THREAT ALERT

ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. | ACT NOW CVE-2025-43529 8.8 WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | ACT NOW CVE-2025-43510 7.8 Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms. | ACT NOW CVE-2025-48633 5.5 CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available. | ACT NOW CVE-2025-48572 7.8 Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows background activity launches through a permissions bypass, enabling local privilege escalation without user interaction. KEV-listed, this vulnerability enables malicious apps to perform privileged operations silently in the background, bypassing Android's activity launch restrictions. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 07, 2026

235 CVEs tracked today. 12 Critical, 65 High, 138 Medium, 6 Low.

CVE-2026-22189 CRITICAL CVSS 9.8
Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Buffer Overflow Stack Overflow Memory Corruption Denial Of Service Panda3d
CVE-2026-21855 CRITICAL CVSS 9.3
Tarkov Data Manager has reflected XSS in the toast notification system. Attackers can craft URLs that execute arbitrary JavaScript in the victim's browser, stealing session tokens. PoC available, fixed in January 2025.

XSS Tarkov Data Manager
CVE-2026-21854 CRITICAL CVSS 9.8
Tarkov Data Manager's login endpoint can be bypassed using JavaScript prototype property access combined with loose equality type coercion. Any unauthenticated user can gain full admin access. Fixed in January 2025 commits.

Authentication Bypass Tarkov Data Manager
CVE-2025-69222 CRITICAL CVSS 9.1
LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML Librechat
CVE-2025-68705 CRITICAL CVSS 9.8
RustFS (alpha.13 to alpha.78) has a path traversal in /rustfs/rpc/read_file_stream that allows reading arbitrary files on the server. PoC available, fixed in alpha.79.

Path Traversal Rustfs
CVE-2025-68637 CRITICAL CVSS 9.1
Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.

Tls Uniffle
CVE-2025-61492 CRITICAL CVSS 10.0
terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.

Command Injection Terminal Controller Mcp
CVE-2025-47552 CRITICAL CVSS 9.8
DZS Video Gallery WordPress plugin (through 12.37) is vulnerable to PHP object injection through insecure deserialization. An unauthenticated attacker can inject arbitrary PHP objects, potentially achieving code execution through POP chains.

Zoom Deserialization
CVE-2025-32303 CRITICAL CVSS 9.3
WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.

Joomla SQLi
CVE-2025-15471 CRITICAL CVSS 9.8
TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Command Injection Tew 713re Firmware
CVE-2025-15018 CRITICAL CVSS 9.8
Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.

WordPress Privilege Escalation PHP
CVE-2025-12543 CRITICAL CVSS 9.6
Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Process Automation Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform
CVE-2026-22190 HIGH CVSS 7.5
Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.

Code Injection Panda3d
CVE-2026-22187 HIGH CVSS 7.8
Unsafe deserialization in Bio-Formats up to version 8.3.0 allows local attackers to execute arbitrary code or cause denial of service by crafting malicious .bfmemo cache files that are automatically loaded during image processing without validation. The Memoizer class deserializes untrusted data from these files, enabling potential remote code execution if suitable Java gadget chains are available on the classpath. No patch is currently available for this vulnerability (CVSS 7.8).

Java RCE Denial Of Service Deserialization Bio Formats
CVE-2026-22186 HIGH CVSS 7.1
Bio-Formats versions up to 8.3.0 contain an XML External Entity (XXE) injection vulnerability in the Leica Microsystems metadata parser that fails to disable external entity expansion. A local attacker can exploit this by crafting malicious XML metadata files to trigger server-side request forgery, read local files, or cause denial of service. No patch is currently available.

XXE Denial Of Service SSRF Bio Formats
CVE-2026-22184 HIGH CVSS 7.8
Local privilege escalation in zlib 1.3.1.2 and earlier allows authenticated users to achieve arbitrary code execution through a buffer overflow in the contrib/untgz utility when processing command-line arguments with excessively long archive names. The vulnerability affects only the standalone untgz demonstration tool and does not impact the core zlib library. No patch is currently available.

Buffer Overflow Memory Corruption Zlib Redhat Suse
CVE-2026-22047 HIGH CVSS 8.8
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the iccDEV library to manage color data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. Update to version 2.3.1.2 or later to remediate.

Code Injection Iccdev
CVE-2026-22046 HIGH CVSS 8.8
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles through the ParseBasic() function. An attacker can exploit this vulnerability by crafting a specially formatted ICC profile file that triggers memory corruption with high impact on confidentiality, integrity, and availability. Users of the iccDEV library should upgrade to version 2.3.1.2 immediately, as no workarounds are available.

Code Injection Iccdev
CVE-2026-21856 HIGH CVSS 7.2
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]

MySQL SQLi Tarkov Data Manager
CVE-2026-21697 HIGH CVSS 8.1
Concurrent requests in axios4go prior to version 0.6.4 trigger unsynchronized mutations to the shared HTTP client configuration, allowing attackers to manipulate transport settings, timeouts, and redirect handlers across simultaneous operations. Applications using async requests or multiple goroutines with different proxy configurations or handling sensitive credentials are vulnerable to request interception, credential leakage, or denial of service. Upgrade to version 0.6.4 or later to resolve this race condition.

