.112.0.1/inc/call-to-action/package/block/index.php#L271 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394731%40vk-all-in-one-expansion-unit%2Ftrunk&old=3385606%40vk-all-in-one-expansion-unit%2Ftrunk&sfp_email=&sfph_mail=#file2   |
| kurudrive–VK All in One Expansion Unit | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_veu_custom_css’ parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-11267 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8996a0f0-8a49-4310-917b-62172c12afdb?source=cve https://plugins.trac.wordpress.org/browser/vk-all-in-one-expansion-unit/tags/9.112.0.1/admin/class-veu-metabox.php#L178 https://plugins.trac.wordpress.org/browser/vk-all-in-one-expansion-unit/tags/9.112.0.1/inc/css-customize/css-customize-single.php#L32 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3393317%40vk-all-in-one-expansion-unit%2Ftrunk&old=3385606%40vk-all-in-one-expansion-unit%2Ftrunk&sfp_email=&sfph_mail=   |
| kwmanagement–Pet-Manager Petfinder | The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-19 | 6.4 | CVE-2025-12710 | https://www.wordfence.com/threat-intel/vulnerabilities/id/35b0d959-2adb-4de4-b51b-1bfead49bc7d?source=cve https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L133 https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L163 https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L164 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3396792%40tier-management-petfinder&new=3396792%40tier-management-petfinder&sfp_email=&sfph_mail=   |
| langfuse–langfuse | Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTH_<PROVIDER>_CHECK setting, a potential account takeover may happen if an authenticated user is made to call a specifically crafted URL via a CSRF or phishing attack. This issue has been patched in versions 2.95.12 and 3.131.0. A workaround for this issue involves setting AUTH_<PROVIDER>_CHECK. | 2025-11-21 | 6.5 | CVE-2025-65107 | https://github.com/langfuse/langfuse/security/advisories/GHSA-w9pw-c549-5m6w   |
| librenms–librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0. | 2025-11-18 | 6.2 | CVE-2025-65013 | https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x   |
| librenms–librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0. | 2025-11-18 | 5.5 | CVE-2025-65093 | https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9   |
| lightgalleryteam–LightGallery WP | Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-20 | 6.4 | CVE-2025-5092 | https://www.wordfence.com/threat-intel/vulnerabilities/id/acaa3142-2bbc-43d3-8ecc-05e8edb931ec?source=cve https://github.com/sachinchoolur/lightGallery https://plugins.trac.wordpress.org/changeset/3311382/ https://plugins.trac.wordpress.org/changeset/3356089/ https://plugins.trac.wordpress.org/changeset/3372141/ https://plugins.trac.wordpress.org/changeset/3343557/   |
| lsfusion–platform | A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely. | 2025-11-17 | 6.3 | CVE-2025-13265 | VDB-332600 | lsfusion platform ZipUtils.java unpackFile path traversal VDB-332600 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689427 | lsFusion 6.1 Arbitrary File Overwrite and Deletion https://github.com/lsfusion/platform/issues/1545   |
| lsfusion–platform | A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | 2025-11-17 | 5.3 | CVE-2025-13261 | VDB-332596 | lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal VDB-332596 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689412 | lsFusion 6.1 Unauthorized Arbitrary File Read https://github.com/lsfusion/platform/issues/1543 https://github.com/lsfusion/platform/issues/1543#issue-3576922131   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability in the poll duplication endpoint (/api/trpc/polls.duplicate) allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter. This effectively bypasses access control and lets unauthorized users clone private or administrative polls. This issue has been patched in version 4.5.4. | 2025-11-19 | 6.5 | CVE-2025-65020 | https://github.com/lukevella/rallly/security/advisories/GHSA-44w7-pf32-gv5m https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to identify which votes to update, without verifying ownership or poll permissions. This allows an attacker to alter poll results in their favor, directly compromising data integrity. This issue has been patched in version 4.5.4. | 2025-11-19 | 6.5 | CVE-2025-65028 | https://github.com/lukevella/rallly/security/advisories/GHSA-pchc-v5hg-f5gp https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments under arbitrary usernames, including privileged ones such as administrators, potentially misleading other users and enabling phishing or social engineering attacks. This issue has been patched in version 4.5.4. | 2025-11-19 | 6.5 | CVE-2025-65031 | https://github.com/lukevella/rallly/security/advisories/GHSA-hhfc-6gq7-rrpm https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the participantId parameter in a rename request, an attacker can modify another user’s name, violating data integrity and potentially causing confusion or impersonation attacks. This issue has been patched in version 4.5.4. | 2025-11-19 | 6.5 | CVE-2025-65032 | https://github.com/lukevella/rallly/security/advisories/GHSA-q9m7-chfx-43xw https://github.com/lukevella/rallly/releases/tag/v4.5.4   |
| macrozheng–mall | A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-11-20 | 5.4 | CVE-2025-13443 | VDB-333016 | macrozheng mall delete access control VDB-333016 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690892 | mall <=1.0.3 Improper Control of Resource Identifiers https://github.com/Hwwg/cve/issues/15   |
| MacWarrior–clipbucket-v5 | ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not set. Because Host is a client-controlled header, an attacker can supply an arbitrary Host value. This allows an attacker to cause password-reset links (sent by forget.php) to be generated with the attacker’s domain. If a victim follows that link and enters their activation code on the attacker-controlled domain, the attacker can capture the code and use it to reset the victim’s password and take over the account. This issue has been patched in version 5.5.2#162. | 2025-11-20 | 6.8 | CVE-2025-62709 | https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-xhhf-mpqr-2cq5 https://github.com/MacWarrior/clipbucket-v5/commit/1a93532e665217b5d329808ca78e37e59e9f8a9d   |
| Microsoft–Visual Studio Code | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network. | 2025-11-20 | 5.7 | CVE-2025-64660 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability   |
| MongoDB–C Driver | A mongoc_bulk_operation_t may read invalid memory if large options are passed. | 2025-11-18 | 6.8 | CVE-2025-12119 | https://github.com/mongodb/mongo-php-driver/releases/tag/1.21.2 https://github.com/mongodb/mongo-c-driver/releases/tag/1.30.6 https://github.com/mongodb/mongo-c-driver/releases/tag/2.1.2   |
| n/a–libvirt | A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability. | 2025-11-17 | 5.5 | CVE-2025-13193 |
https://access.redhat.com/security/cve/CVE-2025-13193 |
| nalam-1–Magical Products Display Elementor WooCommerce Widgets | Product Sliders, Grids & AJAX Search | The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mpdpr_title_tag’ and ‘mpdpr_subtitle_tag’ parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user-supplied HTML tag names. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-12964 | https://www.wordfence.com/threat-intel/vulnerabilities/id/758e23b9-c3d5-4f1c-9659-66483d6f0578?source=cve https://plugins.trac.wordpress.org/browser/magical-products-display/tags/1.1.29/includes/widgets/pricing-table.php#L2149 https://plugins.trac.wordpress.org/browser/magical-products-display/tags/1.1.29/includes/widgets/pricing-table.php#L2167 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394768%40magical-products-display&new=3394768%40magical-products-display&sfp_email=&sfph_mail=   |
| nikolayyordanov–Like-it | The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeit_conf() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-18 | 6.1 | CVE-2025-12404 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6ad1d9f5-c224-4d28-8d73-439b3c5ca24f?source=cve https://plugins.trac.wordpress.org/browser/like-it/tags/2.2/like-it.php#L130 https://plugins.trac.wordpress.org/browser/like-it/tags/2.2/like-it.php#L131 https://plugins.trac.wordpress.org/browser/like-it/tags/2.2/tpl/config.php#L37   |
| ninjateam–WP Duplicate Page | The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the ‘saveSettings’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings that control role capabilities, and subsequently exploit the misconfigured capabilities to duplicate and view password-protected posts containing sensitive information. | 2025-11-18 | 4.3 | CVE-2025-12481 | https://www.wordfence.com/threat-intel/vulnerabilities/id/61105f6a-1bd7-415d-9481-a1c2c310f778?source=cve https://plugins.trac.wordpress.org/browser/wp-duplicate-page/tags/1.6/includes/Page/Settings.php#L92 https://plugins.trac.wordpress.org/browser/wp-duplicate-page/tags/1.6/includes/Classes/ButtonDuplicate.php#L137 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394773%40wp-duplicate-page%2Ftrunk&old=3386144%40wp-duplicate-page%2Ftrunk&sfp_email=&sfph_mail=   |
| NixOS–nixpkgs | NixOS’s Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05. | 2025-11-17 | 5.3 | CVE-2025-64766 | https://github.com/NixOS/nixpkgs/security/advisories/GHSA-58m4-5wg3-5g5v https://github.com/NixOS/nixpkgs/pull/462100 https://github.com/NixOS/nixpkgs/pull/462204 https://github.com/NixOS/nixpkgs/commit/8e74d05e3de4ee5ad320cd585a7e0f12a4730869 https://github.com/NixOS/nixpkgs/commit/cec38dec00df26a901eb8b424d53bbb3bcc72eec   |
| open-formulieren–open-forms | Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they’re not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3. | 2025-11-18 | 4.3 | CVE-2025-64515 | https://github.com/open-formulieren/open-forms/security/advisories/GHSA-cp63-63mq-5wvf https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#327-2025-11-18 https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#333-2025-11-18   |
| Opto22–GRV-EPIC-PR1 | A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root. | 2025-11-20 | 6.2 | CVE-2025-13087 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-03 https://www.opto22.com/support/resources-tools/knowledgebase/kb91326 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.json   |
| OSC–ondemand | Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a “Time of Check to Time of Use” (TOCTOU) attack when downloading zip files to access files outside of the OOD_ALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all current versions of OOD. However, files accessed are still protected by the UNIX permissions. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability. | 2025-11-20 | 4.3 | CVE-2025-62724 | https://github.com/OSC/ondemand/security/advisories/GHSA-vjpg-34px-gjrw   |
| pluginsGLPI–databaseinventory | pluginsGLPI’s Database Inventory Plugin “manages” the Teclib’ inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3. | 2025-11-18 | 4.3 | CVE-2025-53360 | https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58 https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87 https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269   |
| powerblogservice–AuthorSure | The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ‘authorsure’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-21 | 6.1 | CVE-2025-13134 | https://www.wordfence.com/threat-intel/vulnerabilities/id/81070529-b269-44b0-8f21-b08add63a099?source=cve https://drive.google.com/file/d/1ZVmQSyjgRxNVGef7Zkzdws8kLraxOt59/view?pli=1   |
| Progress–MOVEit Transfer | Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4. | 2025-11-19 | 5.3 | CVE-2025-13147 | https://docs.progress.com/bundle/moveit-transfer-release-notes-2024/page/Fixed-Issues-in-2024.1.8.html https://docs.progress.com/bundle/moveit-transfer-release-notes-2025/page/Fixed-Issues-in-2025.0.4.html https://docs.progress.com/bundle/moveit-transfer-release-notes-2025_1/page/Fixed-Issues-in-2025.1.html   |
| projectworlds–Advanced Library Management System | A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | 2025-11-17 | 6.3 | CVE-2025-13254 | VDB-332589 | projectworlds Advanced Library Management System add_member.php sql injection VDB-332589 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687854 | projectworlds Advanced Library Management System 1.0 SQL Injection https://github.com/Wyg2002yx/cve/blob/main/002/report.md   |
| projectworlds–Advanced Library Management System | A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing manipulation of the argument book_pub/book_title results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | 2025-11-17 | 6.3 | CVE-2025-13255 | VDB-332590 | projectworlds Advanced Library Management System book_search.php sql injection VDB-332590 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687855 | projectworlds Advanced Library Management System 1.0 SQL Injection Submit #687857 | projectworlds Advanced Library Management System 1.0 SQL Injection (Duplicate) https://github.com/Wyg2002yx/cve/blob/main/003/report.md https://github.com/Wyg2002yx/cve/blob/main/004/report.md   |
| projectworlds–Advanced Library Management System | A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing manipulation of the argument roll_number can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-11-17 | 6.3 | CVE-2025-13256 | VDB-332591 | projectworlds Advanced Library Management System borrow.php sql injection VDB-332591 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #687856 | projectworlds Advanced Library Management System 1.0 SQL Injection https://github.com/Wyg2002yx/cve/blob/main/005/report.md   |
| projectworlds–Advanced Library Management System | A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13278 | VDB-332613 | projectworlds Advanced Library Management System borrowed_book_search.php sql injection VDB-332613 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #690797 | projectworlds Advanced Library Management System 1.0 SQL Injection https://github.com/CH0ico/CVE_choco_1/blob/master/report.md   |
| projectworlds–can pass malicious payloads | A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | 2025-11-23 | 6.3 | CVE-2025-13573 | VDB-333337 | projectworlds can pass malicious payloads add_book.php unrestricted upload VDB-333337 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #698646 | projectworlds Advanced Library Management System V1.0 Unrestricted Upload https://github.com/GYSakura/tmp75/blob/main/report.md   |
| publishpress–Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the “saveFutureActionData” function in all versions up to, and including, 4.9.1. This makes it possible for authenticated attackers, with author level access and above, to change the status of arbitrary posts and pages via the REST API endpoint. | 2025-11-21 | 4.3 | CVE-2025-13149 | https://www.wordfence.com/threat-intel/vulnerabilities/id/82ea0ebc-08aa-4ef5-b6b1-c7c13715ef6d?source=cve https://github.com/publishpress/publishpress-future/commit/0cbefc1632c6f1fffc5fa0ca85e6b8a641d41c7f   |
| qzzr–Pollcaster Shortcode Plugin | The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in the ‘pollcaster’ shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-12661 | https://www.wordfence.com/threat-intel/vulnerabilities/id/120ba9e5-9594-4a4f-b475-ef3fcf5f4565?source=cve https://wordpress.org/plugins/pollcaster-shortcode/ https://plugins.trac.wordpress.org/browser/pollcaster-shortcode/tags/1.0/pollcaster.php#L33   |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability has been identified in the GRUB2 bootloader’s network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability | 2025-11-18 | 4.9 | CVE-2025-54770 | https://access.redhat.com/security/cve/CVE-2025-54770 RHBZ#2413813   |
| Red Hat–Red Hat Enterprise Linux 10 | A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | 2025-11-18 | 4.9 | CVE-2025-54771 | https://access.redhat.com/security/cve/CVE-2025-54771 RHBZ#2413823   |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited. | 2025-11-18 | 4.8 | CVE-2025-61661 | https://access.redhat.com/security/cve/CVE-2025-61661 RHBZ#2413827   |
| Red Hat–Red Hat Enterprise Linux 10 | A Use-After-Free vulnerability has been discovered in GRUB’s gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | 2025-11-18 | 4.9 | CVE-2025-61662 | https://access.redhat.com/security/cve/CVE-2025-61662 RHBZ#2414683   |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability has been identified in the GRUB2 bootloader’s normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded. | 2025-11-18 | 4.9 | CVE-2025-61663 | https://access.redhat.com/security/cve/CVE-2025-61663 RHBZ#2414684   |
| Red Hat–Red Hat Enterprise Linux 10 | A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. | 2025-11-18 | 4.9 | CVE-2025-61664 | https://access.redhat.com/security/cve/CVE-2025-61664 RHBZ#2414685   |
| rometheme–RTMKit | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Accordion Block’s attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-8609 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a4601d9e-02bb-4b27-b16e-7cfc0fc19919?source=cve https://plugins.trac.wordpress.org/browser/rometheme-for-elementor/trunk/widgets/rkit_widgets/rkit_image_accordion.php#L1032 https://plugins.trac.wordpress.org/changeset/3369481/rometheme-for-elementor/trunk/widgets/rkit_widgets/rkit_image_accordion.php   |
| rsync–rsync | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | 2025-11-18 | 4.3 | CVE-2025-10158 | https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1   |
| Rumpus–FTP Server | CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | 2025-11-17 | 6.8 | CVE-2025-55055 | https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0   |
| Rumpus–FTP Server | Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) | 2025-11-17 | 4.8 | CVE-2025-55056 | https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0   |
| Rumpus–FTP Server | Multiple CWE-352 Cross-Site Request Forgery (CSRF) | 2025-11-17 | 4.5 | CVE-2025-55057 | https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0   |
| Rumpus–FTP Server | CWE-20 Improper Input Validation | 2025-11-17 | 4.5 | CVE-2025-55058 | https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0   |
| Rumpus–FTP Server | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) | 2025-11-17 | 4.8 | CVE-2025-55059 | https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0   |
| rustaurius–Affiliate AI Lite | The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘asin’ shortcode attribute in the affiai_img shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11799 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b05f4ef4-aa64-4cf4-a278-604df8407d12?source=cve https://plugins.trac.wordpress.org/browser/affiliate-ai-lite/tags/1.0.1/includes/afx-img.php#L53 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399153%40affiliate-ai-lite&new=3399153%40affiliate-ai-lite   |
