77 CVEs tracked today. 1 Critical, 12 High, 50 Medium, 7 Low.
-
CVE-2025-68263
CRITICAL
CVSS 9.8
Use-after-free in Linux ksmbd IPC handler allows remote unauthenticated attackers to trigger memory corruption via race condition in generic netlink reply processing. The flaw (CVSS 9.8 critical, network-reachable) affects ksmbd's ipc_msg_send_request() function where concurrent access to response buffers occurs without proper locking. EPSS data not provided; no CISA KEV listing identified at time of analysis. Multiple upstream kernel commits available across stable branches indicate vendor-released patches exist.
Linux
Use After Free
Red Hat
Linux Kernel
Suse
-
CVE-2025-68067
HIGH
CVSS 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.
PHP
Information Disclosure
LFI
-
CVE-2025-68066
HIGH
CVSS 7.5
Local file inclusion in PenciDesign Soledad WordPress theme versions through 8.7.0 allows authenticated attackers with low privileges to include and execute arbitrary PHP files via improper filename control in include/require statements. Attack complexity is high (AC:H), requiring specific server configuration or authenticated access to exploit. No active exploitation confirmed at time of analysis, but vulnerability class (CWE-98) is commonly targeted once POC becomes available. EPSS data not provided; exploitation status unknown beyond vendor disclosure.
PHP
Information Disclosure
LFI
-
CVE-2025-68065
HIGH
CVSS 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.
PHP
Information Disclosure
LFI
-
CVE-2025-68061
HIGH
CVSS 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.
PHP
Information Disclosure
LFI
-
CVE-2025-68056
HIGH
CVSS 8.5
SQL injection in LBG Zoominoutslider WordPress plugin versions through 5.4.4 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause denial of service. The vulnerability enables cross-scope impact, meaning attackers can access resources beyond their authorized privilege level. EPSS probability is low (0.04%, 14th percentile), indicating limited observed exploitation activity, though Patchstack's disclosure suggests active security community awareness.
SQLi
-
CVE-2025-68055
HIGH
CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.
SQLi
-
CVE-2025-68054
HIGH
CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
SQLi
-
CVE-2025-68053
HIGH
CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.
SQLi
-
CVE-2025-67999
HIGH
CVSS 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.
SQLi
-
CVE-2025-67962
HIGH
CVSS 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.
SQLi
-
CVE-2025-67950
HIGH
CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
SQLi
-
CVE-2025-10450
HIGH
CVSS 8.3
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.
Authentication Bypass
Connext Professional
-
CVE-2025-68085
MEDIUM
CVSS 5.4
Authenticated users with limited privileges can modify plugin settings and access functionality they should not have access to via missing authorization checks in Buttoner for Elementor through version 1.0.6. The vulnerability requires valid WordPress user credentials but no administrative role, allowing privilege escalation within the plugin's configuration interface. EPSS score of 0.05% indicates low exploitation probability despite network accessibility.
Authentication Bypass
-
CVE-2025-68084
MEDIUM
CVSS 5.4
Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.3.
Authentication Bypass
-
CVE-2025-68083
MEDIUM
CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0.
CSRF
-
CVE-2025-68082
MEDIUM
CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32.
CSRF
-
CVE-2025-68079
MEDIUM
CVSS 6.5
Stored cross-site scripting (XSS) in ThemeNectar Salient Shortcodes WordPress plugin through version 1.5.4 allows authenticated users with low privileges to inject malicious scripts that execute in the context of higher-privileged administrators or other site visitors. The vulnerability requires user interaction (UI:R in CVSS vector) and affects the shortcode generation functionality, enabling persistence of malicious payloads in page content. EPSS score of 0.06% indicates low real-world exploitation probability despite the moderate CVSS 6.5 rating.
XSS
-
CVE-2025-68071
MEDIUM
CVSS 6.5
Authorization bypass in Essential Real Estate WordPress plugin versions through 5.2.9 allows authenticated users to access sensitive real estate data they should not have permission to view through user-controlled key manipulation. The vulnerability exploits incorrectly configured access control at the application level, enabling privilege escalation from a standard user account to view confidential information such as property details or pricing. No public exploit code has been identified, and the EPSS score of 0.04% indicates low exploitation probability despite the CVSS 6.5 severity rating.