Golang Race Condition Axios4go
CVE-2026-21693 HIGH CVSS 8.8
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes including code execution, data theft, and denial of service when processing malicious ICC color profiles. The vulnerability exists in the CIccSegmentedCurveXml::ToXml() function and affects any application using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2 and later.

Code Injection Iccdev
CVE-2026-21692 HIGH CVSS 8.8
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution through malicious ICC color profiles processed by the ToXmlCurve() function. Public exploit code exists for this vulnerability, affecting any application or system using the vulnerable iccDEV library to parse color management profiles. A patch is available in version 2.3.1.2 and should be applied immediately.

Code Injection Iccdev
CVE-2026-21688 HIGH CVSS 8.8
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution with user interaction by crafting malicious ICC color profiles. Public exploit code exists for this vulnerability affecting organizations that process color management profiles through the iccDEV libraries. A patch is available in version 2.3.1.2 with no known workarounds prior to upgrading.

Code Injection Iccdev
CVE-2026-21687 HIGH CVSS 7.1
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagCurve constructor that allows attackers to cause denial of service or data integrity issues when processing malicious ICC color profiles. The vulnerability requires user interaction to trigger and affects anyone using the library to handle color management profiles, with public exploit code already available. Administrators should upgrade to version 2.3.1.2 immediately as no workarounds exist.

Code Injection Iccdev
CVE-2026-21686 HIGH CVSS 7.1
Undefined behavior in iccDEV's ICC color profile validation function (versions before 2.3.1.2) allows attackers to cause denial of service or integrity violations when processing specially crafted color profiles. The vulnerability requires user interaction to trigger and affects any application using the iccDEV library to handle ICC profiles. Public exploit code exists for this vulnerability; patched version 2.3.1.2 is available.

Code Injection Iccdev
CVE-2026-21685 HIGH CVSS 7.1
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagLut16::Read() function that allows attackers to cause denial of service or data corruption when processing specially crafted ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to handle color management profiles. Public exploit code exists for this issue, though a patch is available in version 2.3.1.2.

Code Injection Iccdev
CVE-2026-21684 HIGH CVSS 7.1
Undefined behavior in iccDEV versions before 2.3.1.2 allows remote attackers to cause denial of service or data corruption through maliciously crafted ICC color profiles processed by the library. The vulnerability requires user interaction to open a malicious profile and public exploit code exists. Organizations using iccDEV should upgrade to version 2.3.1.2 or later.

Code Injection Iccdev
CVE-2026-21683 HIGH CVSS 8.8
Type confusion in iccDEV versions before 2.3.1.2 allows remote attackers to execute arbitrary code by crafting malicious ICC color profiles that trigger improper type handling in the profile evaluation function. This vulnerability affects any application or user processing ICC profiles through the iccDEV library and requires minimal user interaction to exploit. A patch is available in version 2.3.1.2.

Code Injection Iccdev
CVE-2026-21682 HIGH CVSS 8.8
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the library to handle color management data. An attacker can trigger the vulnerability through a crafted profile file requiring only user interaction to open, potentially achieving complete system compromise. Public exploit code exists and no patch is currently available.

Code Injection Iccdev
CVE-2026-21681 HIGH CVSS 7.1
iccDEV versions before 2.3.1.2 contain an undefined behavior runtime error in ICC color profile processing that allows remote attackers to cause denial of service or data corruption via malformed profile files, requiring only user interaction to trigger. The vulnerability affects all users processing ICC color profiles through the iccDEV library with no available workarounds currently available.

Code Injection Iccdev
CVE-2026-21679 HIGH CVSS 8.8
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the CIccLocalizedUnicode::GetText() function with minimal attack complexity. The vulnerability affects users of the ICC color profile manipulation library and has public exploit code available. Organizations using vulnerable versions should upgrade to 2.3.1.2 or later immediately.

Code Injection Iccdev
CVE-2026-21678 HIGH CVSS 7.8
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows local attackers with user interaction to achieve arbitrary code execution through malicious ICC color profile manipulation in the IccTagXml() function. Public exploit code exists for this vulnerability, which affects all users of the vulnerable iccDEV libraries and tools. A patch is available in version 2.3.1.2.

Code Injection Iccdev
CVE-2026-21441 HIGH CVSS 7.5
urllib3 versions 1.22 through 2.6.2 perform unnecessary decompression of redirect response bodies in the streaming API, consuming memory and processing resources before any read methods are invoked. An unauthenticated remote attacker can trigger excessive decompression of large redirect responses to cause denial of service through memory exhaustion or high CPU consumption. This vulnerability affects all Python applications using urllib3's streaming functionality with compressed HTTP redirects.

Python Urllib3 Redhat Suse
CVE-2026-20893 HIGH CVSS 7.8
Fujitsu Security Solution AuthConductor Client Basic V2 version 2.0.25.0 and earlier contains an origin validation flaw that allows authenticated local attackers to execute arbitrary code with SYSTEM privileges and modify registry values. An attacker with login access to an affected Windows system can exploit this vulnerability to achieve complete system compromise. No patch is currently available.