| rustybadrobot–Display Pages Shortcode | The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column_count’ parameter in the [display-pages] shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11763 | https://www.wordfence.com/threat-intel/vulnerabilities/id/df4ada5f-6008-40b9-ad83-c6af82e64e9f?source=cve https://plugins.trac.wordpress.org/browser/display-pages-shortcode/trunk/display-pages-shortcode.php#L513 https://plugins.trac.wordpress.org/browser/display-pages-shortcode/trunk/display-pages-shortcode.php#L517   |
| saadiqbal–New User Approve | The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to “0” on sites where the Zapier API key has not been configured. | 2025-11-19 | 5.3 | CVE-2025-12770 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3f1cf77a-64b4-405b-adcb-ef16d9e82ab2?source=cve https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.0.9/includes/zapier/includes/rest-api.php#L104 https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.0.9/includes/zapier/includes/rest-api.php#L40 https://plugins.trac.wordpress.org/browser/new-user-approve/trunk/includes/zapier/includes/rest-api.php#L104   |
| sayontan–Photonic Gallery & Lightbox for Flickr, SmugMug & Others | The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page. | 2025-11-18 | 6.4 | CVE-2025-12691 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9f21f4a4-4b50-4396-8d94-26d68c0eb3a3?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3392284%40photonic&old=3336902%40photonic&sfp_email=&sfph_mail=   |
| Saysis Computer Systems Trade Ltd. Co.–StarCities | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS.This issue affects StarCities: before 1.1.61. | 2025-11-19 | 5.4 | CVE-2025-11963 | https://www.usom.gov.tr/bildirim/tr-25-0403   |
| scottpaterson–Subscriptions & Memberships for PayPal | The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create fake payment entries that have not actually occurred. | 2025-11-22 | 5.3 | CVE-2025-12752 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8f706b78-2d67-442c-b7a0-7d7a0fd24b2d?source=cve https://plugins.trac.wordpress.org/browser/subscriptions-memberships-for-paypal/trunk/includes/public_ipn.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397608%40subscriptions-memberships-for-paypal&new=3397608%40subscriptions-memberships-for-paypal&sfp_email=&sfph_mail=   |
| seventhqueen–Restrictions for BuddyPress | The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracking. | 2025-11-18 | 5.3 | CVE-2025-12391 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe5ed7-17e2-4098-a51b-3b780721bf2e?source=cve https://wordpress.org/plugins/bp-restrict/   |
| Shopside Software Technologies Inc.–Shopside | Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025. | 2025-11-19 | 4.7 | CVE-2025-0421 | https://www.usom.gov.tr/bildirim/tr-25-0402   |
| Siemens–Mendix RichText | A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks. | 2025-11-17 | 5.7 | CVE-2025-40834 | https://cert-portal.siemens.com/productcert/html/ssa-190588.html   |
| SMCI–MBD-X13SEDW-F | Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system | 2025-11-18 | 5.4 | CVE-2025-7623 | https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025   |
| SMCI–MBD-X13SEDW-F | Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system. | 2025-11-18 | 5.5 | CVE-2025-8404 | https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025   |
| softaculous–SiteSEO SEO Simplified | The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted access to at least on SiteSEO setting capability, to reset the plugin’s settings. | 2025-11-19 | 5.3 | CVE-2025-12814 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a376cafb-656c-4fe1-b5c1-c7e38dc5040e?source=cve https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.2/main/ajax.php#L90 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397272%40siteseo&new=3397272%40siteseo&sfp_email=&sfph_mail=   |
| softaculous–SiteSEO SEO Simplified | The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolve_variables() AJAX handler. This makes it possible for authenticated attackers with the siteseo_manage capability (e.g., Author-level users who have been granted SiteSEO access by an administrator) to read arbitrary post metadata from any post, page, attachment, or WooCommerce order they cannot edit, via the custom field variable resolution feature granted they have been given access to SiteSEO by an administrator and legacy storage is enabled. In affected WooCommerce installations, this exposes sensitive customer billing information including names, email addresses, phone numbers, physical addresses, and payment methods. | 2025-11-19 | 4.3 | CVE-2025-13085 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4d740ba8-4877-4b27-a1cb-26095f851ea6?source=cve https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/ajax.php#L542 https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/titlesmetas.php#L494 https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/admin.php#L106 https://plugins.trac.wordpress.org/changeset/3397272/siteseo/trunk?contextall=1&old=3387094&old_path=%2Fsiteseo%2Ftrunk   |
| SolarWinds–SolarWinds Observability Self-Hosted | SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | 2025-11-18 | 5.4 | CVE-2025-26391 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26391 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm   |
| SolarWinds–SolarWinds Observability Self-Hosted | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | 2025-11-18 | 4.8 | CVE-2025-40545 | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40545 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm   |
| SourceCodester–Alumni Management System | A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the argument ID can lead to missing authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-11-20 | 5.4 | CVE-2025-13468 | VDB-333041 | SourceCodester Alumni Management System Delete admin_class.php delete_event authorization VDB-333041 | CTI Indicators (IOB, IOC, IOA) Submit #694826 | SourceCodester Alumni Management System 1.0 Missing Authorization https://hackmd.io/@mlgzackfly/SourceCodester https://www.sourcecodester.com/   |
| SourceCodester–Dental Clinic Appointment Reservation System | A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. | 2025-11-17 | 6.3 | CVE-2025-13267 | VDB-332602 | SourceCodester Dental Clinic Appointment Reservation System success.php sql injection VDB-332602 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689450 | Dental Clinic Appointment Reservation System 1.0 SQL Injection https://github.com/0xffaaa/cve/blob/main/Dental_Clinic_Appointment_Reservation_System_Time-Based_SQL_Injection2.md https://www.sourcecodester.com/   |
| SourceCodester–Inventory Management System | A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | 2025-11-23 | 5.3 | CVE-2025-13565 | VDB-333329 | SourceCodester Inventory Management System resetPassword.php password recovery VDB-333329 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #697984 | SourceCodester Inventory Management System 1.0 Business Logic Errors https://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link https://www.sourcecodester.com/   |
| SourceCodester–Online Magazine Management System | A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | 2025-11-17 | 6.3 | CVE-2025-13263 | VDB-332598 | SourceCodester Online Magazine Management System categories.php sql injection VDB-332598 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689416 | Online Magazine Management System 1.0 SQL Injection https://github.com/0xffaaa/cve/blob/main/Online%20Magazine%20Management%20System%20SQL%20blind%20injection(SQLI).md https://www.sourcecodester.com/   |
| SourceCodester–Online Magazine Management System | A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | 2025-11-17 | 6.3 | CVE-2025-13264 | VDB-332599 | SourceCodester Online Magazine Management System view_magazine.php sql injection VDB-332599 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689424 | Online Magazine Management System 1.0 SQL Injection https://github.com/0xffaaa/cve/blob/main/Online%20Magazine%20Management%20System%20SQL%20blind%20injection2(SQLI)%20.md https://www.sourcecodester.com/   |
| SourceCodester–Pre-School Management System | A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-11-23 | 5.4 | CVE-2025-13564 | VDB-333328 | SourceCodester Pre-School Management System FilehelperController.php removefile denial of service VDB-333328 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #697083 | Pre-School Management System 1.0 delete file https://github.com/0xffaaa/cve/blob/main/Pre_School_Management_System_Arbitrary_File_Deletion_Vulnerabilit.md https://www.sourcecodester.com/   |
| SourceCodester–Train Station Ticketing System | A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-11-18 | 6.3 | CVE-2025-13345 | VDB-332763 | SourceCodester Train Station Ticketing System ajax.php sql injection VDB-332763 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691943 | SonarSource Train Station Ticketing System V1.0 SQL Injection https://github.com/puppytgyh/-CVE/issues/15 https://www.sourcecodester.com/   |
| SourceCodester–Train Station Ticketing System | A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/station results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-11-18 | 6.3 | CVE-2025-13346 | VDB-332764 | SourceCodester Train Station Ticketing System ajax.php sql injection VDB-332764 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691944 | SourceCodester Train Station Ticketing System V1.0 SQL Injection https://github.com/puppytgyh/-CVE/issues/16 https://www.sourcecodester.com/   |
| SourceCodester–Train Station Ticketing System | A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-11-18 | 6.3 | CVE-2025-13347 | VDB-332765 | SourceCodester Train Station Ticketing System ajax.php sql injection VDB-332765 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691945 | SourceCodester Train Station Ticketing System V1.0 SQL Injection https://github.com/puppytgyh/-CVE/issues/17 https://www.sourcecodester.com/   |
| sscovil–CSV to SortTable | The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘csv’ shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-18 | 6.4 | CVE-2025-12823 | https://www.wordfence.com/threat-intel/vulnerabilities/id/53c59793-27db-44fa-92c8-2184d6914d8f?source=cve https://wordpress.com/plugins/csv-to-sorttable   |
| sundayfanz–wModes Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce | The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods. | 2025-11-18 | 4.3 | CVE-2025-12639 | https://www.wordfence.com/threat-intel/vulnerabilities/id/979001c4-45dd-4168-8749-c8eebe237b60?source=cve https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L12 https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L29 https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L165 https://plugins.trac.wordpress.org/changeset/3392651/catalog-mode-pricing-enquiry-forms-promotions/trunk?contextall=1&old=3390779&old_path=%2Fcatalog-mode-pricing-enquiry-forms-promotions%2Ftrunk#file11   |
| surbma–Surbma | MiniCRM Shortcode | The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ shortcode attribute of the ‘minicrm’ shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11800 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f7509053-fc70-420a-b998-b7158732c147?source=cve https://plugins.trac.wordpress.org/browser/surbma-minicrm-shortcode/tags/2.0/surbma-minicrm-shortcode.php#L34   |
| tainacan–Tainacan | The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-11-21 | 6.1 | CVE-2025-12746 | https://www.wordfence.com/threat-intel/vulnerabilities/id/014dd0ee-0bd0-477c-a0fa-bde8ce5a099c?source=cve https://github.com/tainacan/tainacan/blob/2491612ee9d5b14baa70862ba2308ee925de0938/src/classes/theme-helper/template-tags.php#L1652 https://plugins.trac.wordpress.org/changeset/3395909/tainacan/trunk/classes/theme-helper/template-tags.php   |
| tainacan–Tainacan | The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive information from files that have been marked as private. | 2025-11-21 | 5.3 | CVE-2025-12747 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c64869f0-a4dd-4135-8ed8-a6ff82a48e1f?source=cve https://github.com/tainacan/tainacan/blob/2491612ee9d5b14baa70862ba2308ee925de0938/src/classes/class-tainacan-private-files.php https://github.com/tainacan/tainacan/compare/1.0.0…1.0.1   |
| Tanium–TanOS | Tanium addressed an arbitrary file deletion vulnerability in TanOS. | 2025-11-19 | 5.6 | CVE-2025-13225 | TAN-2025-036   |
| techjewel–FluentCRM Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fluentcrm_content’ shortcode in all versions up to, and including, 2.9.84 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-12935 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7129e5cb-ce70-477a-a8f1-3acf152dfc21?source=cve https://plugins.trac.wordpress.org/browser/fluent-crm/tags/2.9.84/app/Hooks/actions.php#L172 https://plugins.trac.wordpress.org/browser/fluent-crm/tags/2.9.84/app/Hooks/Handlers/PrefFormHandler.php#L175 https://plugins.trac.wordpress.org/changeset/3399640/   |
| techlabpro1–Classified Listing AI-Powered Classified ads & Business Directory Plugin | The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2025-11-17 | 5.4 | CVE-2025-7711 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b10db9-0c7c-4f13-9d98-6d407446cfb8?source=cve https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.0.2/app/Controllers/Hooks/FilterHooks.php#L367   |
| themeatelier–IDonate Blood Donation, Request And Donor Management System | The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including, 2.1.15. This makes it possible for unauthenticated attackers to delete arbitrary posts. | 2025-11-22 | 5.3 | CVE-2025-12877 | https://www.wordfence.com/threat-intel/vulnerabilities/id/96bd997f-63d5-47a7-b433-486c1113b44b?source=cve https://plugins.trac.wordpress.org/changeset/3398056/idonate/trunk/src/Helpers/IDonateAjaxHandler.php?old=3372718&old_path=idonate%2Ftags%2F2.1.13%2Fsrc%2FHelpers%2FIDonateAjaxHandler.php https://plugins.trac.wordpress.org/changeset/3400306/idonate/trunk/src/Helpers/IDonateAjaxHandler.php?old=3372718&old_path=idonate%2Ftags%2F2.1.13%2Fsrc%2FHelpers%2FIDonateAjaxHandler.php   |
| thimpress–LearnPress WordPress LMS Plugin | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax which allows arbitrary callback execution of admin-only template methods. This makes it possible for unauthenticated attackers to retrieve admin curriculum HTML, quiz questions with correct answers, course materials, and other sensitive educational content via the REST API endpoint granted they can supply valid numeric IDs. | 2025-11-21 | 5.3 | CVE-2025-11368 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0c9856db-3779-4649-9a48-1c7b6d019816?source=cve https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/rest-api/v1/frontend/class-lp-rest-ajax-controller.php#L41 https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/rest-api/v1/frontend/class-lp-rest-ajax-controller.php#L23 https://plugins.trac.wordpress.org/changeset?old_path=/learnpress/tags/4.2.9.4&new_path=/learnpress/tags/4.3.0&sfp_email=&sfph_mail=   |
| tigroumeow–AI Engine | The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving. | 2025-11-18 | 6.8 | CVE-2025-8084 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3b497bc0-bf47-43c7-9d5f-8e130dd0bab2?source=cve https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/rest.php#L742 https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/services/image.php#L89   |
| timeslotplugins–Booking Plugin for WordPress Appointments Time Slot | The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution. | 2025-11-19 | 5.3 | CVE-2025-12842 | https://www.wordfence.com/threat-intel/vulnerabilities/id/087b6943-5da8-44fe-8614-832768444178?source=cve https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L21 https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L23 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397527%40timeslot&new=3397527%40timeslot&sfp_email=&sfph_mail=   |
| trainingbusinesspros–Groundhogg CRM, Newsletters, and Marketing Automation | The Groundhogg – CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the ‘term’ parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-11-21 | 4.9 | CVE-2025-12750 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d231e1-a63e-4b41-a6b7-91e6dfc33600?source=cve https://github.com/groundhoggwp/groundhogg/blob/master/includes/functions.php#L5705 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394550%40groundhogg&new=3394550%40groundhogg&sfp_email=&sfph_mail=#file14   |
| tripleatechnology–Cryptocurrency Payment Gateway for WooCommerce | The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘handle_optin_optout’ function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to opt in and out of tracking. | 2025-11-18 | 5.3 | CVE-2025-12392 | https://www.wordfence.com/threat-intel/vulnerabilities/id/96d48392-fb64-4e5e-be9c-21df0bf75de6?source=cve https://wordpress.org/plugins/triplea-cryptocurrency-payment-gateway-for-woocommerce/   |
| userelements–Ultimate Member Widgets for Elementor WordPress User Directory | The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses. | 2025-11-20 | 5.3 | CVE-2025-12778 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a917a24b-09cc-48e9-844a-e1ed573a708f?source=cve https://plugins.trac.wordpress.org/changeset/3397029/ultimate-member-widgets-for-elementor   |
| valentinpellegrin–ACF Flexible Layouts Manager | The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘acf_flm_update_template_with_pasted_layout’ function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to update custom field values on individual posts and pages. | 2025-11-18 | 6.5 | CVE-2025-12937 | https://www.wordfence.com/threat-intel/vulnerabilities/id/915cce97-8305-4249-b2d3-c4da2f59a95a?source=cve https://plugins.trac.wordpress.org/browser/acf-flexible-layouts-manager/trunk/includes/ajax/ajax-paste.php#L4   |
| vaniivan–Simple User Import Export | The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the ‘Import/export users’ function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration | 2025-11-18 | 6.6 | CVE-2025-13133 | https://www.wordfence.com/threat-intel/vulnerabilities/id/39ec49b4-f0f3-4ec7-b11b-ce808c025577?source=cve https://it.wordpress.org/plugins/a3-user-importer/   |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chat_template_kwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1. | 2025-11-21 | 6.5 | CVE-2025-62426 | https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p https://github.com/vllm-project/vllm/pull/27205 https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610 https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814   |