Authentication Bypass
-
CVE-2025-68070
MEDIUM
CVSS 6.5
Stored cross-site scripting (XSS) in VK Google Job Posting Manager WordPress plugin versions up to 1.2.22 allows authenticated users with low privileges to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators. The vulnerability requires user interaction (clicking a link or viewing a malicious page) to trigger payload execution and affects the plugin's web page generation functionality. EPSS probability of exploitation is notably low at 0.04%, suggesting this is primarily a theoretical risk without documented active exploitation.
PHP
WordPress
XSS
-
CVE-2025-67989
MEDIUM
CVSS 5.4
Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3.
SSRF
-
CVE-2025-67986
MEDIUM
CVSS 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.
XSS
-
CVE-2025-67985
MEDIUM
CVSS 5.3
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through <= 1.1.7.
Authentication Bypass
-
CVE-2025-67965
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3.
Authentication Bypass
-
CVE-2025-67929
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
WordPress
Authentication Bypass
-
CVE-2025-67912
MEDIUM
CVSS 6.5
Stored cross-site scripting (XSS) in Premio Stars Testimonials WordPress plugin versions 3.3.4 and below allows authenticated users to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators or visitors. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting immediate risk, but the stored nature means injected payloads persist and affect multiple users. No public exploit code or active KEV status is documented, though the 6.5 CVSS score reflects moderate severity when considering cross-site impact.
PHP
WordPress
XSS
-
CVE-2025-66134
MEDIUM
CVSS 5.4
Missing authorization in NinjaTeam FileBird Pro WordPress plugin versions up to 6.5.1 allows authenticated users to access and modify files they should not have permission to view or edit due to incorrectly configured access control security levels. The vulnerability requires valid user credentials but can lead to disclosure and modification of sensitive files within the plugin's file management interface. EPSS exploitation probability is low at 0.04%, and no public exploit code has been identified at the time of analysis.
Authentication Bypass
-
CVE-2025-66133
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
Authentication Bypass
-
CVE-2025-66132
MEDIUM
CVSS 5.3
Authorization bypass in FAPI Member WordPress plugin through version 2.2.29 allows unauthenticated remote attackers to access or modify resources via insecure direct object references (IDOR) exploiting misconfigured access control security levels. The vulnerability requires no authentication, low attack complexity, and results in confidentiality and integrity impact without availability compromise. EPSS score of 0.04% indicates minimal real-world exploitation probability despite the moderate CVSS score.
Authentication Bypass
-
CVE-2025-66131
MEDIUM
CVSS 5.3
Broken access control in Yaad Sarig Payment Gateway for WooCommerce (versions ≤2.2.11) allows unauthenticated remote attackers to bypass authorization checks and gain unauthorized access to payment gateway functions. With CVSS 9.1 (Critical) scoring reflecting network-accessible exploitation requiring no privileges or user interaction, attackers can read or modify sensitive payment data. EPSS score of 0.04% (14th percentile) suggests low observed exploitation probability despite severity. No public exploit identified at time of analysis, though the authentication bypass tag indicates potential for unauthorized transaction manipulation or data exposure in WordPress e-commerce environments.
Authentication Bypass
-
CVE-2025-66128
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
WordPress
Authentication Bypass
-
CVE-2025-66127
MEDIUM
CVSS 5.3
Missing authorization in g5theme Essential Real Estate WordPress plugin version 5.2.9 and earlier allows authenticated users to access or modify restricted resources by exploiting inadequately configured access controls. An attacker with low-privilege WordPress account credentials can leverage the broken access control to view sensitive information and make unauthorized modifications without requiring administrative approval. No public exploit code is currently identified, though the vulnerability is documented in the Patchstack security database.
Authentication Bypass
-
CVE-2025-66126
MEDIUM
CVSS 5.3
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.
Information Disclosure
-
CVE-2025-66125
MEDIUM
CVSS 5.3
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.3.
Information Disclosure
-
CVE-2025-66124
MEDIUM
CVSS 5.3
Unauthenticated remote attackers can bypass access controls in ZEEN101 Leaky Paywall WordPress plugin versions up to 4.22.6, gaining unauthorized access to restricted content through incorrectly configured security levels. The vulnerability requires no user interaction and can be exploited over the network, though it is limited to information disclosure (CVSS 5.3, EPSS 0.04%). No public exploit code or active exploitation has been identified at time of analysis.