Windows
CVE-2026-0669 HIGH CVSS 7.5
The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.

Mediawiki Path Traversal Css Redhat
CVE-2026-0656 HIGH CVSS 8.2
Unauthenticated attackers can manipulate WooCommerce orders and expose customer data in the iPaymu Payment Gateway for WooCommerce plugin (versions up to 2.0.2) due to missing webhook signature verification. An attacker can forge payment confirmations to mark orders as paid without actual payment and enumerate order details to harvest PII including customer names, addresses, and purchase history. No patch is currently available.

WordPress
CVE-2026-0643 HIGH CVSS 7.3
House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).

PHP House Rental And Property Listing Project
CVE-2026-0628 HIGH CVSS 8.8
Google Chrome versions prior to 143.0.7499.192 fail to properly enforce policies on WebView tags, allowing attackers who trick users into installing malicious extensions to inject arbitrary scripts and HTML into privileged pages. This vulnerability affects all Chrome users and requires user interaction to exploit, resulting in potential code execution with high impact to confidentiality, integrity, and availability. No patch is currently available.

Google Chrome Suse
CVE-2025-69264 HIGH CVSS 8.8
pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". [CVSS 8.8 HIGH]

Node.js RCE Pnpm Redhat Suse
CVE-2025-69263 HIGH CVSS 7.5
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. [CVSS 7.5 HIGH]

Node.js Pnpm Redhat Suse
CVE-2025-69262 HIGH CVSS 7.5
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. [CVSS 7.5 HIGH]

Node.js RCE Command Injection Pnpm Redhat
CVE-2025-69220 HIGH CVSS 7.1
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]

Authentication Bypass AI / ML Librechat
CVE-2025-69082 HIGH CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3. [CVSS 7.1 HIGH]

XSS
CVE-2025-69081 HIGH CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0. [CVSS 8.1 HIGH]

PHP Lfi
CVE-2025-69080 HIGH CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8. [CVSS 8.1 HIGH]

PHP Lfi
CVE-2025-67366 HIGH CVSS 7.5
Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).

Path Traversal AI / ML Filesystem Mcp
CVE-2025-67364 HIGH CVSS 7.5
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]

Path Traversal AI / ML Fast Filesystem Mcp
CVE-2025-66786 HIGH CVSS 7.5
OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack. [CVSS 7.5 HIGH]

Code Injection Oai Cn5g Amf
CVE-2025-66620 HIGH CVSS 8.0
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. [CVSS 8.0 HIGH]

Information Disclosure Weather Microserver Firmware
CVE-2025-65805 HIGH CVSS 7.5
OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. [CVSS 7.5 HIGH]

Buffer Overflow Oai Cn5g Amf
CVE-2025-61939 HIGH CVSS 8.8
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. [CVSS 8.8 HIGH]

Ssh Dns Weather Microserver Firmware
CVE-2025-47396 HIGH CVSS 7.8
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]

Memory Corruption Snapdragon Ar1 Gen 1 Platform Firmware Wcd9395 Firmware Wcn3950 Firmware Wcn7750 Firmware
CVE-2025-47394 HIGH CVSS 7.8
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]

Memory Corruption Sg6150 Firmware Snapdragon 6 Gen 1 Mobile Platform Firmware Video Collaboration Vc1 Platform Firmware Wcn7881 Firmware
CVE-2025-47393 HIGH CVSS 7.8
Memory corruption when accessing resources in kernel driver. [CVSS 7.8 HIGH]

Linux Memory Corruption Qamsrv1h Firmware Qca6595 Firmware Qam8775p Firmware
CVE-2025-47388 HIGH CVSS 7.8
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]

Memory Corruption Sm6475 Firmware Fastconnect 6200 Firmware Wsa8845h Firmware Wcd9370 Firmware
CVE-2025-47380 HIGH CVSS 7.8
Memory corruption while preprocessing IOCTLs in sensors. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Wsa8840 Firmware Wcd9378c Firmware X2000090 Firmware
CVE-2025-47356 HIGH CVSS 7.8
Memory Corruption when multiple threads concurrently access and modify shared resources. [CVSS 7.8 HIGH]

Memory Corruption Fastconnect 7800 Firmware Wcd9385 Firmware Cologne Firmware Wsa8840 Firmware
CVE-2025-47348 HIGH CVSS 7.8
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]

Memory Corruption Qca6696 Firmware Qamsrv1m Firmware Qam8620p Firmware Qca6688aq Firmware
CVE-2025-47346 HIGH CVSS 7.8
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]

Memory Corruption Sm4635 Firmware Wcn7881 Firmware Ar8035 Firmware Fastconnect 7800 Firmware
CVE-2025-47345 HIGH CVSS 8.4
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]

Information Disclosure Qca6797aq Firmware Sa7255p Firmware Wsa8832 Firmware Sa9000p Firmware
CVE-2025-47343 HIGH CVSS 7.8
Video Collaboration Vc3 Platform Firmware versions up to - contains a security vulnerability (CVSS 7.8).