| westerndeal–GSheetConnector For Ninja Forms | The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘njform-google-sheet-config ‘ page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve information about the system. | 2025-11-22 | 4.3 | CVE-2025-13136 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5770cb94-8603-44d9-8cda-925175851b51?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399046%40gsheetconnector-ninja-forms&new=3399046%40gsheetconnector-ninja-forms&sfp_email=&sfph_mail=   |
| willbontrager–Local Syndication | The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. This is due to the use of `wp_remote_get()` instead of `wp_safe_remote_get()` which lacks protections against requests to internal/private IP addresses and localhost. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application, which can be used to query and modify information from internal services, scan internal networks, and access resources that should not be accessible from external networks. | 2025-11-18 | 6.4 | CVE-2025-12962 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7774cdfd-622a-4608-9efd-273923a0d0aa?source=cve https://plugins.trac.wordpress.org/browser/local-syndication/tags/1.5/local_syndication.php#L64 https://plugins.trac.wordpress.org/browser/local-syndication/tags/1.5/local_syndication.php#L41   |
| winkm89–WP Admin Microblog | The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the ‘wp-admin-microblog’ page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-11-18 | 4.3 | CVE-2025-12173 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9c26a76d-a104-4ea6-be9f-9e8dfc3b5cd5?source=cve https://wordpress.org/plugins/wp-admin-microblog/   |
| withastro–astro | Astro is a web framework. Prior to version 5.15.9, when using Astro’s Cloudflare adapter (@astrojs/cloudflare) with output: ‘server’, the image optimization endpoint (/_image) contains a critical vulnerability in the isRemoteAllowed() function that unconditionally allows data: protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections. This issue has been patched in version 5.15.9. | 2025-11-19 | 5.4 | CVE-2025-65019 | https://github.com/withastro/astro/security/advisories/GHSA-fvmw-cj7j-j39q https://github.com/withastro/astro/commit/9e9c528191b6f5e06db9daf6ad26b8f68016e533   |
| wpengine–WP Migrate Lite WordPress Migration Made Easy | The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdb_flush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to obtain information about internal services. | 2025-11-18 | 5.8 | CVE-2025-11427 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4b098711-ed01-4a71-b0df-30ff4fffa930?source=cve https://plugins.trac.wordpress.org/browser/wp-migrate-db/tags/2.7.5/class/Common/MigrationPersistence/Persistence.php#L50 https://plugins.trac.wordpress.org/browser/wp-migrate-db/tags/2.7.5/class/Common/Migration/Flush.php#L69   |
| wpfanyi–WPSite Shortcode | The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘format’ shortcode attribute in the wpsite_y shortcode and the ‘before’ attribute in the wpsite_postauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping in error messages. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-21 | 6.4 | CVE-2025-11803 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9712c2-1698-4c67-a700-a4598cb25a95?source=cve https://plugins.trac.wordpress.org/browser/wpsite-shortcode/tags/1.2/shortcodes/wpsite-date.php#L19 https://plugins.trac.wordpress.org/browser/wpsite-shortcode/tags/1.2/shortcodes/wpsite-date.php#L35 https://plugins.trac.wordpress.org/browser/wpsite-shortcode/tags/1.2/shortcodes/wpsite-date.php#L51   |
| wproyal–Royal Addons for Elementor Addons and Templates Kit for Elementor | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item[‘field_id’] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-11-19 | 6.4 | CVE-2025-6251 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ead108c4-ac09-42ea-95c5-e95dc514f1cb?source=cve https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/form-builder/widgets/wpr-form-builder.php#L4023   |
| wpswings–Return Refund and Exchange For WooCommerce | The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wps_rma_fetch_order_msgs() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read other user’s order messages. | 2025-11-21 | 5.4 | CVE-2025-12881 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9c159237-1a3a-4d42-9a2e-fbd6ca98f38e?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394215%40woo-refund-and-exchange-lite&new=3394215%40woo-refund-and-exchange-lite&sfp_email=&sfph_mail=   |
| wpswings–Return Refund and Exchange For WooCommerce | The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the ‘wps_rma_cancel_return_request’ AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other users refund requests. | 2025-11-21 | 4.3 | CVE-2025-12086 | https://www.wordfence.com/threat-intel/vulnerabilities/id/126e2b92-322e-440c-a924-1b604330f164?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394215%40woo-refund-and-exchange-lite&new=3394215%40woo-refund-and-exchange-lite&sfp_email=&sfph_mail=   |
| wpwax–Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings | The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘directorist_prepare_listings_export_file’ and ‘directorist_type_slug_change’ AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug. | 2025-11-19 | 6.5 | CVE-2025-12174 | https://www.wordfence.com/threat-intel/vulnerabilities/id/796c0ded-3a23-4dd6-968a-a8e60bd8ea0e?source=cve https://plugins.trac.wordpress.org/changeset/3394856/directorist/tags/8.5.3/includes/classes/class-ajax-handler.php   |
| wwwlike–vlife | A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-11-17 | 5.3 | CVE-2025-13266 | VDB-332601 | wwwlike vlife VLifeApi SysFileApi.java create path traversal VDB-332601 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #689436 | vlife 2.0.1 Arbitrary File Read https://github.com/wwwlike/vlife/issues/3   |
| xwikisas–application-admintools | XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. This issue has been patched in version 1.1. A workaround involves setting the view rights for the AdminTools space to be only available for the XWikiAdminGroup. | 2025-11-18 | 5.3 | CVE-2025-54990 | https://github.com/xwikisas/application-admintools/security/advisories/GHSA-v7r8-8p5c-h4xw   |
| xwikisas–xwiki-pro-macros | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0. | 2025-11-19 | 6.8 | CVE-2025-65089 | https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-8c52-x9w7-vc95   |
| yithemes–YITH WooCommerce Wishlist | The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to discover any user’s wishlist token ID, and subsequently rename the victim’s wishlist without authorization (integrity impact). This can be exploited to target multi-user stores for defacement, social engineering attacks, mass tampering, and profiling at scale. | 2025-11-19 | 5.3 | CVE-2025-12427 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ffdb95ac-6b22-44a9-bd5c-b802a2d908d7?source=cve https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L56 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L97 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-ajax-handler.php#L38 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-ajax-handler.php#L265 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394933%40yith-woocommerce-wishlist%2Ftrunk&old=3379519%40yith-woocommerce-wishlist%2Ftrunk&sfp_email=&sfph_mail=#file0   |
| yithemes–YITH WooCommerce Wishlist | The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => ‘__return_true’) and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the exposed delete_item nonce on shared wishlist pages and the AJAX handler’s missing object-level authorization check. | 2025-11-19 | 5.3 | CVE-2025-12777 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0088a97c-5a06-4500-a923-242499596aca?source=cve https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L56 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L96 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-frontend.php#L740 https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-ajax-handler.php#L222 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394933%40yith-woocommerce-wishlist%2Ftrunk&old=3379519%40yith-woocommerce-wishlist%2Ftrunk&sfp_email=&sfph_mail=#file0   |
| zhengdon– | The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-11-21 | 4.9 | CVE-2025-11973 | https://www.wordfence.com/threat-intel/vulnerabilities/id/66dc2ca2-c61c-4c73-aa2a-0017299cbca5?source=cve https://wordpress.org/plugins/keydatas/   |
| Zyxel–DX3301-T0 firmware | An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected. | 2025-11-18 | 5.3 | CVE-2025-6599 | https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025   |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Campcodes–Complete Online Beauty Parlor Management System | A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. | 2025-11-20 | 2.4 | CVE-2025-13484 | VDB-333084 | Campcodes Complete Online Beauty Parlor Management System customer-list.php cross site scripting VDB-333084 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #696054 | Campcodes Complete Online Beauty Parlor Management System V1.0 Cross Site Scripting https://github.com/Abxery/cveee/issues/8 https://www.campcodes.com/   |
| Campcodes–Retro Basketball Shoes Online Store | A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | 2025-11-19 | 2.4 | CVE-2025-13412 | VDB-332939 | Campcodes Retro Basketball Shoes Online Store admin_running.php cross site scripting VDB-332939 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #693698 | campcodes Retro Basketball Shoes Online Store V1.0 cross site scripting https://github.com/laosijivul/cve/issues/1 https://www.campcodes.com/   |
| Canva–Canva | The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva. | 2025-11-18 | 3.2 | CVE-2025-12792 | https://trust.canva.com/?tcuUid=1e77a34b-f586-450b-b30d-b6e17d15b443   |
| Fortinet–FortiADC | An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product | 2025-11-18 | 3.9 | CVE-2025-54971 | https://fortiguard.fortinet.com/psirt/FG-IR-25-686   |
| Fortinet–FortiMail | An improper neutralization of crlf sequences (‘crlf injection’) in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link | 2025-11-18 | 3.9 | CVE-2025-54972 | https://fortiguard.fortinet.com/psirt/FG-IR-25-634   |
| Fortinet–FortiPAM | A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators’ credentials via diagnose commands. | 2025-11-18 | 3.8 | CVE-2025-61713 | https://fortiguard.fortinet.com/psirt/FG-IR-25-789   |
| Fortinet–FortiProxy | An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command. | 2025-11-18 | 1.8 | CVE-2025-54821 | https://fortiguard.fortinet.com/psirt/FG-IR-25-545   |
| Gallagher–T21 Reader | Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),  all versions of 9.00 and prior. | 2025-11-18 | 2.4 | CVE-2025-64734 | https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-64734   |
| HCL Software–Connections | HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. | 2025-11-18 | 3.5 | CVE-2025-52639 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124241   |
| icret–EasyImages | A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. | 2025-11-19 | 3.5 | CVE-2025-13415 | VDB-332940 | icret EasyImages SVG Image upload.php cross site scripting VDB-332940 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #693732 | GitHub EasyImages2.0 <=V2.8.6 Improper Neutralization of Alternate XSS Syntax https://github.com/icret/EasyImages2.0/issues/260   |
| jarun–nnn | A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue. | 2025-11-23 | 3.3 | CVE-2025-13566 | VDB-333330 | jarun nnn nnn.c run_cmd_as_plugin double free VDB-333330 | CTI Indicators (IOB, IOC, IOA) Submit #698113 | nnn v5.1 Double Free https://github.com/jarun/nnn/issues/2091#issue-3635886658 https://github.com/jarun/nnn/issues/2091#issuecomment-3547591759 https://github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7   |
| librenms–librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0. | 2025-11-18 | 3.7 | CVE-2025-65014 | https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g   |
| Mattermost–Mattermost | Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects | 2025-11-18 | 3 | CVE-2025-55074 | https://mattermost.com/security-updates   |
| Medical Informatics Engineering–Enterprise Health | Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the ‘Demographic Information’ page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14. | 2025-11-20 | 3.5 | CVE-2025-35029 | url url   |
| n/a–mrubyc | A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue. | 2025-11-19 | 3.3 | CVE-2025-13397 | VDB-332925 | mrubyc alloc.c mrbc_raw_realloc null pointer dereference VDB-332925 | CTI Indicators (IOB, IOC, IOA) Submit #692130 | mrubyc 3.4 NULL Pointer Dereference https://github.com/mrubyc/mrubyc/issues/244 https://github.com/mrubyc/mrubyc/issues/244#issuecomment-3400382026 https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87   |
| OpenPrinting–cups-filters | cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c. | 2025-11-20 | 3.3 | CVE-2025-64524 | https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv https://github.com/OpenPrinting/cups-filters/commit/956283c74a34ae924266a2a63f8e5f529a1abd06   |
| Public Knowledge Project–omp | A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument manualInstructions leads to cross site scripting. The attack can be initiated remotely. You should upgrade the affected component. | 2025-11-20 | 2.4 | CVE-2025-13469 | VDB-333042 | Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting VDB-333042 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #695020 | Public Knowledge Project Open Journal System 3.5.0-1 Cross Site Scripting https://github.com/pkp/pkp-lib/issues/12022 https://github.com/pkp/pkp-lib/issues/12022#event-20904087480 https://github.com/pkp/pkp-lib/issues/12022#event-20904112770   |
| SourceCodester–Interview Management System | A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-11-18 | 3.5 | CVE-2025-13343 | VDB-332761 | SourceCodester Interview Management System editQuestion.php cross site scripting VDB-332761 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #691936 | SourceCodester Interview Management System V1.0 Improper Neutralization of Alternate XSS Syntax https://github.com/puppytgyh/-CVE/issues/11 https://www.sourcecodester.com/   |
| SourceCodester–Online Shop Project | A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-11-20 | 3.5 | CVE-2025-13450 | VDB-333020 | SourceCodester Online Shop Project register.php cross site scripting VDB-333020 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #694780 | SourceCodester Online Shop Project V1.0 Cross Site Scripting https://github.com/xiaojuzirr/cve/issues/5 https://www.sourcecodester.com/   |
| SourceCodester–Student Grades Management System | A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-11-18 | 3.5 | CVE-2025-13349 | VDB-332766 | SourceCodester Student Grades Management System Add New Grade grades.php cross site scripting VDB-332766 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #692065 | SourceCodester Student Grades Management System 1.0 Cross Site Scripting https://medium.com/@ankitkaushal43731/title-student-grades-management-system-stored-xss-authenticated-in-grades-php-remarks-field-d9625243df06 https://www.sourcecodester.com/   |
| Tinexta Infocert–GoSign Desktop | GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succeed even for untrusted or invalid server certificates. In this scenario (which is outside of the product’s design objectives), integrity protection could be bypassed. In typical cases of a proxy server for outbound HTTPS traffic from an enterprise, those connections would not succeed. (Admittedly, the usual expectation is that a client application is configured to trust an enterprise CA and does not set SSL_VERIFY_NONE.) Also, it is of course unsafe to place ~/.gosign in the home directory of an untrusted user and then have other users execute downloaded files. | 2025-11-17 | 3.2 | CVE-2025-65083 | https://www.firma.infocert.it/prodotti/gosign https://securityaffairs.com/184672/hacking/multiple-vulnerabilities-in-gosign-desktop-lead-to-remote-code-execution.html   |
| withastro–astro | Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework’s development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3. | 2025-11-19 | 3.5 | CVE-2025-64757 | https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62×9-952g https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7   |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| 7-Zip–7-Zip | 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753. | 2025-11-19 | not yet calculated | CVE-2025-11001 | ZDI-25-949   |
| AMD–AMD Ryzen 9000HX Series Processors | Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. | 2025-11-21 | not yet calculated | CVE-2025-62626 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7055.html   |
| AMD–Kria SOM | The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC. | 2025-11-23 | not yet calculated | CVE-2025-48507 | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8017.html   |
| AMD–Versal Adaptive SoC Devices | The Secure Flag passed to Versalâ„¢ Adaptive SoC’s Arm® Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state. | 2025-11-23 | not yet calculated | CVE-2025-54515 | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8020.html   |
| anthropics–claude-code | Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31. | 2025-11-21 | not yet calculated | CVE-2025-64755 | https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q   |
| anthropics–claude-code | Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39. | 2025-11-19 | not yet calculated | CVE-2025-65099 | https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv   |
| Apache Software Foundation–Apache Causeway | Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution (RCE) through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway’s ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary code with application privileges.  This issue affects all current versions. Users are recommended to upgrade to version 3.5.0, which fixes the issue. | 2025-11-19 | not yet calculated | CVE-2025-64408 | https://lists.apache.org/thread/rjlg4spqhmgy1xgq9wq5h2tfnq4pm70b   |
| Apple–iPadOS | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to override managed Wi-Fi profiles. | 2025-11-21 | not yet calculated | CVE-2025-31216 | https://support.apple.com/en-us/122405 https://support.apple.com/en-us/122404   |
| Apple–macOS | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.5, macOS Sonoma 14.7.3. An app may be able to access sensitive user data. | 2025-11-21 | not yet calculated | CVE-2025-31248 | https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122716 https://support.apple.com/en-us/122070   |