Authentication Bypass
-
CVE-2025-66122
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
Authentication Bypass
-
CVE-2025-66121
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through <= 1.5.8.
Authentication Bypass
-
CVE-2025-66120
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
Authentication Bypass
-
CVE-2025-64639
MEDIUM
CVSS 5.3
Missing authorization in WP Compress for MainWP plugin versions up to 6.50.17 allows unauthenticated remote attackers to modify plugin settings due to incorrectly configured access control, affecting integrity of compressed content and plugin configuration without requiring authentication or user interaction.
Authentication Bypass
-
CVE-2025-64638
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
WordPress
Authentication Bypass
-
CVE-2025-64635
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
Authentication Bypass
-
CVE-2025-64634
MEDIUM
CVSS 5.3
Broken access control in ThemeFusion Avada WordPress theme through version 7.13.2 allows authenticated attackers with low privileges to access functionality improperly constrained by access control lists, potentially achieving full site compromise. With CVSS 8.8 (High) due to network-based access requiring only low-privilege authentication, attackers can achieve high confidentiality, integrity, and availability impact. EPSS probability remains low at 0.06% (18th percentile), and no public exploit identified at time of analysis, suggesting limited immediate exploitation risk despite the critical CVSS rating.
Authentication Bypass
-
CVE-2025-64632
MEDIUM
CVSS 5.3
Unauthenticated remote attackers can access sensitive sitemap data in Google XML Sitemaps WordPress plugin versions through 4.1.22 due to missing authorization checks on sitemap endpoints. The vulnerability allows unauthorized information disclosure of site structure and indexed pages without requiring authentication or user interaction. While the CVSS score is moderate (5.3), real-world exploitation probability is very low (EPSS 0.04th percentile), suggesting this is primarily an information disclosure risk rather than an active threat.
Authentication Bypass
Google
-
CVE-2025-64631
MEDIUM
CVSS 4.9
WCFM Marketplace plugin through version 3.7.1 fails to properly enforce authorization controls, allowing authenticated users with limited privileges to cause denial of service or access functionality they should not have. The vulnerability affects the WordPress plugin across all installations through the specified version, exploiting incorrectly configured access control security levels via network-accessible endpoints. With an EPSS score of 0.05% and low real-world exploitation probability, this represents a privilege escalation risk primarily for multi-vendor marketplace administrators.
Authentication Bypass
-
CVE-2025-64630
MEDIUM
CVSS 4.9
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
Authentication Bypass
-
CVE-2025-64251
MEDIUM
CVSS 4.9
Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.
Authentication Bypass
-
CVE-2025-64250
MEDIUM
CVSS 4.7
Open redirect vulnerability in wpWax Directorist WordPress plugin versions up to 8.6.6 allows unauthenticated remote attackers to redirect users to arbitrary external websites via crafted URL parameters, enabling phishing attacks. The vulnerability requires user interaction (clicking a malicious link) but has a network attack vector with low complexity. EPSS exploitation probability is very low at 0.04%, and no active exploitation or public proof-of-concept has been identified.
Open Redirect
-
CVE-2025-64249
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
Authentication Bypass
-
CVE-2025-64247
MEDIUM
CVSS 4.3
Missing authorization in the WordPress Read More & Accordion plugin (expand-maker) versions 3.5.5.1 and earlier allows authenticated users to access restricted functionality through incorrectly configured access controls, potentially revealing sensitive information. The vulnerability requires user authentication and network access but carries a CVSS score of 6.5 due to high confidentiality impact, though real-world exploitation probability remains low at 0.04% EPSS. No public exploit code or active exploitation has been identified at time of analysis.
Authentication Bypass
-
CVE-2025-64246
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
Authentication Bypass
-
CVE-2025-64245
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12.
Authentication Bypass
-
CVE-2025-64244
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through <= 1.12.