Memory Corruption Fastconnect 6700 Firmware Xg101039 Firmware Fastconnect 6900 Firmware X2000086 Firmware
CVE-2025-47339 HIGH CVSS 7.8
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]

Memory Corruption Qca6174a Firmware Qca6678aq Firmware Qca9990 Firmware Qcn6274 Firmware
CVE-2025-46494 HIGH CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1. [CVSS 7.1 HIGH]

XSS
CVE-2025-32300 HIGH CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25. [CVSS 7.1 HIGH]

Zoom XSS
CVE-2025-31643 HIGH CVSS 8.8
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 8.8 HIGH]

Privilege Escalation
CVE-2025-31642 HIGH CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 7.1 HIGH]

XSS
CVE-2025-15472 HIGH CVSS 7.2
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]

Command Injection Tew 811dru Firmware
CVE-2025-15158 HIGH CVSS 8.8
WP Enable WebP (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

WordPress RCE PHP
CVE-2025-14835 HIGH CVSS 7.1
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. [CVSS 7.1 HIGH]

WordPress XSS PHP
CVE-2025-14804 HIGH CVSS 7.7
Frontend File Manager Plugin WordPre versions up to 23.5 contains a security vulnerability (CVSS 7.7).

WordPress PHP
CVE-2025-14070 HIGH CVSS 7.5
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6. [CVSS 7.5 HIGH]

WordPress Authentication Bypass
CVE-2025-13801 HIGH CVSS 7.5
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. [CVSS 7.5 HIGH]

WordPress Path Traversal
CVE-2025-13493 HIGH CVSS 7.5
Latest Registered Users (WordPress plugin) versions up to 1.4. is affected by missing authorization (CVSS 7.5).

WordPress PHP
CVE-2025-13371 HIGH CVSS 8.6
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. [CVSS 8.6 HIGH]

WordPress Information Disclosure
CVE-2025-13151 HIGH CVSS 7.5
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 Redhat Suse
CVE-2025-11877 HIGH CVSS 7.5
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. [CVSS 7.5 HIGH]

Authentication Bypass
CVE-2025-4676 HIGH CVSS 8.8
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 8.8 HIGH]

Snmp
CVE-2026-22188 MEDIUM CVSS 5.5
Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.

Python Denial Of Service Panda3d
CVE-2026-21857 MEDIUM CVSS 6.5
Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file within the webroot by bypassing directory validation in the file export function. An attacker can manipulate the EXPDIR parameter with path traversal sequences to include unauthorized files in exported archives. Public exploit code exists; a patch is available in version 5.20.2 and later.

PHP Path Traversal Redaxo
CVE-2026-21851 MEDIUM CVSS 5.3
MONAI versions up to 1.5.1 contain a path traversal vulnerability in the `_download_from_ngc_private()` function that fails to validate extracted archive contents, allowing attackers to write files outside the intended directory during package extraction. An attacker with user interaction can exploit this via a malicious ZIP file to overwrite arbitrary files on the system. Public exploit code exists for this vulnerability, and a patch is available in commit 4014c8475626f20f158921ae0cf98ed259ae4d59.

Path Traversal AI / ML Monai
CVE-2026-21691 MEDIUM CVSS 5.4
iccDEV versions prior to 2.3.1.2 contain a type confusion vulnerability in the CIccTag::IsTypeCompressed() function that allows unauthenticated attackers to cause integrity violations or service disruption by crafting malicious ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to process color management profiles. Public exploit code exists, and a patch is available in version 2.3.1.2.

Code Injection Iccdev
CVE-2026-21690 MEDIUM CVSS 6.3
iccDEV before version 2.3.1.2 contains a type confusion vulnerability in the XML tag processing function that allows attackers to trigger information disclosure, data modification, or denial of service when processing specially crafted ICC color profiles. Public exploit code exists for this vulnerability, affecting users who process untrusted color profile files with the iccDEV library. A patch is available in version 2.3.1.2 and should be applied immediately.

Code Injection Iccdev
CVE-2026-21689 MEDIUM CVSS 6.5
Denial of service in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to crash applications processing ICC color profiles through a type confusion vulnerability in the XML profile parser. Public exploit code exists for this vulnerability. Users of the iccDEV library should upgrade to version 2.3.1.2 to remediate the issue.

Code Injection Iccdev
CVE-2026-21680 MEDIUM CVSS 6.5
iccDEV versions prior to 2.3.1.2 contain a null pointer dereference vulnerability in ICC color profile processing that causes denial of service when malicious or malformed profiles are processed. Public exploit code exists for this vulnerability, and no patched version is currently available. Users of the iccDEV library who handle untrusted color profiles are at risk of application crashes.

Null Pointer Dereference Iccdev
CVE-2026-21506 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the CIccProfileXml::ParseBasic() function, which can be triggered by local users with minimal privileges through user interaction. Public exploit code exists for this vulnerability, allowing attackers to crash the application and disrupt ICC color profile processing. A patch is available in version 2.3.1.2 and should be applied to affected systems.