| Apple–macOS | A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window. | 2025-11-21 | not yet calculated | CVE-2025-31266 | https://support.apple.com/en-us/122716 https://support.apple.com/en-us/122719   |
| Apple–macOS | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory. | 2025-11-21 | not yet calculated | CVE-2025-43374 | https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122716 https://support.apple.com/en-us/122405 https://support.apple.com/en-us/122404 https://support.apple.com/en-us/122721 https://support.apple.com/en-us/122722 https://support.apple.com/en-us/122070   |
| ASUSTOR–ABP and AES | When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290. | 2025-11-19 | not yet calculated | CVE-2025-13051 | https://www.asustor.com/security/security_advisory_detail?id=48   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them. | 2025-11-19 | not yet calculated | CVE-2025-34328 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-unauthenticated-file-upload-rce-via-ajaxscript   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\SYSTEM. | 2025-11-19 | not yet calculated | CVE-2025-34329 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-unauthenticated-backup-upload-rce-via-ajaxbackupuploadfile   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and writes it into the C:\F2MAdmin\tmp directory using a filename derived from application constants, without any authentication, authorization, or file-type validation. A remote, unauthenticated attacker can upload or overwrite prompt- or music-on-hold-related files in this directory, potentially leading to tampering with IVR audio content or preparing files for use in further attacks. | 2025-11-19 | not yet calculated | CVE-2025-34330 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-unauthenticated-prompt-file-upload-via-ajaxpromptuploadfile   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request files stored on the appliance based solely on attacker-supplied path and filename parameters. While limited to specific file extensions permitted by the application logic, sensitive backup archives can be retrieved, exposing internal databases and credential hashes. Successful exploitation may lead to disclosure of administrative password hashes and other sensitive configuration data. | 2025-11-19 | not yet calculated | CVE-2025-34331 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-unauthenticated-file-read-via-download   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges. | 2025-11-19 | not yet calculated | CVE-2025-34332 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-insecure-service-control-scripts-lpe   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\F2MAdmin\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges. | 2025-11-19 | not yet calculated | CVE-2025-34333 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-world-writable-webroot-lpe   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax “send” test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation. | 2025-11-19 | not yet calculated | CVE-2025-34334 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-authenticated-command-injection-via-testfax-and-lpe   |
| AudioCodes Limited–AudioCodes Fax/IVR Appliance | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\SYSTEM. | 2025-11-19 | not yet calculated | CVE-2025-34335 | https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-authenticated-command-injection-via-activatelicense   |
| authlib–joserfc | joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured – or entirely absent – production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2. | 2025-11-18 | not yet calculated | CVE-2025-65015 | https://github.com/authlib/joserfc/security/advisories/GHSA-frfh-8v73-gjg4 https://github.com/authlib/joserfc/commit/63932f169d924caffafa761af2122b82059017f7 https://github.com/authlib/joserfc/commit/673c8743fd0605b0e1de6452be6cba75f44e466b https://github.com/authlib/joserfc/releases/tag/1.3.5 https://github.com/authlib/joserfc/releases/tag/1.4.2   |
| authzed–spicedb | SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on both sides (but one side arrows to a different permission). Then SpiceDB may have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. The issue is fixed in version 1.47.1. | 2025-11-21 | not yet calculated | CVE-2025-65111 | https://github.com/authzed/spicedb/security/advisories/GHSA-9m7r-g8hg-x3vr https://github.com/authzed/spicedb/commit/8c2edbe1e7bd3851fa2138f4cc344bfde986dcf2   |
| Automated Logic–WebCtrl | Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions. | 2025-11-19 | not yet calculated | CVE-2024-8527 | https://www.corporate.carrier.com/product-security/advisories-resources/   |
| Automated Logic–WebCtrl | Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized. | 2025-11-19 | not yet calculated | CVE-2024-8528 | https://www.corporate.carrier.com/product-security/advisories-resources/   |
| BASIS International Ltd.–BASIS BBj | BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service. Retrieved configuration artifacts may contain account credentials used for BBj Enterprise Manager; possession of these credentials enables administrative access and use of legitimate management functionality that can result in execution of system commands under the service account. Depending on the operating system and the privileges of the BBj service account, this issue may also allow access to other sensitive files on the host, including operating system or application data, potentially exposing additional confidential information. | 2025-11-20 | not yet calculated | CVE-2025-34320 | https://myemail.constantcontact.com/BASIS-International-Ltd–releases-BBj—the-Barista–Application-Framework–and-AddonSoftware–by-Barista-version-25-00.html?soid=1103463119019&aid=WbfWkReLRVE https://www.vulncheck.com/advisories/basis-bbj-unauthenticated-arbitrary-file-read-rce   |
| BEIMS–Contractor Web | A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input validation on /BEIMSWeb/contractor.asp endpoint and successful exploitation requires a contractor.asp endpoint open to the internet. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity and potentially the availability of the database.  Version 5.7.139  has been confirmed as vulnerable. Other versions have not been confirmed by the vendor and users should assume that all versions of BEIMS Contractor Web may be impacted until further guidance is provided by the vendor. | 2025-11-17 | not yet calculated | CVE-2025-10460 | https://help.fmiworks.com/knowledge/beims-web https://help.fmiworks.com/knowledge/contractor-web-operational-requirements   |
| boldthemes–Bold Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | 2025-11-21 | not yet calculated | CVE-2025-66057 | https://vdp.patchstack.com/database/Wordpress/Plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| bPlugins–Tiktok Feed | Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22. | 2025-11-21 | not yet calculated | CVE-2025-66110 | https://vdp.patchstack.com/database/Wordpress/Plugin/b-tiktok-feed/vulnerability/wordpress-tiktok-feed-plugin-1-0-22-broken-access-control-vulnerability?_s_id=cve   |
| bqworks–Accordion Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through <= 1.9.13. | 2025-11-21 | not yet calculated | CVE-2025-66092 | https://vdp.patchstack.com/database/Wordpress/Plugin/accordion-slider/vulnerability/wordpress-accordion-slider-plugin-1-9-13-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| Camille V–Travelers’ Map | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camille V Travelers’ Map travelers-map allows Stored XSS.This issue affects Travelers’ Map: from n/a through <= 2.3.2. | 2025-11-21 | not yet calculated | CVE-2025-66098 | https://vdp.patchstack.com/database/Wordpress/Plugin/travelers-map/vulnerability/wordpress-travelers-map-plugin-2-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| Checkmk GmbH–Checkmk | Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information | 2025-11-18 | not yet calculated | CVE-2025-58121 | https://checkmk.com/werk/18983   |
| Checkmk GmbH–Checkmk | Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure. | 2025-11-18 | not yet calculated | CVE-2025-58122 | https://checkmk.com/werk/18982   |
| Checkmk GmbH–Checkmk | In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin’s output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data. | 2025-11-18 | not yet calculated | CVE-2025-64996 | https://checkmk.com/werk/18570   |
| Cozmoslabs–WP Webhooks | Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8. | 2025-11-21 | not yet calculated | CVE-2025-66073 | https://vdp.patchstack.com/database/Wordpress/Plugin/wp-webhooks/vulnerability/wordpress-wp-webhooks-plugin-3-3-8-php-object-injection-vulnerability?_s_id=cve   |
| Cozy Vision–SMS Alert Order Notifications | Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8. | 2025-11-21 | not yet calculated | CVE-2025-66086 | https://vdp.patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-plugin-3-8-8-broken-access-control-vulnerability?_s_id=cve   |
| Craig Hewitt–Seriously Simple Podcasting | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | 2025-11-21 | not yet calculated | CVE-2025-66059 | https://vdp.patchstack.com/database/Wordpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-13-0-sensitive-data-exposure-vulnerability?_s_id=cve   |
| Craig Hewitt–Seriously Simple Podcasting | Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | 2025-11-21 | not yet calculated | CVE-2025-66060 | https://vdp.patchstack.com/database/Wordpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-13-0-broken-access-control-vulnerability-2?_s_id=cve   |
| Craig Hewitt–Seriously Simple Podcasting | Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | 2025-11-21 | not yet calculated | CVE-2025-66061 | https://vdp.patchstack.com/database/Wordpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-13-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve   |
| dataease–dataease | Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17. | 2025-11-20 | not yet calculated | CVE-2025-64428 | https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h https://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53 https://github.com/dataease/dataease/releases/tag/v2.10.17   |
| Design–Stylish Cost Calculator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5. | 2025-11-21 | not yet calculated | CVE-2025-66091 | https://vdp.patchstack.com/database/Wordpress/Plugin/stylish-cost-calculator/vulnerability/wordpress-stylish-cost-calculator-plugin-8-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| Drupal–Drupal core | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | 2025-11-18 | not yet calculated | CVE-2025-13080 | https://www.drupal.org/sa-core-2025-005   |
| Drupal–Drupal core | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | 2025-11-18 | not yet calculated | CVE-2025-13081 | https://www.drupal.org/sa-core-2025-006   |
| Drupal–Drupal core | User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | 2025-11-18 | not yet calculated | CVE-2025-13082 | https://www.drupal.org/sa-core-2025-007   |
| Drupal–Drupal core | Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | 2025-11-18 | not yet calculated | CVE-2025-13083 | https://www.drupal.org/sa-core-2025-008   |
| Drupal–Email TFA | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6. | 2025-11-18 | not yet calculated | CVE-2025-12760 | https://www.drupal.org/sa-contrib-2025-115   |
| Drupal–Simple multi step form | Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi step form: from 0.0.0 before 2.0.0. | 2025-11-18 | not yet calculated | CVE-2025-12761 | https://www.drupal.org/sa-contrib-2025-116   |
| Eclipse Foundation–Jersey | In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations – such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC) | 2025-11-18 | not yet calculated | CVE-2025-12383 | https://gitlab.eclipse.org/security/cve-assignment/-/issues/74   |
| eGovFramework/egovframe-common-components–eGovFramework/egovframe-common-components | eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the uploaded content to a shared upload helper, and store the file on the server under a framework-controlled path. The framework then returns a download URL that can be used to retrieve the uploaded content, including an attacker-controlled Content-Type within the limits of the image upload functionality. While a filename extension whitelist is enforced, the attacker fully controls the file contents. The response MIME type used is also attacker-controlled when the file is served up to version < 4.1.2. Since version 4.1.2, it is possible to download any image uploaded with any whitelisted content type. But any file uploaded other than an image will be served with the `application/octet-stream` content type (the content type is no longer controlled by the attacker since version 4.1.2). This enables an unauthenticated attacker to use any affected application as a persistent file hosting service for arbitrary content under the application’s origin. KISA/KrCERT has identified this unpatched vulnerability as “KVE-2023-5280.” | 2025-11-19 | not yet calculated | CVE-2025-34336 | https://www.egovframe.go.kr/eng/sub.do?menuNo=2 https://github.com/eGovFramework/egovframe-common-components https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html https://pierrekim.github.io/advisories/2025-egovframe.txt https://www.vulncheck.com/advisories/egovframework-unauthenticated-file-upload-via-web-editor-image-upload-endpoints   |
| eGovFramework/egovframe-common-components–eGovFramework/egovframe-common-components | eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for chosen values. The image upload endpoints /utl/wed/insertImage.do and /utl/wed/insertImageCk.do encrypt server-side paths, filenames, and MIME types and embed them directly into a download URL that is returned to the client. Because these same encrypted parameters are trusted by other endpoints, such as /utl/web/imageSrc.do and /cmm/fms/getImage.do, an unauthenticated attacker can abuse the upload functionality to obtain encrypted representations of attacker-chosen identifiers and then replay those ciphertext values to file-serving APIs. This design failure allows an attacker to bypass access controls that rely solely on the secrecy of encrypted parameters and retrieve arbitrary stored files that are otherwise expected to require an existing session or specific authorization context. KISA/KrCERT has identified this unpatched vulnerability as “KVE-2023-5281.” | 2025-11-19 | not yet calculated | CVE-2025-34337 | https://www.egovframe.go.kr/eng/sub.do?menuNo=2 https://github.com/eGovFramework/egovframe-common-components https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html https://pierrekim.github.io/advisories/2025-egovframe.txt https://www.vulncheck.com/advisories/egovframework-unauthenticated-encryption-oracle-via-web-editor-image-upload-endpoints   |
| EmbySupport–Emby.Security | Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta. | 2025-11-18 | not yet calculated | CVE-2025-64325 | https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-2gwc-988r-2r7x   |
| EnvoThemes–Envo Extra | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11. | 2025-11-21 | not yet calculated | CVE-2025-66066 | https://vdp.patchstack.com/database/Wordpress/Plugin/envo-extra/vulnerability/wordpress-envo-extra-plugin-1-9-11-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| espressif–esp-idf | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly report a connection event to the host, which can cause the application layer to assume that the device has successfully established a connection. This issue has been fixed in versions 5.5.2, 5.4.3, 5.3.5, 5.2.6, and 5.1.7. At time of publication versions 5.5.2, 5.3.5, and 5.1.7 have not been released but are fixed respectively in commits 3b95b50, e3d7042, and 75967b5. | 2025-11-17 | not yet calculated | CVE-2025-64342 | https://github.com/espressif/esp-idf/security/advisories/GHSA-8mg7-9qpg-p92v https://github.com/espressif/esp-idf/commit/309f031dd6b04de30c926a256508c65b0df95dfa https://github.com/espressif/esp-idf/commit/3b95b50703cd3301a370cffaa1cc299b1941fe2a https://github.com/espressif/esp-idf/commit/75967b578563ea7876dc215251cbb6d64bc9d768 https://github.com/espressif/esp-idf/commit/8ec541023684d33b498fa21c5b4724bce748aa7b https://github.com/espressif/esp-idf/commit/bf66761962579f73aea682d1154b9c99b9d3d7dc https://github.com/espressif/esp-idf/commit/e3d70429566ece1ef593d36aa4ebd320e0c95925   |
| espressif–esp-idf | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726. | 2025-11-21 | not yet calculated | CVE-2025-65092 | https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8 https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42 https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17 https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27   |
| Essential Plugin–Featured Post Creative | Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5. | 2025-11-21 | not yet calculated | CVE-2025-66106 | https://vdp.patchstack.com/database/Wordpress/Plugin/featured-post-creative/vulnerability/wordpress-featured-post-creative-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve   |
| Frank Goossens–WP YouTube Lyte | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28. | 2025-11-21 | not yet calculated | CVE-2025-66062 | https://vdp.patchstack.com/database/Wordpress/Plugin/wp-youtube-lyte/vulnerability/wordpress-wp-youtube-lyte-plugin-1-7-28-open-redirection-vulnerability?_s_id=cve   |
| FunnelKit–Funnel Builder by FunnelKit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2. | 2025-11-21 | not yet calculated | CVE-2025-66067 | https://vdp.patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-13-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| getkirby–kirby | Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the “Changes” dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4. | 2025-11-18 | not yet calculated | CVE-2025-65012 | https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j https://github.com/getkirby/kirby/releases/tag/5.1.4   |
| golang.org/x/crypto–golang.org/x/crypto/ssh | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. | 2025-11-19 | not yet calculated | CVE-2025-58181 | https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://go.dev/cl/721961 https://go.dev/issue/76363 https://pkg.go.dev/vuln/GO-2025-4134   |
| golang.org/x/crypto–golang.org/x/crypto/ssh/agent | SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | 2025-11-19 | not yet calculated | CVE-2025-47914 | https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://go.dev/cl/721960 https://go.dev/issue/76364 https://pkg.go.dev/vuln/GO-2025-4135   |