Authentication Bypass
-
CVE-2025-64243
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
Authentication Bypass
-
CVE-2025-64242
MEDIUM
CVSS 4.3
Inadequately configured access control in Easy Property Listings WordPress plugin versions 3.5.21 and earlier allows authenticated users to access sensitive information they should not be authorized to view. An authenticated attacker with user-level privileges can bypass authorization checks to read property listing data or other restricted content due to missing authorization validation on API endpoints or functionality. EPSS exploitation probability is very low at 0.04%, and no public exploit code has been identified, indicating limited real-world threat despite the authentication-bypass tag.
Authentication Bypass
-
CVE-2025-64241
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.
Authentication Bypass
-
CVE-2025-64239
MEDIUM
CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.
CSRF
-
CVE-2025-64238
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
Authentication Bypass
-
CVE-2025-64237
MEDIUM
CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
CSRF
-
CVE-2025-59001
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
Authentication Bypass
-
CVE-2025-54045
MEDIUM
CVSS 4.3
Authenticated users with limited privileges can access search and replace functionality in CM On Demand Search And Replace WordPress plugin (versions up to 1.5.5) due to missing authorization checks on restricted features. An attacker with basic user credentials can perform privileged actions intended only for administrators, affecting data confidentiality through unauthorized content access. This is confirmed as an authentication bypass vulnerability with low real-world exploitation probability (EPSS 0.04%) despite the missing authorization flaw.
Authentication Bypass
-
CVE-2025-54005
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
Authentication Bypass
-
CVE-2025-14777
MEDIUM
CVSS 6.0
Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.
Authentication Bypass
Privilege Escalation
Red Hat
-
CVE-2025-13794
MEDIUM
CVSS 4.3
Authenticated attackers with Contributor-level access or above can delete or generate featured images on posts they do not own in the Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 4.2.1, due to a missing capability check in the bulk_action_generate_handler function. The vulnerability requires user authentication and has a CVSS score of 4.3; no public exploit code or active exploitation has been confirmed at the time of analysis.
WordPress
Authentication Bypass
-
CVE-2025-68315
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to detect potential corrupted nid in free_nid_list
As reported, on-disk footer.ino and footer.nid is the same and
out-of-range, let's add sanity check on f2fs_alloc_nid() to detect
any potential corruption in free_nid_li...
Information Disclosure
Linux
-
CVE-2025-68265
None
Use-after-free in Linux kernel NVMe subsystem allows local attackers to trigger memory corruption via stale admin request_queue references after controller teardown. The vulnerability affects the kernel's NVMe driver when namespaces retain references to a controller's admin request_queue that remains accessible after the controller has been partially torn down, enabling a local attacker with ioctl access to trigger a slab-use-after-free condition (KASAN detected in blk_queue_enter). EPSS score of 0.03% indicates minimal real-world exploitation probability despite the use-after-free nature, likely due to required local access and specific race condition timing.
Denial Of Service
Linux
Use After Free
Linux Kernel
-
CVE-2025-68256
None
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser
The Information Element (IE) parser rtw_get_ie() trusted the length
byte of each IE without validating that the IE body (len bytes after
the 2-byte header) fits ins...
Buffer Overflow
Denial Of Service
Linux
-
CVE-2025-68239
None
Linux kernel binfmt_misc module fails to restore write access to executable files when error handling closes improperly opened file descriptors, potentially causing subsequent write operations on the same file to fail and creating a denial-of-service condition for legitimate file modifications. The vulnerability affects the bm_register_write() function which uses open_exec() to open executable files with intentionally denied write permissions, but does not call exe_file_allow_write_access() before closing the file on error paths. With an EPSS score of 0.03% (8th percentile), this represents a low exploitation probability; no public exploit has been identified at time of analysis.
Privilege Escalation
Linux
Linux Kernel
-
CVE-2025-68206
None
Linux kernel netfilter FTP NAT helper fails to properly initialize sequence adjustment extensions when connection tracking helper assignment occurs after NAT rule processing, causing FTP PASV/EPSV mode transfers to fail with connection drops and kernel warnings. This affects systems running vulnerable kernel versions that perform NAT operations on FTP control connections (port 21) combined with FTP helper assignment in reverse rule order; the low EPSS score (0.03%, percentile 9%) and lack of active exploitation indicators suggest limited practical exploitability, though the defect prevents legitimate FTP functionality in specific network topologies.