Null Pointer Dereference Denial Of Service Iccdev
CVE-2026-21505 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 suffer from denial of service due to undefined behavior triggered by invalid enum values in ICC color profile processing. A local attacker with user interaction can crash the application or cause system instability, and public exploit code exists. The vulnerability affects users of the iccDEV library on affected systems, with patches available in version 2.3.1.2 and later.

Code Injection Iccdev
CVE-2026-21504 MEDIUM CVSS 6.6
Heap buffer overflow in iccDEV's ToneMap parser (versions prior to 2.3.1.2) allows local attackers with user interaction to achieve information disclosure and denial of service, with potential for code execution. Public exploit code exists for this vulnerability. Update to version 2.3.1.2 or later to remediate.

Buffer Overflow Iccdev
CVE-2026-21503 MEDIUM CVSS 6.1
iccDEV versions before 2.3.1.2 are vulnerable to a null pointer dereference in the CIccTagSparseMatrixArray function when processing ICC color profiles, allowing local attackers with user interaction to cause denial of service or data corruption. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later to remediate the issue.

Null Pointer Dereference Iccdev
CVE-2026-21502 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 are vulnerable to denial of service through a null pointer dereference in the XML tag parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.

Null Pointer Dereference Iccdev
CVE-2026-21501 MEDIUM CVSS 5.5
Local denial of service in iccDEV versions prior to 2.3.1.2 stems from a stack overflow in the calculator parser component, allowing unauthenticated users to crash the application through crafted input. Public exploit code exists for this vulnerability, which affects Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied immediately.

Stack Overflow Iccdev
CVE-2026-21500 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 are vulnerable to stack overflow through malformed XML calculator macro expansion, allowing local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, which affects ICC color profile manipulation tools used in Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied promptly to mitigate exploitation risk.

Stack Overflow Iccdev
CVE-2026-21499 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the XML parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
CVE-2026-21498 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the XML calculator parser that allows local attackers to crash the application and cause a denial of service. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
CVE-2026-21497 MEDIUM CVSS 5.5
iccDEV versions before 2.3.1.2 crash when processing specially crafted ICC color profile tags due to improper null pointer validation, causing denial of service on systems using the library. Local attackers with user interaction can trigger this crash through a malicious color profile file. Public exploit code exists for this vulnerability.

Null Pointer Dereference Iccdev
CVE-2026-21496 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the signature parser that allows local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, and the issue affects all users of iccDEV's ICC color profile manipulation libraries and tools. A patch is available in version 2.3.1.2 and should be applied immediately.

Null Pointer Dereference Iccdev
CVE-2026-21495 MEDIUM CVSS 5.5
iccDEV versions prior to 2.3.1.2 are susceptible to a division by zero error in the TIFF Image Reader component, which can be triggered by a local user with minimal privileges through interaction with a malicious TIFF file. Successful exploitation results in denial of service by crashing the application. A patch is available in version 2.3.1.2 and later.

Code Injection Iccdev
CVE-2026-20029 MEDIUM CVSS 4.9
Cisco ISE and ISE-PIC suffer from improper XML parsing in their web management interfaces that enables authenticated administrators to extract arbitrary files from the underlying operating system, potentially exposing sensitive data beyond normal access controls. An attacker must have valid administrative credentials and upload a malicious file to exploit this XML External Entity (XXE) vulnerability. No patch is currently available.

Cisco
CVE-2026-20027 MEDIUM CVSS 5.3
Snort 3 Detection Engine contains a buffer out-of-bounds read vulnerability in DCE/RPC request processing that allows unauthenticated remote attackers to leak sensitive information or trigger service restarts over an established connection. An attacker can exploit this by sending specially crafted DCE/RPC requests to extract data from the inspection stream or interrupt packet analysis operations. No patch is currently available for affected Cisco products.

Cisco
CVE-2026-20026 MEDIUM CVSS 5.8
processing of DCE/RPC requests contains a vulnerability that allows attackers to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of (CVSS 5.8).

Cisco Use After Free Denial Of Service
CVE-2026-0670 MEDIUM CVSS 6.1
Cross-site scripting (XSS) in MediaWiki's ProofreadPage extension (versions 1.39, 1.43, 1.44, 1.45) allows attackers to inject malicious scripts through improper input sanitization during web page generation. Public exploit code exists for this vulnerability, which requires user interaction to trigger. A patch is available to remediate the issue.

Mediawiki XSS Proofread Page
CVE-2026-0668 MEDIUM CVSS 5.3
Visualdata versions up to - is affected by inefficient regular expression complexity (redos) (CVSS 5.3).

Mediawiki Visualdata Redhat
CVE-2026-0649 MEDIUM CVSS 4.7
Server-side request forgery in InvoiceNinja up to version 5.12.38 allows remote attackers with high privileges to manipulate the company_logo parameter during migration imports, enabling them to make arbitrary outbound requests from the affected server. Public exploit code is available and the vendor has not provided a patch or response to this disclosure. The vulnerability affects PHP and Golang environments with a CVSS score of 4.7.