| Google Cloud–Looker | An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.100+ * 24.18.193+ * 25.0.69+ * 25.6.57+ * 25.8.39+ * 25.10.22+ * 25.12.0+ | 2025-11-20 | not yet calculated | CVE-2025-12414 | https://cloud.google.com/support/bulletins#GCP-2025-067   |
| Google Cloud–Looker | An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.103+ * 24.18.195+ * 25.0.72+ * 25.6.60+ * 25.8.42+ * 25.10.22+ | 2025-11-19 | not yet calculated | CVE-2025-12472 | https://cloud.google.com/support/bulletins#gcp-2025-052   |
| Google Cloud–Looker | The Looker endpoint for generating new projects from database connections allows users to specify “looker” as a connection name, which is a reserved internal name for Looker’s internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT queries that are constructed and executed against the internal MySQL database. This vulnerability allows users with developer permissions to extract data from Looker’s internal MySQL database. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect against this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.106 * 24.18.198+ * 25.0.75 * 25.6.63+ * 25.8.45+ * 25.10.33+ * 25.12.1+ * 25.14+ | 2025-11-19 | not yet calculated | CVE-2025-12743 | https://cloud.google.com/support/bulletins#gcp-2025-052 https://www.tenable.com/security/research/tra-2025-43   |
| Google–Android | In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-11-18 | not yet calculated | CVE-2025-48593 | https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c69c78d7c4f623201f35831d32e6c401156e76cc https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5ed63461b44198c80d5aff7e1af1df812f782abb https://source.android.com/security/bulletin/2025-11-01   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13223 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13224 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13226 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13227 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13228 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13229 |   |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-11-17 | not yet calculated | CVE-2025-13230 |   |
| Google–OSV-SCALIBR | A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR. | 2025-11-20 | not yet calculated | CVE-2025-13425 | https://github.com/google/osv-scalibr/commit/e67c4e198ca099cb7c16957a80f6c5331d90a672   |
| Google–zx | When zx is invoked with –prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external <path>/node_modules outside the current working directory. | 2025-11-20 | not yet calculated | CVE-2025-13437 | https://github.com/google/zx/issues/1348   |
| hupe13–Extensions for Leaflet Map | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8. | 2025-11-21 | not yet calculated | CVE-2025-66093 | https://vdp.patchstack.com/database/Wordpress/Plugin/extensions-leaflet-map/vulnerability/wordpress-extensions-for-leaflet-map-plugin-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| Icegram–Email Subscribers & Newsletters | Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | 2025-11-21 | not yet calculated | CVE-2025-66055 | https://vdp.patchstack.com/database/Wordpress/Plugin/email-subscribers/vulnerability/wordpress-email-subscribers-newsletters-plugin-5-9-10-php-object-injection-vulnerability?_s_id=cve   |
| Igor Jerosimi–I Order Terms | Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms allows Cross Site Request Forgery.This issue affects I Order Terms: from n/a through <= 1.5.0. | 2025-11-21 | not yet calculated | CVE-2025-66097 | https://vdp.patchstack.com/database/Wordpress/Plugin/i-order-terms/vulnerability/wordpress-i-order-terms-plugin-1-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve   |
| ilbers–isar | Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb. | 2025-11-19 | not yet calculated | CVE-2025-65100 | https://github.com/ilbers/isar/security/advisories/GHSA-3r9w-6cp6-7hm4 https://github.com/ilbers/isar/commit/3383fd808a4ced93e41e012660dfe364a3384434 https://github.com/ilbers/isar/commit/738bcbb716c7eb7b34cbb2293cae4f264b3925fe   |
| Imagination Technologies–Graphics DDK | Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine. | 2025-11-17 | not yet calculated | CVE-2025-58407 | https://www.imaginationtech.com/gpu-driver-vulnerabilities/   |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource. | 2025-11-17 | not yet calculated | CVE-2025-58410 | https://www.imaginationtech.com/gpu-driver-vulnerabilities/   |
| Imtiaz Rayhan–Table Block by Tableberg | Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by Tableberg: from n/a through <= 0.6.9. | 2025-11-21 | not yet calculated | CVE-2025-66096 | https://vdp.patchstack.com/database/Wordpress/Plugin/tableberg/vulnerability/wordpress-table-block-by-tableberg-plugin-0-6-9-broken-access-control-vulnerability?_s_id=cve   |
| Informtica del Este–WinPlus | Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their ‘numerical ID’, meaning that an attacker could compromise another user’s account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application. | 2025-11-18 | not yet calculated | CVE-2025-41346 | https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este   |
| Informtica del Este–WinPlus | Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a ‘webshell’ by sending a POST request to ‘/WinplusPortal/ws/sWinplus.svc/json/uploadfile’. | 2025-11-18 | not yet calculated | CVE-2025-41347 | https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este   |
| Informtica del Este–WinPlus | SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters ‘val1’ and ‘cont in ‘/WinplusPortal/ws/sWinplus.svc/json/getacumper_post’. | 2025-11-18 | not yet calculated | CVE-2025-41348 | https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este   |
| Informtica del Este–WinPlus | Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the ‘descripcion’ parameter in ‘/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post’. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | 2025-11-18 | not yet calculated | CVE-2025-41349 | https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este   |
| Informtica del Este–WinPlus | Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the ‘descripcion’ parameter in ‘/WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post’. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | 2025-11-18 | not yet calculated | CVE-2025-41350 | https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este   |
| Iqonic Design–KiviCare | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13. | 2025-11-21 | not yet calculated | CVE-2025-66095 | https://vdp.patchstack.com/database/Wordpress/Plugin/kivicare-clinic-management-system/vulnerability/wordpress-kivicare-plugin-3-6-13-sql-injection-vulnerability?_s_id=cve   |
| JCD–Windu CMS | Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59110 | https://windu.org/ https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59111 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59112 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59113 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59114 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59115 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59116 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| JCD–Windu CMS | Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 4.1 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-11-18 | not yet calculated | CVE-2025-59117 | https://windu.org https://cert.pl/posts/2025/11/CVE-2025-59110   |
| Jeff Starr–Head Meta Data | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through <= 20250327. | 2025-11-21 | not yet calculated | CVE-2025-66081 | https://vdp.patchstack.com/database/Wordpress/Plugin/head-meta-data/vulnerability/wordpress-head-meta-data-plugin-20250327-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| Jegstudio–Gutenverse | Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1. | 2025-11-21 | not yet calculated | CVE-2025-66065 | https://vdp.patchstack.com/database/Wordpress/Plugin/gutenverse/vulnerability/wordpress-gutenverse-plugin-3-2-1-broken-access-control-vulnerability?_s_id=cve   |
| Jegstudio–Gutenverse Form | Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | 2025-11-21 | not yet calculated | CVE-2025-66079 | https://vdp.patchstack.com/database/Wordpress/Plugin/gutenverse-form/vulnerability/wordpress-gutenverse-form-plugin-2-2-0-broken-access-control-vulnerability?_s_id=cve   |
| jgwhite33–WP Google Review Slider | Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4. | 2025-11-21 | not yet calculated | CVE-2025-66063 | https://vdp.patchstack.com/database/Wordpress/Plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-17-4-broken-access-control-vulnerability?_s_id=cve   |
| jzeuzs–thread-amount | thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2. | 2025-11-21 | not yet calculated | CVE-2025-65947 | https://github.com/jzeuzs/thread-amount/security/advisories/GHSA-jf9p-2fv9-2jp2 https://github.com/jzeuzs/thread-amount/pull/29 https://github.com/jzeuzs/thread-amount/commit/28860d4a38286609cb884c13b5b7941edc2390e5   |
| KDDI CORPORATION–” App for iOS | Improper certificate validation vulnerability exists in ‘デジラアプリ’ App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication. | 2025-11-17 | not yet calculated | CVE-2025-60022 | https://jvn.jp/en/jp/JVN54005037/   |
| Kriesi–Enfold | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2. | 2025-11-21 | not yet calculated | CVE-2025-66053 | https://vdp.patchstack.com/database/Wordpress/Theme/enfold/vulnerability/wordpress-enfold-theme-7-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| kubevirt–kubevirt | KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn’t exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue. | 2025-11-18 | not yet calculated | CVE-2025-64324 | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh https://github.com/kubevirt/kubevirt/pull/15037 https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764 https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69   |
| langchain-ai–langchain | LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain’s prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7. | 2025-11-21 | not yet calculated | CVE-2025-65106 | https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00   |
| LimeSurvey–LimeSurvey | Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability. | 2025-11-20 | not yet calculated | CVE-2025-41074 | https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0   |
| LimeSurvey–LimeSurvey | Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability. | 2025-11-20 | not yet calculated | CVE-2025-41075 | https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0   |
| LimeSurvey–LimeSurvey | In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name ‘lime_sessions’, primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker. | 2025-11-20 | not yet calculated | CVE-2025-41076 | https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0   |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the preallocated qgroup_list structure passed by the caller. This causes a memory leak because the caller unconditionally sets the pointer to NULL after the call, preventing any cleanup. The issue occurs because the level validation check happens before the mutex is acquired and before any error handling path that would free the prealloc pointer. On this early return, the cleanup code at the ‘out’ label (which includes kfree(prealloc)) is never reached. In btrfs_ioctl_qgroup_assign(), the code pattern is: prealloc = kzalloc(sizeof(*prealloc), GFP_KERNEL); ret = btrfs_add_qgroup_relation(trans, sa->src, sa->dst, prealloc); prealloc = NULL; // Always set to NULL regardless of return value … kfree(prealloc); // This becomes kfree(NULL), does nothing When the level check fails, ‘prealloc’ is never freed by either the callee or the caller, resulting in a 64-byte memory leak per failed operation. This can be triggered repeatedly by an unprivileged user with access to a writable btrfs mount, potentially exhausting kernel memory. Fix this by freeing prealloc before the early return, ensuring prealloc is always freed on all error paths. | 2025-11-21 | not yet calculated | CVE-2025-40209 | https://git.kernel.org/stable/c/3412d0e973e8f8381747d69033eda809a57a2581 https://git.kernel.org/stable/c/a4d9ebe23bcb79d9d057e3c995db73b7b3aae414 https://git.kernel.org/stable/c/f260c6aff0b8af236084012d14f9f1bf792ea883   |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Revert “NFSD: Remove the cap on number of operations per NFSv4 COMPOUND” I’ve found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I’ve dug into it a little, but I haven’t been able to root-cause it yet. However, I bisected to commit 48aab1606fa8 (“NFSD: Remove the cap on number of operations per NFSv4 COMPOUND”). Tianshuo Han also reports a potential vulnerability when decoding an NFSv4 COMPOUND. An attacker can place an arbitrarily large op count in the COMPOUND header, which results in: [ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 when NFSD attempts to allocate the COMPOUND op array. Let’s restore the operation-per-COMPOUND limit, but increased to 200 for now. | 2025-11-21 | not yet calculated | CVE-2025-40210 | https://git.kernel.org/stable/c/b3ee7ce432289deac87b9d14e01f2fe6958f7f0b https://git.kernel.org/stable/c/3e7f011c255582d7c914133785bbba1990441713   |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device’s switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ] | 2025-11-21 | not yet calculated | CVE-2025-40211 | https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149 https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659 https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11   |
| Lite XL–Lite XL | Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process. | 2025-11-20 | not yet calculated | CVE-2025-12120 | https://github.com/lite-xl/lite-xl/pull/2164 https://kb.cert.org/vuls/id/579478   |
| Lite XL–Lite XL | Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling (rootview.lua), and the “open in system” command in the treeview plugin (treeview.lua). If an attacker could influence input to system.exec, they might execute arbitrary commands with the privileges of the Lite XL process. | 2025-11-20 | not yet calculated | CVE-2025-12121 | https://github.com/lite-xl/lite-xl/pull/2163 https://kb.cert.org/vuls/id/579478   |
| LogStare Inc.–Installer of LogStare Collector (for Windows) | Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer. | 2025-11-21 | not yet calculated | CVE-2025-64695 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| LogStare Inc.–LogStare Collector (for Windows) | The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege. | 2025-11-21 | not yet calculated | CVE-2025-58097 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| LogStare Inc.–LogStare Collector (for Windows) | LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product’s management page. | 2025-11-21 | not yet calculated | CVE-2025-61949 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| LogStare Inc.–LogStare Collector (for Windows) | LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request. | 2025-11-21 | not yet calculated | CVE-2025-62189 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| LogStare Inc.–LogStare Collector (for Windows) | Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unintended operations may be performed. | 2025-11-21 | not yet calculated | CVE-2025-62687 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| LogStare Inc.–LogStare Collector (for Windows) | LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users’ password hashes. | 2025-11-21 | not yet calculated | CVE-2025-64299 | https://www.logstare.com/vulnerability/2025-001/ https://jvn.jp/en/jp/JVN77560819/   |
| Lookyloo–lookyloo | Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1. | 2025-11-19 | not yet calculated | CVE-2025-65095 | https://github.com/Lookyloo/lookyloo/security/advisories/GHSA-m9g6-23c8-vrxf https://github.com/Lookyloo/lookyloo/commit/ac2f73dbfcad88b815b18c42cca77a1c645f1726 https://github.com/Lookyloo/lookyloo/blob/main/website/web/default_csp.py https://vulnerability.circl.lu/vuln/gcve-1-2025-0018   |
| Lynxtechnology–Twonky Server | Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator’s username and encrypted password. | 2025-11-19 | not yet calculated | CVE-2025-13315 | https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/   |
| Lynxtechnology–Twonky Server | Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server. | 2025-11-19 | not yet calculated | CVE-2025-13316 | https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/   |
| M-Files Corporation–M-Files Server | Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. | 2025-11-17 | not yet calculated | CVE-2025-11681 | https://product.m-files.com/security-advisories/cve-2025-11681/   |
| magepeopleteam–WpEvently | Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4. | 2025-11-21 | not yet calculated | CVE-2025-66082 | https://vdp.patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-5-0-4-broken-access-control-vulnerability?_s_id=cve   |
| magepeopleteam–WpEvently | Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4. | 2025-11-21 | not yet calculated | CVE-2025-66083 | https://vdp.patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-5-0-4-broken-access-control-vulnerability-2?_s_id=cve   |
| MatrixAddons–Easy Invoice | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4. | 2025-11-21 | not yet calculated | CVE-2025-66115 | https://vdp.patchstack.com/database/Wordpress/Plugin/easy-invoice/vulnerability/wordpress-easy-invoice-plugin-2-1-4-local-file-inclusion-vulnerability?_s_id=cve   |
| Merlot Digital (by TNC)–TNC Toolbox: Web Performance | Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4. | 2025-11-21 | not yet calculated | CVE-2025-66108 | https://vdp.patchstack.com/database/Wordpress/Plugin/tnc-toolbox/vulnerability/wordpress-tnc-toolbox-web-performance-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve   |
| mindersec–minder | Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84. | 2025-11-21 | not yet calculated | CVE-2025-65109 | https://github.com/mindersec/minder/security/advisories/GHSA-6xvf-4vh9-mw47 https://github.com/mindersec/minder/commit/f770400923984649a287d7215410ef108e845af8   |
| ml-explore–mlx | MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4. | 2025-11-21 | not yet calculated | CVE-2025-62608 | https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6 https://github.com/ml-explore/mlx/pull/1 https://github.com/ml-explore/mlx/pull/2   |
| ml-explore–mlx | MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This issue has been patched in version 0.29.4. | 2025-11-21 | not yet calculated | CVE-2025-62609 | https://github.com/ml-explore/mlx/security/advisories/GHSA-j842-xgm4-wf88   |