Denial Of Service
Linux
Ftp
Linux Kernel
-
CVE-2025-68175
None
Linux kernel media driver (imx8-isi) improperly releases video streaming resources when any device file operation occurs, allowing local users to interrupt active video capture streams. A simple query operation like 'v4l2-ctl -l' executed on a device while streaming via gstreamer can terminate the stream and trigger kernel warnings. This is a Linux kernel regression affecting i.MX8MP boards and similar platforms using the NXP ISI (Image Sensor Interface) driver; no public exploit code or active exploitation has been identified, and the vulnerability has been resolved upstream via kernel patch.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-54004
LOW
CVSS 2.7
Missing authorization in WCFM - Frontend Manager for WooCommerce through version 6.7.24 allows authenticated users with limited privileges to bypass access controls via incorrectly configured security levels, enabling read-only disclosure of sensitive information. The vulnerability requires user interaction and has a low EPSS score (0.03%, 10th percentile), indicating minimal real-world exploitation probability despite the authentication requirement.
WordPress
Authentication Bypass
-
CVE-2025-40358
None
Linux kernel stack unwinding on RISC-V architecture triggers false KASAN (Kernel Address Sanitizer) out-of-bounds warnings when analyzing non-current task stacks, causing denial of service through spurious memory safety violation reports. The vulnerability affects RISC-V systems running vulnerable kernel versions and is resolved through disabling KASAN instrumentation during stack unwinding operations for tasks other than the currently executing process, mirroring a previously fixed defect in x86 architecture. No public exploit code has been identified; the EPSS score of 0.03% (percentile 7%) indicates minimal real-world exploitation probability, though Ubuntu has released security notices (USN-8126-1 and USN-8125-1) suggesting coordinated patching efforts across distributions.
Denial Of Service
Linux Kernel
-
CVE-2025-14780
LOW
CVSS 2.1
SQL injection in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 allows authenticated remote attackers to manipulate the filter parameter in the /dishtrade/dish_trade_detail_get endpoint, resulting in limited confidentiality and integrity impact. Public exploit code exists; however, the CVSS score of 2.1 and EPSS percentile of 16% indicate low real-world exploitation probability despite authenticated network accessibility, suggesting the vulnerability may require specific application knowledge or platform-dependent conditions to achieve meaningful impact.
SQLi
-
CVE-2025-14749
LOW
CVSS 2.1
Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF PTZ Control Interface (/onvif/device_service) allow unauthenticated local network attackers to gain unauthorized access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the vendor has not responded to disclosure efforts despite early contact.
Information Disclosure
Tc155 Firmware
-
CVE-2025-14748
LOW
CVSS 2.1
Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF Device Management Service allows unauthenticated local network attackers to trigger a factory reset by manipulating the FactoryDefault argument with 'Hard' input, resulting in information disclosure and configuration loss. Publicly available exploit code exists; vendor has not responded to disclosure attempts.
Information Disclosure
Tc155 Firmware
-
CVE-2025-14747
LOW
CVSS 2.1
Denial of service in Ningyuanda TC155 firmware 57.0.2.0 via malformed RTSP requests to an unauthenticated RTSP service allows local network attackers to crash or degrade the device without authentication. Publicly available exploit code exists; the vendor did not respond to early disclosure notification. CVSS score of 2.1 reflects the low severity due to limited attack surface (local network only) and availability impact alone, but real-world risk depends on device deployment context and exposure to untrusted local networks.
Denial Of Service
Tc155 Firmware
-
CVE-2025-14746
LOW
CVSS 2.1
Improper authentication in Ningyuanda TC155 firmware version 57.0.2.0 allows unauthenticated RTSP Live Video Stream access from within the local network. The vulnerability, classified as an authentication bypass (CWE-287), requires no user interaction and can be exploited with low complexity. Publicly available exploit code exists, though active exploitation has not been confirmed via CISA KEV. EPSS score of 0.16% indicates low real-world exploitation likelihood despite the disclosure and POC availability, suggesting limited attacker interest or access constraints.
Authentication Bypass
Tc155 Firmware
-
CVE-2025-14731
LOW
CVSS 2.1
Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.
PHP
Information Disclosure
Ctcms