PHP Golang SSRF
CVE-2026-0618 MEDIUM CVSS 6.1
PowerShell Universal versions before 4.5.6 and 5.6.13 contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the network interface, affecting confidentiality and integrity of user sessions. An attacker can exploit this with user interaction to steal sensitive information or perform actions on behalf of affected users. No patch is currently available for this vulnerability.

XSS Powershell Universal
CVE-2025-69344 MEDIUM CVSS 4.3
Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6. [CVSS 4.3 MEDIUM]

Authentication Bypass
CVE-2025-69333 MEDIUM CVSS 4.3
Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1. [CVSS 4.3 MEDIUM]

Authentication Bypass
CVE-2025-69255 MEDIUM CVSS 4.0
RustFS is a distributed object storage system built in Rust. [CVSS 4.0 MEDIUM]

Industrial Denial Of Service Deserialization Rustfs
CVE-2025-69221 MEDIUM CVSS 4.3
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. [CVSS 4.3 MEDIUM]

Authentication Bypass AI / ML Librechat
CVE-2025-66838 MEDIUM CVSS 6.5
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. [CVSS 6.5 MEDIUM]

File Upload Denial Of Service Aris
CVE-2025-66837 MEDIUM CVSS 6.8
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware [CVSS 6.8 MEDIUM]

File Upload RCE Aris
CVE-2025-66686 MEDIUM CVSS 6.1
A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]

XSS Privilege Escalation Information Disclosure Perch
CVE-2025-66560 MEDIUM CVSS 5.9
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently b...

Linux Java Quarkus Redhat
CVE-2025-64305 MEDIUM CVSS 6.5
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. [CVSS 6.5 MEDIUM]

Information Disclosure
CVE-2025-62327 MEDIUM CVSS 4.9
Hcl Devops Deploy versions up to 8.1.2.3 is affected by insufficiently protected credentials (CVSS 4.9).

Authentication Bypass AI / ML Hcl Devops Deploy
CVE-2025-62224 MEDIUM CVSS 5.5
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
CVE-2025-61782 MEDIUM CVSS 5.4
Opencti versions up to 6.8.3 is affected by url redirection to untrusted site (open redirect) (CVSS 5.4).

Open Redirect Opencti
CVE-2025-61489 MEDIUM CVSS 6.5
A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]

Command Injection Mcp Shell
CVE-2025-58441 MEDIUM CVSS 6.5
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. [CVSS 6.5 MEDIUM]

Industrial SSRF Knowage
CVE-2025-49335 MEDIUM CVSS 4.9
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36. [CVSS 4.9 MEDIUM]

SSRF
CVE-2025-47395 MEDIUM CVSS 6.5
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. [CVSS 6.5 MEDIUM]

Denial Of Service Wcn7861 Firmware
CVE-2025-47369 MEDIUM CVSS 5.5
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]

Information Disclosure Snapdragon 660 Mobile Platform Firmware Snapdragon Xr2 5g Platform Firmware Sa6145p Firmware Snapdragon X55 5g Modem Rf System Firmware
CVE-2025-47344 MEDIUM CVSS 6.7
Memory corruption while handling sensor utility operations. [CVSS 6.7 MEDIUM]

Memory Corruption Wcd9335 Firmware Snapdragon 695 5g Mobile Platform Firmware Qca6698aq Firmware Fastconnect 7800 Firmware
CVE-2025-47337 MEDIUM CVSS 6.7
Memory corruption while accessing a synchronization object during concurrent operations. [CVSS 6.7 MEDIUM]

Memory Corruption Qca6797aq Firmware Qcm5430 Firmware Qca6698aq Firmware Qcs5430 Firmware
CVE-2025-47336 MEDIUM CVSS 6.7
Memory corruption while performing sensor register read operations. [CVSS 6.7 MEDIUM]

Memory Corruption Fastconnect 7800 Firmware Sm8735 Firmware Wsa8845 Firmware Sm8750 Firmware
CVE-2025-47335 MEDIUM CVSS 6.7
Memory corruption while parsing clock configuration data for a specific hardware type. [CVSS 6.7 MEDIUM]

Memory Corruption Fastconnect 6700 Firmware Sm6650 Firmware Wsa8840 Firmware Wsa8830 Firmware
CVE-2025-47334 MEDIUM CVSS 6.7
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]

Linux Memory Corruption Sm8635p Firmware Wcn7881 Firmware Sm6650 Firmware
CVE-2025-47333 MEDIUM CVSS 6.6
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]

Memory Corruption Snapdragon 778g 5g Mobile Platform Firmware Sa6150p Firmware Qam8650p Firmware Qfw7114 Firmware
CVE-2025-47332 MEDIUM CVSS 6.7
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]

Memory Corruption Wsa8815 Firmware Sm8635p Firmware Sm7635p Firmware Sm7550p Firmware
CVE-2025-47331 MEDIUM CVSS 6.1
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]

Information Disclosure Ipq9048 Firmware Wsa8840 Firmware Qcm8550 Firmware Qca9888 Firmware
CVE-2025-47330 MEDIUM CVSS 5.5
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]