| n/a–Ascertia SigningHub through 8.6.8 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests. | 2025-11-18 | not yet calculated | CVE-2025-54320 | https://www.ascertia.com/company/vulnerability-disclosure-policy/ https://github.com/saykino/CVE-2025-54320   |
| n/a–Ascertia SigningHub through 8.6.8 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests. | 2025-11-18 | not yet calculated | CVE-2025-54321 | https://www.ascertia.com/company/vulnerability-disclosure-policy/ https://github.com/saykino/CVE-2025-54321   |
| n/a–Awesome Miner thru 11.2.4 | A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts. | 2025-11-18 | not yet calculated | CVE-2025-63602 | https://www.awesomeminer.com/download https://dreadsec.co/p/cve-2025-63602-hijacking-system-calls-with-a-popular-crypto-miner.html   |
| n/a–Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) | The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | 2025-11-19 | not yet calculated | CVE-2025-63221 | https://www.axeltechnology.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63221_Axel%20Technology%20puma%20-%20Broken%20Access%20Control   |
| n/a–Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) | The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | 2025-11-19 | not yet calculated | CVE-2025-63223 | https://www.axeltechnology.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63223_Axel%20Technology%20StreamerMAX%20MK%20II%20-%20Broken%20Access%20Control   |
| n/a–Axel Technology WOLF1MS and WOLF2MS devices | The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | 2025-11-19 | not yet calculated | CVE-2025-63218 | https://www.axeltechnology.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control   |
| n/a–Backdrop CMS 1.32.1 | Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection. | 2025-11-18 | not yet calculated | CVE-2025-63828 | https://github.com/mertdurum06/BackdropCms-1.32.1/ https://github.com/mertdurum06/BackdropCms-1.32.1/blob/main/backdropcms_exploit.txt   |
| n/a–bridgetech | An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. | 2025-11-19 | not yet calculated | CVE-2025-63205 | https://bridgetech.tv/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63205_bridgetech%20probes%20Information%20Disclosure   |
| n/a–bridgetech VB288 | An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. | 2025-11-19 | not yet calculated | CVE-2025-63208 | https://bridgetech.tv/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63208_bridgetech%20VB288%20Information%20Disclosure   |
| n/a–bridgetech VBC Server & Element Manager | Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint. | 2025-11-19 | not yet calculated | CVE-2025-63211 | https://bridgetech.tv/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63211_bridgetech%20VBC%20Server%20and%20Element%20Manager%20Stored%20%20xss   |
| n/a–bridgetech VBC Server & Element Manager | An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts. | 2025-11-19 | not yet calculated | CVE-2025-63214 | https://bridgetech.tv/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63214_bridgetech%20VBC%20Server%20and%20Element%20Manager%20Broken%20Access%20Control   |
| n/a–Campcodes Online Hospital Management System 1.0  | Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username. | 2025-11-19 | not yet calculated | CVE-2025-63719 | https://github.com/Pei4AN/CVE/issues/6   |
| n/a–Clerk-js 5.88.0 | An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. | 2025-11-20 | not yet calculated | CVE-2025-63700 | https://clerk.com https://github.com/itsnishat08/CVE-2025-63700   |
| n/a–couch-auth 0.21.2 | Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking. | 2025-11-20 | not yet calculated | CVE-2025-60794 | https://www.npmjs.com/package/@perfood/couch-auth https://github.com/perfood/couch-auth https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60794.md   |
| n/a–D-Link Router DIR-868L | D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command. | 2025-11-19 | not yet calculated | CVE-2025-63932 | https://www.dlink.com/en/security-bulletin/ https://github.com/WhereisRain/DIR-868/tree/main https://github.com/WhereisRain/DIR-868   |
| n/a–Dasan Switch DS2924 | An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser. | 2025-11-19 | not yet calculated | CVE-2025-63206 | http://dasansmc.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass   |
| n/a–DzzOffice 2.3.x | The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up. | 2025-11-18 | not yet calculated | CVE-2025-63693 | https://github.com/Yohane-Mashiro/dzzoffice_xss https://github.com/zyx0814/dzzoffice/issues/363   |
| n/a–DzzOffice v2.3.7 | DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. | 2025-11-18 | not yet calculated | CVE-2025-63694 | https://github.com/zyx0814/dzzoffice/issues/364 https://github.com/Yohane-Mashiro/dzzoffice_sql   |
| n/a–DzzOffice v2.3.7 | DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. | 2025-11-18 | not yet calculated | CVE-2025-63695 | https://github.com/zyx0814/dzzoffice/issues/365 https://github.com/Yohane-Mashiro/dzzoffice_upload   |
| n/a–E-commerce Project v1.0 | A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user’s browser via injecting a crafted payload into the id parameter. | 2025-11-19 | not yet calculated | CVE-2025-63879 | https://www.linkedin.com/in/rumana-khatun-208aa731b/ https://github.com/rumanaemu/CVE-Research/blob/main/CVE-2025-63879.md   |
| n/a–ELCA Star Transmitter | The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. The admin password is stored in plaintext under the <p05> XML tag, potentially leading to remote compromise of the transmitter system. | 2025-11-19 | not yet calculated | CVE-2025-63209 | https://www.elcaradio.com https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63209_ELCA%20Star%20Transmitter%20Remote%20Control%20-%20Information%20Disclosure   |
| n/a–electic-shop v1.0 | A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site’s client-side JavaScript reads attacker-controlled input (for example, values derived from the URL or page fragment) and inserts it into the DOM via unsafe sinks (innerHTML/insertAdjacentHTML/document.write) without proper sanitization or context-aware encoding. An attacker can craft a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim’s browser under the electic-shop origin. | 2025-11-18 | not yet calculated | CVE-2025-63883 | https://github.com/minhajultaivin/security-advisories/blob/main/CVE-2025-63883.md   |
| n/a–eProsima Fast-DDS v3.3 | eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function. | 2025-11-18 | not yet calculated | CVE-2025-63829 | https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/fastdds/core/Time_t.cpp#L67 https://gist.github.com/lkloliver/b00377bec754d4aa1dc731be210d5889   |
| n/a–Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) | The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation. | 2025-11-18 | not yet calculated | CVE-2025-63225 | http://eurolab-srl.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63225_Eurolab_ELTS100_UBX_Broken_Access_Control   |
| n/a–FileCodeBox v2.2 | A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input without validation to construct save_path and save files. This allows remote attackers to perform arbitrary file writes outside the intended directory by sending crafted POST requests with malicious traversal sequences to /share/file/ upload endpoint, which does not require any authorization. | 2025-11-19 | not yet calculated | CVE-2025-51661 | https://github.com/vastsa/FileCodeBox https://github.com/vastsa/FileCodeBox/issues/349   |
| n/a–FileCodeBox version 2.2 and earlier | A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text “codeboxes”. The xss payload is automatically executed in the browsers of any users who try to access the infected codebox by clicking link or entering share code. | 2025-11-19 | not yet calculated | CVE-2025-51662 | https://github.com/vastsa/FileCodeBox https://github.com/vastsa/FileCodeBox/issues/351   |
| n/a–FileCodeBox version 2.2 and earlier | A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share codes. | 2025-11-19 | not yet calculated | CVE-2025-51663 | https://github.com/vastsa/FileCodeBox https://github.com/vastsa/FileCodeBox/issues/350   |
| n/a–Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1-r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) | Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1-r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers’ IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber’s full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025. | 2025-11-17 | not yet calculated | CVE-2025-63292 | https://gist.github.com/7h30th3r0n3/1a0fadb19f1528e3d3f6bad9f680c3b0#file-cve-2025-63292-frebox-imsi-md https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/   |
| n/a–GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000 | GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out. | 2025-11-19 | not yet calculated | CVE-2025-63212 | https://www.gatesair.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking   |
| n/a–Github Restaurant Website Restoran v1.0 | Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page. | 2025-11-19 | not yet calculated | CVE-2025-63878 | https://www.linkedin.com/in/rumana-khatun-208aa731b/ https://github.com/rumanaemu/CVE-Research/blob/main/CVE-2025-63878.md   |
| n/a–H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS, WAP662-WPT330-R2262, WAP662H-WPT330-R2262, USG300V2-WPT330-R2129, MSG300-WPT330-R1350, and MSG326-WPT330-R2129) | A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS, WAP662-WPT330-R2262, WAP662H-WPT330-R2262, USG300V2-WPT330-R2129, MSG300-WPT330-R1350, and MSG326-WPT330-R2129). Attackers are able to exploit this vulnerability via injecting crafted commands into the sessionid parameter. | 2025-11-18 | not yet calculated | CVE-2025-63258 | http://h3c.com https://zhiliao.h3c.com/Theme/details/232571   |
| n/a–Ilevia EVE X1 Server Firmware | Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 – 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component | 2025-11-20 | not yet calculated | CVE-2025-60737 | https://github.com/iSee857/ilevia-EVE-X1-Server-CSRF   |
| n/a–Ilevia EVE X1 Server Firmware | An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 – 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters | 2025-11-20 | not yet calculated | CVE-2025-60738 | https://github.com/iSee857/ilevia-EVE-X1-Server   |
| n/a–Institute-of-Current-Students v1.0 | Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries. | 2025-11-20 | not yet calculated | CVE-2025-52410 | https://github.com/mathurvishal/Institute-of-Current-Students—PHP-Project/issues/2   |
| n/a–Itel DAB Encoder (IDEnc build 25aec8d) | The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices. | 2025-11-19 | not yet calculated | CVE-2025-63224 | https://www.itel.it/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass   |
| n/a–Itel DAB Gateway (IDGat build c041640a) | The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices. | 2025-11-18 | not yet calculated | CVE-2025-63216 | https://www.itel.it/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63216_Itel%20DAB%20Gateway%20Authentication%20Bypass   |
| n/a–Itel DAB Gateway (IDGat build c041640a) | The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices. | 2025-11-18 | not yet calculated | CVE-2025-63217 | https://www.itel.it/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63217%20_%20Itel%20DAB%20MUX%20Authentication%20Bypass   |
| n/a–ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) | The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and compromise system integrity. | 2025-11-19 | not yet calculated | CVE-2025-63219 | https://www.itel.it/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63219_ITEL%20ISO%20FM%20SFN%20Adapter%20-%20Session%20Hijacking   |
| n/a–Kashipara Ecommerce Website 1.0 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php. | 2025-11-17 | not yet calculated | CVE-2024-44651 | https://www.kashipara.com/project/php/322/ecommerce-website-in-php-with-source-code-download https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44651.md   |
| n/a–Kashipara Ecommerce Website 1.0 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php. | 2025-11-17 | not yet calculated | CVE-2024-44652 | https://www.kashipara.com/project/php/322/ecommerce-website-in-php-with-source-code-download https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44652.md   |
| n/a–Kashipara Ecommerce Website 1.0 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. | 2025-11-17 | not yet calculated | CVE-2024-44653 | https://www.kashipara.com/project/php/322/ecommerce-website-in-php-with-source-code-download https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44653.md   |
| n/a–kashipara School Management System 1.0 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. | 2025-11-17 | not yet calculated | CVE-2024-46334 | https://www.kashipara.com/project/php/73/school-management-system-download-project-source-code-in-php https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46334.md   |
| n/a–kashipara School Management System 1.0 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. | 2025-11-17 | not yet calculated | CVE-2024-46336 | https://www.kashipara.com/project/php/73/school-management-system-download-project-source-code-in-php https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46336.md   |
| n/a–kishan0725 Hospital Management System | kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter. | 2025-11-18 | not yet calculated | CVE-2025-63514 | https://github.com/kishan0725/Hospital-Management-System/issues/54 https://github.com/NicatAliyevh/Zero-Days/blob/main/Hospital_Management_System_Stored_XSS.md   |
| n/a–kishan0725 Hospital Management System v4 | kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality. | 2025-11-18 | not yet calculated | CVE-2025-63513 | https://github.com/kishan0725/Hospital-Management-System/issues/55 https://github.com/NicatAliyevh/Zero-Days/blob/main/Hospital_Management_System_IDOR.md   |
| n/a–kishan0725 Hospital Management System/ v4 | kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query. | 2025-11-18 | not yet calculated | CVE-2025-63512 | https://github.com/NicatAliyevh/Zero-Days/blob/main/Hospital_Management_System_SQL2.md   |
| n/a–Kotaemon 0.11.0 | Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF. | 2025-11-18 | not yet calculated | CVE-2025-56526 | https://github.com/Cinnamon/kotaemon/commit/37cdc28 https://github.com/Cinnamon/kotaemon https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363 https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73   |
| n/a–Kotaemon 0.11.0 | Plaintext password storage in Kotaemon 0.11.0 in the client’s localStorage. | 2025-11-18 | not yet calculated | CVE-2025-56527 | https://github.com/Cinnamon/kotaemon/commit/37cdc28 https://github.com/Cinnamon/kotaemon https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363?pvs=74 https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73   |
| n/a–Local Agent DVR versions thru 6.6.1.0 | Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands. | 2025-11-18 | not yet calculated | CVE-2025-63408 | https://www.ericholub.com/blog/agent-dvr-rce/ https://ispysoftware.github.io/Agent_API/   |
| n/a–MCP Data Science Server | A command injection vulnerability exists in the MCP Data Science Server’s (reading-plus-ai/mcp-server-data-exploration) 0.1.6 in the safe_eval() function (src/mcp_server_ds/server.py:108). The function uses Python’s exec() to execute user-supplied scripts but fails to restrict the __builtins__ dictionary in the globals parameter. When __builtins__ is not explicitly defined, Python automatically provides access to all built-in functions including __import__, exec, eval, and open. This allows an attacker to execute arbitrary Python code with full system privileges, leading to complete system compromise. The vulnerability can be exploited by submitting a malicious script to the run_script tool, requiring no authentication or special privileges. | 2025-11-18 | not yet calculated | CVE-2025-63603 | https://github.com/reading-plus-ai/mcp-server-data-exploration/issues/12   |
| n/a–mihomo v1.19.11 | Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file. | 2025-11-18 | not yet calculated | CVE-2025-56499 | https://github.com/MetaCubeX/mihomo/tree/v1.19.11 https://github.com/Cherrling/CVE-2025-56499   |
| n/a–Milos Paripovic OneCommander 3.102.0.0 | Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. | 2025-11-19 | not yet calculated | CVE-2025-63371 | https://www.onecommander.com/ https://jeroscope.com/advisories/2025/jero-2025-007/   |
| n/a–Modular Max Serve before 25.6 | Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the “–experimental-enable-kvcache-agent” feature is used allowing attackers to execute arbitrary code. | 2025-11-18 | not yet calculated | CVE-2025-60455 | https://github.com/modular/modular/issues/4795 https://github.com/modular/modular/blame/main/max/serve/kvcache_agent/kvcache_agent.py#L220 https://github.com/modular/modular/commit/10620059fb5c47fb0c30e5d21a8ff3b8d622fba4 https://github.com/modular/modular/commit/ee9c4ab02345dd30bed8b79771b6909ff1b930a1 https://github.com/modular/modular/commit/b20e749fa892dbe772e890a268002f732164d9f5 https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystem   |
| n/a–Mozart FM Transmitter version WEBMOZZI-00287 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. | 2025-11-18 | not yet calculated | CVE-2025-63227 | https://www.dbbroadcast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63227_Mozart_FM_Transmitter_authenticated_File_Upload   |
| n/a–Mozart FM Transmitter version WEBMOZZI-00287 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise. | 2025-11-18 | not yet calculated | CVE-2025-63228 | https://www.dbbroadcast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63228_Mozart_FM_Transmitter_Unauthenticated_File_Upload   |
| n/a–Mozart FM Transmitter version WEBMOZZI-00287 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim’s browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions. | 2025-11-18 | not yet calculated | CVE-2025-63229 | https://www.dbbroadcast.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63229_Mozart_FM_Transmitter_xss   |
| n/a–MyScreenTools v2.2.1.0 | MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability exists in the CMD() function within GIFSicleToolForm_gif_sicle_tool.cs, which constructs shell commands by concatenating unsanitized user input (file paths) and executes them via cmd.exe. | 2025-11-17 | not yet calculated | CVE-2025-63916 | https://github.com/luotengyuan/MyScreenTools/blob/master/GIFSicleTool/Form_gif_sicle_tool.cs https://github.com/luotengyuan/MyScreenTools/tree/master https://github.com/cydtseng/Vulnerability-Research/blob/main/myscreentools/OSCommandInjection-GifCompression.md   |
| n/a–FS[.]com | FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server. | 2025-11-20 | not yet calculated | CVE-2025-25613 | http://fs.com http://s3150-8t2f.com https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki   |
| n/a–openml.org | The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as “%d %H:%M:%S” without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover. | 2025-11-18 | not yet calculated | CVE-2025-55796 | https://github.com/openml https://github.com/openml/openml.org https://github.com/openml/openml.org/security/advisories/GHSA-xfjh-gf9p-8qr6   |
| n/a–n/a | A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the execute_query method. The vulnerability stems from the exposure of dangerous Python built-in functions (__import__, getattr, hasattr) in the execution namespace and the direct use of exec() to execute user-supplied code. An attacker can craft malicious queries to execute arbitrary Python code, leading to AWS credential theft (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY), file system access, environment variable disclosure, and potential system compromise. The vulnerability allows attackers to bypass intended security controls and gain unauthorized access to sensitive AWS resources and credentials stored in the server’s environment. | 2025-11-18 | not yet calculated | CVE-2025-63604 | https://github.com/baryhuang/mcp-server-aws-resources-python/issues/8   |
| n/a–Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 | The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials. | 2025-11-19 | not yet calculated | CVE-2025-63210 | https://www.newtec.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation   |
| n/a–Open Source Point of Sale 3.4.1 | The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password change request, the backend still returns a successful response and sets the password to an empty string. This effectively disables authentication and may allow unauthorized access to user or administrative accounts. | 2025-11-18 | not yet calculated | CVE-2025-63800 | https://github.com/opensourcepos/opensourcepos https://opensourcepos.org/ https://github.com/omkaryepre/vulnerability-research/tree/main/CVE-2025-63800   |
| n/a–OpenRapid RapidCMS 1.3.1 | OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php. | 2025-11-17 | not yet calculated | CVE-2025-64046 | http://rapidcms.com https://gist.github.com/b1uel0n3/c8467f156f523fcf16dc572a34693126   |
| n/a–PDFPatcher thru 1.1.3.4663 | PDFPatcher thru 1.1.3.4663 executable’s XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET’s XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim’s filesystem, exfiltrate sensitive data via out-of-band (OOB) HTTP requests, perform SSRF attacks against internal network resources, or cause a denial of service via entity expansion attacks. | 2025-11-17 | not yet calculated | CVE-2025-63917 | https://www.cnblogs.com/pdfpatcher https://github.com/wmjordan/PDFPatcher https://github.com/cydtseng/Vulnerability-Research/blob/main/pdfpatcher/XXE-Importers.md   |
| n/a–PDFPatcher  | PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations. | 2025-11-17 | not yet calculated | CVE-2025-63918 | https://www.cnblogs.com/pdfpatcher https://github.com/wmjordan/PDFPatcher https://github.com/cydtseng/Vulnerability-Research/blob/main/pdfpatcher/DirectoryTraversal-ImageExport.md   |
| n/a–PHPGurukul Complaint Management System 2.0 | PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php. | 2025-11-17 | not yet calculated | CVE-2024-44654 | https://phpgurukul.com/complaint-management-sytem https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44654.md   |
| n/a–PHPGurukul Complaint Management System 2.0 | PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php. | 2025-11-17 | not yet calculated | CVE-2024-44655 | https://phpgurukul.com/complaint-management-sytem https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44655.md   |
| n/a–PHPGurukul Complaint Management System 2.0 | PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. | 2025-11-17 | not yet calculated | CVE-2024-44657 | https://phpgurukul.com/complaint-management-sytem https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44657.md   |
| n/a–PHPGurukul Complaint Management System 2.0 | PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php. | 2025-11-17 | not yet calculated | CVE-2024-44658 | https://phpgurukul.com/complaint-management-sytem https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44658.md   |
| n/a–PHPGurukul Complaint Management System 2.0 | PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. | 2025-11-17 | not yet calculated | CVE-2024-46335 | https://phpgurukul.com/complaint-management-sytem https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46335.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php. | 2025-11-17 | not yet calculated | CVE-2024-44659 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44659.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php. | 2025-11-17 | not yet calculated | CVE-2024-44660 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44660.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php. | 2025-11-17 | not yet calculated | CVE-2024-44661 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44661.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page. | 2025-11-17 | not yet calculated | CVE-2024-44662 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44662.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php. | 2025-11-17 | not yet calculated | CVE-2024-44663 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44663.md   |
| n/a–PHPGurukul Online Shopping Portal 2.0 | PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php. | 2025-11-17 | not yet calculated | CVE-2024-44664 | https://phpgurukul.com/shopping-portal-free-download/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44664.md   |
| n/a–PHPGurukul Small CRM 3.0 | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php. | 2025-11-17 | not yet calculated | CVE-2024-44641 | https://phpgurukul.com/small-crm-php/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44641.md   |
| n/a–PHPGurukul Small CRM 3.0 | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php. | 2025-11-17 | not yet calculated | CVE-2024-44644 | https://phpgurukul.com/small-crm-php/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44644.md   |
| n/a–PHPGurukul Small CRM 3.0 | PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. | 2025-11-17 | not yet calculated | CVE-2024-44647 | https://phpgurukul.com/small-crm-php/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44647.md   |
| n/a–PHPGurukul Small CRM 3.0 | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php. | 2025-11-17 | not yet calculated | CVE-2024-44648 | https://phpgurukul.com/small-crm-php/ https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44648.md   |
| n/a–PHPGurukul Student Record System v3.2 | A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | 2025-11-18 | not yet calculated | CVE-2025-63955 | https://phpgurukul.com/student-record-system-php/ https://github.com/Wayne-arul/CVE-Disclosures/tree/main/CVE-2025-63955   |
| n/a–phpPgAdmin 7.13.0 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims’ browsers, potentially leading to session hijacking, credential theft, or other malicious actions. | 2025-11-20 | not yet calculated | CVE-2025-60796 | https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316 https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29 https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35 https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md   |
| n/a–phpPgAdmin 7.13.0 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST[‘query’] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST[‘query’]). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation. | 2025-11-20 | not yet calculated | CVE-2025-60797 | https://github.com/phppgadmin/phppgadmin/blob/master/dataexport.php#L118 https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60797.md   |
| n/a–phpPgAdmin 7.13.0 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST[‘query’] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise. | 2025-11-20 | not yet calculated | CVE-2025-60798 | https://github.com/phppgadmin/phppgadmin/blob/master/display.php#L396 https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60797.md https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60798.md   |
| n/a–phpPgAdmin 7.13.0 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters (‘subject’, ‘server’, ‘database’, ‘queryid’) without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION[‘sqlquery’] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data. | 2025-11-20 | not yet calculated | CVE-2025-60799 | https://github.com/phppgadmin/phppgadmin/blob/master/sql.php#L68-L76 https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60799.md   |
| n/a–Pixeon WebLaudos 25.1 (01) | A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 (01). The sle_sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be executed in the victim’s browser within the security context of the vulnerable application. This issue could allow attackers to steal session cookies, disclose sensitive information, perform unauthorized actions on behalf of the user, or conduct phishing attacks. | 2025-11-19 | not yet calculated | CVE-2025-63243 | https://www.pixeon.com/ https://medium.com/@wagneralves_87750/cve-2025-63243-reflected-cross-site-scripting-in-loginalterarsenha-asp-via-sle-slogin-parameter-53808fbbeeee   |
| n/a–pnetlab 5.3.11 | pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options parameter. | 2025-11-18 | not yet calculated | CVE-2025-63749 | https://github.com/XunMInt/cve/blob/main/Pnetlab-20251013.md   |
| n/a–QaTraq 6.9.2 | QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the “Add Attachment” feature in the “Test Script” module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the “View Attachment” option, which executes the PHP payload on the server. | 2025-11-17 | not yet calculated | CVE-2025-63748 | http://qatraq.com https://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce   |
| n/a–QaTraq 6.9.2 ships | QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access. | 2025-11-17 | not yet calculated | CVE-2025-63747 | http://qatraq.com https://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce   |
| n/a–Qlik Sense Enterprise v14.212.13 | Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. | 2025-11-20 | not yet calculated | CVE-2025-61138 | https://gist.github.com/Israel0x00/8a81ec98162e9ca8e4a3a6c8b4ef4762   |
| n/a–Quark Cloud Drive v3.23.2 | Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application’s startup directory, which will be loaded and executed when the user launches the program. | 2025-11-20 | not yet calculated | CVE-2025-63685 | https://github.com/QIU-DIE/CVE/issues/5   |
| n/a–QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) | The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software. | 2025-11-19 | not yet calculated | CVE-2025-63213 | https://qvidium.tv/ https://undercodetesting.com/zero-day-vulnerabilities-discovered-in-qvidium-opera11-remote-code-execution-rce-exploit/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63213_QVidium%20Opera11%20RCE   |
| n/a–R.V.R Elettronica TEX | The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise. | 2025-11-19 | not yet calculated | CVE-2025-63207 | https://www.rvr.it/en/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control   |
| n/a–Requarks Wiki.js 2.5.307 | Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism. | 2025-11-18 | not yet calculated | CVE-2025-56643 | https://github.com/0xBS0D27/CVE-2025-56643   |
| n/a–RichFilemanager v2.7.6 | An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-11-18 | not yet calculated | CVE-2025-63994 | https://github.com/psolom/RichFilemanager/issues/412   |
| n/a–Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) | The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target’s logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities. | 2025-11-18 | not yet calculated | CVE-2025-63226 | https://www.sencore.com/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking   |
| n/a–Snipe-IT v8.3.4 | Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page. | 2025-11-20 | not yet calculated | CVE-2025-64027 | https://github.com/grokability/snipe-it https://github.com/cybercrewinc/CVE-2025-64027/   |
| n/a–Sound4 FIRST | The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | 2025-11-19 | not yet calculated | CVE-2025-63220 | https://www.sound4helpdesk.com/ https://www.sound4helpdesk.com/first-downloads/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63220_Sound4%20FIRST%20RCE   |
| n/a–Sound4 IMPACT | The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | 2025-11-18 | not yet calculated | CVE-2025-63215 | https://www.sound4helpdesk.com/ https://www.sound4helpdesk.com/impact-downloads/ https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-63215%20_%20Sound4%20IMPACT%20%20RCE   |
| n/a–SourceCodester AI Font Matcher (nid=18425, 2025-10-10) | Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims’ browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts. | 2025-11-17 | not yet calculated | CVE-2025-63708 | https://www.sourcecodester.com/javascript/18425/ai-font-matcher-using-html-css-and-javascript-source-code.html https://github.com/DylanDavis1/CVE-2025-64708   |
| n/a–SourceCodester Student Grades Management System 1.0 | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting. | 2025-11-18 | not yet calculated | CVE-2025-63892 | http://student.com http://sourcecodester.com https://github.com/minhajultaivin/security-advisories/blob/main/CVE-2025-63892.md   |
| n/a–SWISH prolog thru 2.2.0 | Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook. | 2025-11-20 | not yet calculated | CVE-2025-63848 | https://github.com/SWI-Prolog https://github.com/coderMohammed1/CVE-2025-63848   |
| n/a–Tenda AC21 V16.03.08.16 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. | 2025-11-20 | not yet calculated | CVE-2025-65220 | https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN1.md   |
| n/a–Tenda AC21 V16.03.08.16 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. | 2025-11-20 | not yet calculated | CVE-2025-65221 | https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN2.md   |
| n/a–Tenda AC21 V16.03.08.16 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. | 2025-11-20 | not yet calculated | CVE-2025-65222 | https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN3.md   |
| n/a–Tenda AC21 V16.03.08.16 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. | 2025-11-20 | not yet calculated | CVE-2025-65223 | https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN4.md   |
| n/a–Tenda AC21 V16.03.08.16 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. | 2025-11-20 | not yet calculated | CVE-2025-65226 | https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN5.md   |
| n/a–ThinkPHP 5.0.24 | The read function in file thinkphplibrarythinktemplatedriverFile.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. | 2025-11-20 | not yet calculated | CVE-2025-63888 | https://www.yuque.com/lcc316/df0kgm/mglhbxltgbmzfh2s https://gist.github.com/Master-0-0/0bf54cbb335b586b42b0db0db804e7aa   |
| n/a–ThinkPHP 5.0.24 | The fetch function in file thinkphplibrarythinkTemplate.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. | 2025-11-20 | not yet calculated | CVE-2025-63889 | https://www.yuque.com/lcc316/df0kgm/xqkrw5rfz5vqxo9t https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26   |
| n/a–weijiang1994 university-bbs | An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods. | 2025-11-20 | not yet calculated | CVE-2025-63807 | https://gist.github.com/Rycarl-Furry/3e93c6f0d48a29518adf341e0fc7e2dd   |
| Nagios–Log Server | Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental ‘Natural Language Queries’ feature. Configuration values for this feature are read from the application settings and incorporated into a system command without adequate validation or restriction of special characters. An authenticated user with access to global configuration can abuse these settings to execute arbitrary operating system commands with the privileges of the web server account, leading to compromise of the Log Server host. | 2025-11-17 | not yet calculated | CVE-2025-34322 | https://www.nagios.com/products/security/#log-server https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/ https://www.vulncheck.com/advisories/nagios-log-server-authenticated-command-injection-via-natural-language-queries   |
| Nagios–Log Server | Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account is granted passwordless sudo access to certain maintenance scripts while also being a member of a group that has write access to the directory containing those scripts. A local attacker running as the web server user can replace one of the permitted scripts with a malicious program and then execute it via sudo, resulting in arbitrary code execution with root privileges. | 2025-11-17 | not yet calculated | CVE-2025-34323 | https://www.nagios.com/products/security/#log-server https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/ https://www.vulncheck.com/advisories/nagios-log-server-local-privilege-escalation-via-writable-scripts-and-sudo-rules   |
| NEC Corporation–RakurakuMusen Start EX | DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user’s device. | 2025-11-19 | not yet calculated | CVE-2025-12852 | https://jpn.nec.com/security-info/secinfo/nv25-007_en.html   |
| Nelio Software–Nelio Popups | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0. | 2025-11-21 | not yet calculated | CVE-2025-66111 | https://vdp.patchstack.com/database/Wordpress/Plugin/nelio-popups/vulnerability/wordpress-nelio-popups-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| octolize–Cart Weight for WooCommerce | Missing Authorization vulnerability in octolize Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11. | 2025-11-21 | not yet calculated | CVE-2025-66109 | https://vdp.patchstack.com/database/Wordpress/Plugin/woo-cart-weight/vulnerability/wordpress-cart-weight-for-woocommerce-plugin-1-9-11-broken-access-control-vulnerability?_s_id=cve   |
| openfga–openfga | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1. | 2025-11-21 | not yet calculated | CVE-2025-64751 | https://github.com/openfga/openfga/security/advisories/GHSA-2c64-vmv2-hgfc https://github.com/openfga/openfga/releases/tag/v1.11.1   |
| OpenText–uCMDB | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4. | 2025-11-19 | not yet calculated | CVE-2025-11884 | https://portal.microfocus.com/s/article/KM000043674?language=en_US   |
| OSC–ondemand | Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability. | 2025-11-20 | not yet calculated | CVE-2025-64185 | https://github.com/OSC/ondemand/security/advisories/GHSA-r2cg-hg78-gq9p   |