Denial Of Service Fastconnect 6700 Firmware Qca6574a Firmware Qca9377 Firmware Snapdragon X72 5g Modem Rf System Firmware
CVE-2025-46434 MEDIUM CVSS 6.5
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7. [CVSS 6.5 MEDIUM]

Authentication Bypass
CVE-2025-46256 MEDIUM CVSS 6.4
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. [CVSS 6.4 MEDIUM]

Path Traversal
CVE-2025-31051 MEDIUM CVSS 5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. [CVSS 5.3 MEDIUM]

WordPress PHP
CVE-2025-15479 MEDIUM CVSS 5.4
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding. [CVSS 5.4 MEDIUM]

Linux Windows XSS Ngsurvey
CVE-2025-15058 MEDIUM CVSS 6.4
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS
CVE-2025-15000 MEDIUM CVSS 4.4
The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS
CVE-2025-14999 MEDIUM CVSS 4.3
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. [CVSS 4.3 MEDIUM]

WordPress PHP CSRF
CVE-2025-14904 MEDIUM CVSS 4.3
Newsletter Email Subscribe (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
CVE-2025-14901 MEDIUM CVSS 6.5
The Bit Form - Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. [CVSS 6.5 MEDIUM]

WordPress PHP
CVE-2025-14891 MEDIUM CVSS 6.4
Customer Reviews for WooCommerce (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
CVE-2025-14888 MEDIUM CVSS 4.4
The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14887 MEDIUM CVSS 4.4
The twinklesmtp - Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's sender settings in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14875 MEDIUM CVSS 6.1
HBLPAY Payment Gateway for WooCommerce (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.1).

WordPress XSS
CVE-2025-14867 MEDIUM CVSS 6.5
The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. [CVSS 6.5 MEDIUM]

WordPress Path Traversal PHP
CVE-2025-14845 MEDIUM CVSS 4.3
NS IE Compatibility Fixer (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
CVE-2025-14842 MEDIUM CVSS 6.1
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions up to, and including, 1.3.9.2. This is due to the plugin not blocking .phar and .svg files. This makes it possible for unauthenticated attackers to upload arbitrary .phar or .svg files containing malicious PHP or JavaScript code. Malicious PHP code can be used to achieve remote code execution on the server via direct file access, if the se...

WordPress PHP RCE XSS
CVE-2025-14802 MEDIUM CVSS 5.4
The LearnPress - WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete ...

WordPress PHP
CVE-2025-14796 MEDIUM CVSS 6.4
The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment->title' attribute. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14792 MEDIUM CVSS 4.4
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14719 MEDIUM CVSS 4.9
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks [CVSS 4.9 MEDIUM]

WordPress SQLi PHP
CVE-2025-14631 MEDIUM CVSS 6.5
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. [CVSS 6.5 MEDIUM]

TP-Link Null Pointer Dereference Archer Be400 Firmware
CVE-2025-14626 MEDIUM CVSS 6.4
The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14625 MEDIUM CVSS 6.7
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14614 MEDIUM CVSS 6.7
Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14612 MEDIUM CVSS 6.7
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14605 MEDIUM CVSS 6.7
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14599 MEDIUM CVSS 6.7
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14596 MEDIUM CVSS 6.7
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. [CVSS 6.7 MEDIUM]

Windows Quartus Prime
CVE-2025-14468 MEDIUM CVSS 4.3
The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-14465 MEDIUM CVSS 4.3
Sticky Action Buttons (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
CVE-2025-14460 MEDIUM CVSS 5.3
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the payment gateway. This makes it possible for unauthenticated attackers to change any order's status to 'failed' via the publicly accessible WooCommerce API endpoint by providing only the order ID (Merc...

WordPress Authentication Bypass
CVE-2025-14453 MEDIUM CVSS 6.4
The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style_css' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14370 MEDIUM CVSS 4.3
Quote Comments (WordPress plugin) versions up to 3.0.0. is affected by missing authorization (CVSS 5.3).

WordPress Authentication Bypass
CVE-2025-14352 MEDIUM CVSS 5.3
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0. [CVSS 5.3 MEDIUM]

WordPress PHP Authentication Bypass
CVE-2025-14147 MEDIUM CVSS 6.4
The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress Github XSS PHP
CVE-2025-14145 MEDIUM CVSS 6.4
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nh_row shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14144 MEDIUM CVSS 6.4
The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the ms_youtube_embeds shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14131 MEDIUM CVSS 6.1
The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
CVE-2025-14130 MEDIUM CVSS 6.1
The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
CVE-2025-14128 MEDIUM CVSS 6.1
The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
CVE-2025-14127 MEDIUM CVSS 6.1
The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
CVE-2025-14122 MEDIUM CVSS 6.4
The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliding_faq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14121 MEDIUM CVSS 6.4
The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edd_download_info_link' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14118 MEDIUM CVSS 6.1
The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
CVE-2025-14114 MEDIUM CVSS 6.4
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14113 MEDIUM CVSS 6.4
The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14112 MEDIUM CVSS 6.4
The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS
CVE-2025-14110 MEDIUM CVSS 6.4
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14109 MEDIUM CVSS 6.4
The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column' shortcode attribute in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14077 MEDIUM CVSS 4.3
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-14059 MEDIUM CVSS 6.5
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. [CVSS 6.5 MEDIUM]

WordPress PHP Path Traversal
CVE-2025-14057 MEDIUM CVSS 4.4
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14053 MEDIUM CVSS 6.4
The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress Golang XSS PHP
CVE-2025-14028 MEDIUM CVSS 4.4
The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13990 MEDIUM CVSS 4.3
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete employee records, departments, designations, salary grades, education records, and salary payments via a forged request granted they can trick a site administrator into performing an action such as cl...