| pjsip–pjproject | PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16. | 2025-11-21 | not yet calculated | CVE-2025-65102 | https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39×7-h8g5 https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa8f   |
| Progress–DataDirect Connect for JDBC for Amazon Redshift | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.   This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022 | 2025-11-19 | not yet calculated | CVE-2025-10702 | https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025   |
| Progress–DataDirect Connect for JDBC for Amazon Redshift | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.  If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.  If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.  The attacker could fetch the resource from the server causing the java script to be executed. This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022 | 2025-11-19 | not yet calculated | CVE-2025-10703 | https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025   |
| Property Hive–PropertyHive | Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12. | 2025-11-21 | not yet calculated | CVE-2025-66087 | https://vdp.patchstack.com/database/Wordpress/Plugin/propertyhive/vulnerability/wordpress-propertyhive-plugin-2-1-12-broken-access-control-vulnerability?_s_id=cve   |
| Revive–Revive Adserver | Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users’ email address and potentialy take over their accounts using the forgot password functionality. | 2025-11-20 | not yet calculated | CVE-2025-48986 | https://hackerone.com/reports/3398283   |
| Revive–Revive Adserver | Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack. | 2025-11-20 | not yet calculated | CVE-2025-48987 | https://hackerone.com/reports/3399191   |
| Revive–Revive Adserver | Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error. | 2025-11-20 | not yet calculated | CVE-2025-52666 | https://hackerone.com/reports/3399218   |
| Revive–Revive Adserver | Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. | 2025-11-20 | not yet calculated | CVE-2025-52667 | https://hackerone.com/reports/3399809   |
| Revive–Revive Adserver | Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack. | 2025-11-20 | not yet calculated | CVE-2025-52668 | https://hackerone.com/reports/3400506   |
| Revive–Revive Adserver | Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system. | 2025-11-20 | not yet calculated | CVE-2025-52669 | https://hackerone.com/reports/3401464   |
| Revive–Revive Adserver | Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts | 2025-11-20 | not yet calculated | CVE-2025-52670 | https://hackerone.com/reports/3401612   |
| Revive–Revive Adserver | Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use. | 2025-11-20 | not yet calculated | CVE-2025-52671 | https://hackerone.com/reports/3403450   |
| Revive–Revive Adserver | Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. | 2025-11-20 | not yet calculated | CVE-2025-55123 | https://hackerone.com/reports/3404968   |
| Revive–Revive Adserver | Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script. | 2025-11-20 | not yet calculated | CVE-2025-55124 | https://hackerone.com/reports/3403727   |
| Revive–Revive Adserver | HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS | 2025-11-20 | not yet calculated | CVE-2025-55126 | https://hackerone.com/reports/3411750   |
| Revive–Revive Adserver | HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion. | 2025-11-20 | not yet calculated | CVE-2025-55127 | https://hackerone.com/reports/3413764   |
| Revive–Revive Adserver | HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service | 2025-11-20 | not yet calculated | CVE-2025-55128 | https://hackerone.com/reports/3413890   |
| Sabuj Kundu–CBX Bookmark & Favorite | Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1. | 2025-11-21 | not yet calculated | CVE-2025-66101 | https://vdp.patchstack.com/database/Wordpress/Plugin/cbxwpbookmark/vulnerability/wordpress-cbx-bookmark-favorite-plugin-2-0-1-broken-access-control-vulnerability?_s_id=cve   |
| Scott Paterson–Subscriptions & Memberships for PayPal | Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7. | 2025-11-21 | not yet calculated | CVE-2025-66107 | https://vdp.patchstack.com/database/Wordpress/Plugin/subscriptions-memberships-for-paypal/vulnerability/wordpress-subscriptions-memberships-for-paypal-plugin-1-1-7-broken-access-control-vulnerability?_s_id=cve   |
| Shahjahan Jewel–FluentCommunity | Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentCommunity: from n/a through <= 2.0.0. | 2025-11-21 | not yet calculated | CVE-2025-66084 | https://vdp.patchstack.com/database/Wordpress/Plugin/fluent-community/vulnerability/wordpress-fluentcommunity-plugin-2-0-0-broken-access-control-vulnerability?_s_id=cve   |
| Shelly–Pro 3EM | Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. | 2025-11-19 | not yet calculated | CVE-2025-12056 | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-12056 https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-03   |
| Shelly–Pro 4PM | Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network. | 2025-11-19 | not yet calculated | CVE-2025-11243 | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11243 https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02   |
| silabs.com–RS9116W | In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation | 2025-11-17 | not yet calculated | CVE-2025-4321 | https://community.silabs.com/068Vm00000YV9DL   |
| sonalsinha21–SKT Skill Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5. | 2025-11-21 | not yet calculated | CVE-2025-66090 | https://vdp.patchstack.com/database/Wordpress/Plugin/skt-skill-bar/vulnerability/wordpress-skt-skill-bar-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve   |
| SonicWall–Email Security | Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. | 2025-11-20 | not yet calculated | CVE-2025-40604 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018   |
| SonicWall–Email Security | A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. | 2025-11-20 | not yet calculated | CVE-2025-40605 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018   |
| SonicWall–SonicOS | A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 2025-11-20 | not yet calculated | CVE-2025-40601 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62293 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62294 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62295 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62296 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62297 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62729 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user’s right and privileges. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62730 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| SOPlanning–SOPlanning | SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint. This issue was fixed in version 1.55. | 2025-11-20 | not yet calculated | CVE-2025-62731 | https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/   |
| Stiofan–UsersWP | Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47. | 2025-11-21 | not yet calculated | CVE-2025-66072 | https://vdp.patchstack.com/database/Wordpress/Plugin/userswp/vulnerability/wordpress-userswp-plugin-1-2-47-broken-access-control-vulnerability?_s_id=cve   |
| SUSE–openSUSE Tumbleweed | An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1. | 2025-11-20 | not yet calculated | CVE-2025-62875 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875 https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html   |
| Syed Balkhi–Giveaways and Contests by RafflePress | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20. | 2025-11-21 | not yet calculated | CVE-2025-66064 | https://vdp.patchstack.com/database/Wordpress/Plugin/rafflepress/vulnerability/wordpress-giveaways-and-contests-by-rafflepress-plugin-1-12-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve   |
| theme funda–Show Variations as Single Products Woocommerce | Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2.0. | 2025-11-21 | not yet calculated | CVE-2025-66114 | https://vdp.patchstack.com/database/Wordpress/Plugin/woo-show-single-variations-shop-category/vulnerability/wordpress-show-variations-as-single-products-woocommerce-plugin-2-0-broken-access-control-vulnerability?_s_id=cve   |
| ThemeAtelier–Better Chat Support for Messenger | Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through <= 1.2.18. | 2025-11-21 | not yet calculated | CVE-2025-66113 | https://vdp.patchstack.com/database/Wordpress/Plugin/better-chat-support/vulnerability/wordpress-better-chat-support-for-messenger-plugin-1-2-18-broken-access-control-vulnerability?_s_id=cve   |
| ThemeAtelier–Chat Help | Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. | 2025-11-21 | not yet calculated | CVE-2025-66099 | https://vdp.patchstack.com/database/Wordpress/Plugin/chat-help/vulnerability/wordpress-chat-help-plugin-3-1-3-broken-access-control-vulnerability?_s_id=cve   |
| Themeisle–PPOM for WooCommerce | Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16. | 2025-11-21 | not yet calculated | CVE-2025-66069 | https://vdp.patchstack.com/database/Wordpress/Plugin/woocommerce-product-addon/vulnerability/wordpress-ppom-for-woocommerce-plugin-33-0-16-broken-access-control-vulnerability?_s_id=cve   |
| Times Software–E-Payroll | Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been prevented probably by backend filtering mechanisms. Additionally, command injection attempts cause the application to return extensive error messages disclosing some information about the internal infrastructure.  Patching status is unknown because the vendor has not replied to messages sent by the CNA. | 2025-11-18 | not yet calculated | CVE-2025-9977 | https://cert.pl/en/posts/2025/11/CVE-2025-9977 https://www.timesoftsg.com.sg/payroll-software/   |
| Tinexta InfoCert S.p.A.–GoSign Desktop | GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update. | 2025-11-18 | not yet calculated | CVE-2025-34324 | https://www.ush.it/2025/11/14/multiple-vulnerabilities-gosign-desktop-remote-code-execution/ https://infocert.digital/consumer/gosign-suite/ https://www.vulncheck.com/advisories/gosign-desktop-insecure-update-mechanism-rce https://www.ush.it/2025/11/14/vulnerabilita-multiple-gosign-desktop-esecuzione-remota-codice-arbitrario/   |
| TP-Link System Inc.–TL-WR940N V6 | Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801. | 2025-11-20 | not yet calculated | CVE-2025-11676 | https://www.tp-link.com/us/support/download/tl-wr940n/v6/#Firmware https://www.tp-link.com/en/support/download/tl-wr940n/v6/#Firmware https://www.tp-link.com/en/support/faq/4755/   |
| tychesoftwares–Arconix Shortcodes | Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcodes: from n/a through <= 2.1.18. | 2025-11-21 | not yet calculated | CVE-2025-66085 | https://vdp.patchstack.com/database/Wordpress/Plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-18-broken-access-control-vulnerability?_s_id=cve   |
| tychesoftwares–Custom Order Numbers for WooCommerce | Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0. | 2025-11-21 | not yet calculated | CVE-2025-66071 | https://vdp.patchstack.com/database/Wordpress/Plugin/custom-order-numbers-for-woocommerce/vulnerability/wordpress-custom-order-numbers-for-woocommerce-plugin-1-11-0-broken-access-control-vulnerability?_s_id=cve   |
| Uncanny Owl–Uncanny Automator | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | 2025-11-21 | not yet calculated | CVE-2025-66056 | https://vdp.patchstack.com/database/Wordpress/Plugin/uncanny-automator/vulnerability/wordpress-uncanny-automator-plugin-6-10-0-sensitive-data-exposure-vulnerability?_s_id=cve   |
| Unknown–attention-bar | The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks | 2025-11-20 | not yet calculated | CVE-2025-12502 | https://wpscan.com/vulnerability/75e63134-4c8a-45fd-b7fc-db40644ddb8c/   |
| Unknown–Mstoreapp Mobile App | The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address. | 2025-11-21 | not yet calculated | CVE-2025-11127 | https://wpscan.com/vulnerability/6432bd1a-6e44-4a3f-890b-df2bd877d626/   |
| Unknown–W3 Total Cache | The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post. | 2025-11-17 | not yet calculated | CVE-2025-9501 | https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/   |
| Unknown–WavePlayer | The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE | 2025-11-19 | not yet calculated | CVE-2025-12057 | https://wpscan.com/vulnerability/110db433-01ec-47ea-b74f-c3faa1757a3c/   |
| upKeeper Solutions–upKeeper Manager | Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12. | 2025-11-19 | not yet calculated | CVE-2025-11446 | https://support.upkeeper.se/hc/en-us/articles/23693858370076-CVE-2025-11446-Insertion-of-Sensitive-Information-into-Log-File   |
| Vivotek–Affected device model numbers are FD7131-VVTK,FD7131-VVTK,FD7131-VVTK,FD7141-VVTK,IP7131-VVTK,IP7133-VVTK,IP7133-VVTK,IP7133-VVTK,IP7134-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7138-VVTK,IP7142-VVTK,IP7142-VVTK,IP7151-VVTK,IP7152-VVTK,IP7153-VVTK,IP7153-VVTK,IP7154-VVTK,IP7330-VVTK,IP7330-VVTK,IP7330-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131W-VVTK,PT7135-VVTK,PT7137-TCON,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PZ7131-VVTK,PZ7131-VVTK,PZ71X1-VVTK,PZ71X1-VVTK,PZ71X2-VVTK,SD73X3-VVTK,SD73X3-VVTK,SD73X3-VVTK,TC5330-VVTK,TC5332-TCVV,TC5333-TCVV,TC5633-TCVV,TC5633-VVTK,VS7100-VVTK,VS7100-VVTK,VS7100-VVTK | Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | 2025-11-19 | not yet calculated | CVE-2025-12592 | https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware http://www.vapidlabs.com/advisory.php?v=219   |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1. | 2025-11-21 | not yet calculated | CVE-2025-62372 | https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw https://github.com/vllm-project/vllm/pull/27204 https://github.com/vllm-project/vllm/pull/6613 https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b   |
| wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on “C:Program Files (x86)ossec-agentauthd.pass” exposes the password to all “Authenticated Users” on the local machine. This issue has been patched in version 4.13.0. | 2025-11-21 | not yet calculated | CVE-2025-54866 | https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37 https://github.com/wazuh/wazuh/pull/31187 https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143 https://github.com/wazuh/wazuh/releases/tag/v4.13.0   |
| wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0. | 2025-11-21 | not yet calculated | CVE-2025-64169 | https://github.com/wazuh/wazuh/security/advisories/GHSA-hc35-h924-8596   |
| wazuh–wazuh-dashboard-plugins | Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0. | 2025-11-21 | not yet calculated | CVE-2025-64483 | https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj   |
| WBCE–WBCE_CMS | WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4. | 2025-11-19 | not yet calculated | CVE-2025-65094 | https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-hmmw-4ccm-fx44 https://github.com/WBCE/WBCE_CMS/commit/96046178f4c80cf16f7c224054dec7fdadddda7e   |
| WebToffee–Accessibility Toolkit by WebYes | Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4. | 2025-11-21 | not yet calculated | CVE-2025-66112 | https://vdp.patchstack.com/database/Wordpress/Plugin/accessibility-plus/vulnerability/wordpress-accessibility-toolkit-by-webyes-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve   |
| WebToffee–Product Feed for WooCommerce | Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1. | 2025-11-21 | not yet calculated | CVE-2025-66089 | https://vdp.patchstack.com/database/Wordpress/Plugin/webtoffee-product-feed/vulnerability/wordpress-product-feed-for-woocommerce-plugin-2-3-1-broken-access-control-vulnerability?_s_id=cve   |
| withastro–astro | Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI). This discrepancy may allow attackers to reach protected routes using encoded path variants that pass routing but bypass validation checks. This issue has been patched in version 5.15.8. | 2025-11-19 | not yet calculated | CVE-2025-64765 | https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794 https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce   |
| wofSSL–wolfSSL | Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions. | 2025-11-21 | not yet calculated | CVE-2025-11933 | https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9132   |
| wolfSSL–wolfSSL | Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. | 2025-11-21 | not yet calculated | CVE-2025-11931 | https://github.com/wolfSSL/wolfssl/pull/9223   |
| wolfSSL–wolfSSL | The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder | 2025-11-21 | not yet calculated | CVE-2025-11932 | https://github.com/wolfSSL/wolfssl/pull/9223   |
| wolfSSL–wolfSSL | Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256. | 2025-11-21 | not yet calculated | CVE-2025-11934 | https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9113   |
| wolfSSL–wolfSSL | With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection. | 2025-11-21 | not yet calculated | CVE-2025-11935 | https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9112   |
| wolfSSL–wolfSSL | Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing. | 2025-11-21 | not yet calculated | CVE-2025-11936 | https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9117   |
| wolfSSL–wolfSSL | Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. | 2025-11-21 | not yet calculated | CVE-2025-12888 | https://https://github.com/wolfSSL/wolfssl/pull/9275   |
| wolfSSL–wolfSSL | With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest. | 2025-11-21 | not yet calculated | CVE-2025-12889 | https://github.com/wolfSSL/wolfssl/pull/9395   |
| workos–authkit-nextjs | The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication. | 2025-11-21 | not yet calculated | CVE-2025-64762 | https://github.com/workos/authkit-nextjs/security/advisories/GHSA-p8pf-44ff-93gf https://github.com/workos/authkit-nextjs/commit/94cf438124993abb0e7c19dac64c3cb5724a15ea https://github.com/workos/authkit-nextjs/releases/tag/v2.11.1   |
| WP Legal Pages–WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3. | 2025-11-21 | not yet calculated | CVE-2025-66075 | https://vdp.patchstack.com/database/Wordpress/Plugin/gdpr-cookie-consent/vulnerability/wordpress-wp-cookie-notice-for-gdpr-ccpa-eprivacy-consent-plugin-4-0-3-broken-access-control-vulnerability?_s_id=cve   |
| wpWax–Legal Pages | Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6. | 2025-11-21 | not yet calculated | CVE-2025-66077 | https://vdp.patchstack.com/database/Wordpress/Plugin/legal-pages/vulnerability/wordpress-legal-pages-plugin-1-4-6-broken-access-control-vulnerability?_s_id=cve   |