WordPress CSRF PHP
CVE-2025-13974 MEDIUM CVSS 4.4
Email Customizer for WooCommerce (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).

WordPress XSS
CVE-2025-13887 MEDIUM CVSS 6.4
The AI BotKit - AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the `ai_botkit_widget` shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS
CVE-2025-13849 MEDIUM CVSS 6.4
The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13848 MEDIUM CVSS 6.4
The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13847 MEDIUM CVSS 6.4
The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13841 MEDIUM CVSS 6.4
The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13722 MEDIUM CVSS 5.3
The Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. [CVSS 5.3 MEDIUM]

WordPress AI / ML PHP
CVE-2025-13694 MEDIUM CVSS 5.3
AA Block Country (WordPress plugin) versions up to 1.0.1. contains a security vulnerability (CVSS 5.3).

WordPress PHP
CVE-2025-13667 MEDIUM CVSS 6.4
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13657 MEDIUM CVSS 4.3
HelpDesk contact form (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
CVE-2025-13531 MEDIUM CVSS 6.4
The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'product_name' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13529 MEDIUM CVSS 5.3
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. [CVSS 5.3 MEDIUM]

WordPress Authentication Bypass
CVE-2025-13527 MEDIUM CVSS 4.3
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-13521 MEDIUM CVSS 4.3
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-13520 MEDIUM CVSS 4.3
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-13519 MEDIUM CVSS 6.1
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'save_data', 'delete_data', and 'add_popup'. [CVSS 6.1 MEDIUM]

WordPress CSRF PHP
CVE-2025-13497 MEDIUM CVSS 6.4
The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'recrasname' shortcode attribute in all versions up to, and including, 6.4.1. This is due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13496 MEDIUM CVSS 5.3
Moosend Landing Pages (WordPress plugin) versions up to 1.1.6. is affected by missing authorization (CVSS 5.3).

WordPress PHP
CVE-2025-13419 MEDIUM CVSS 5.3
The Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. [CVSS 5.3 MEDIUM]

WordPress PHP
CVE-2025-13418 MEDIUM CVSS 6.4
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS
CVE-2025-13369 MEDIUM CVSS 6.1
Premmerce WooCommerce Customers Manager (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.1).

WordPress XSS
CVE-2025-12776 MEDIUM CVSS 5.4
The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience. [CVSS 5.4 MEDIUM]

XSS Commvault
CVE-2025-12648 MEDIUM CVSS 5.3
The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing proper access controls beyond basic directory listing protection (.htaccess with Options -Indexes). This makes it possible for unauthenticated attackers to directly access and download sensitive documents uploaded by site...

WordPress PHP
CVE-2025-12540 MEDIUM CVSS 4.7
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an adminis...

WordPress Industrial Information Disclosure PHP
CVE-2025-12449 MEDIUM CVSS 5.4
The aBlocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. [CVSS 5.4 MEDIUM]

WordPress PHP
CVE-2025-12030 MEDIUM CVSS 4.3
The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability without checking object-specific permissions (e.g., edit_post($id), edit_user($id), manage_options). This makes it possible for authenticated attackers, with Contributor-level access and above, to...

WordPress PHP
CVE-2025-4677 MEDIUM CVSS 6.5
Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 6.5 MEDIUM]

Snmp
CVE-2025-4675 MEDIUM CVSS 6.5
Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 6.5 MEDIUM]

Snmp
CVE-2025-0980 MEDIUM CVSS 6.4
Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials. [CVSS 6.4 MEDIUM]

Linux
CVE-2024-14020 MEDIUM CVSS 5.0
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. [CVSS 5.0 MEDIUM]

Node.js
CVE-2023-7333 MEDIUM CVSS 5.3
A weakness has been identified in bluelabsio records-mover versions up to 1.5.4. contains a security vulnerability (CVSS 5.3).

SQLi
CVE-2026-22544 None
An attacker with a network connection could detect credentials in clear text.

Information Disclosure
CVE-2026-22543 None
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials

Information Disclosure
CVE-2026-22542 None
An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.

Denial Of Service
CVE-2026-22541 None
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

Denial Of Service
CVE-2026-22540 None
The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

Denial Of Service
CVE-2026-22539 None
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.

Information Disclosure
CVE-2026-22537 None
The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.

Information Disclosure
CVE-2026-22536 None
The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

Privilege Escalation
CVE-2026-22535 None
An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications

Industrial
CVE-2026-22185 None
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load.

Ldap Denial Of Service
CVE-2026-0650 None
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials.

Authentication Bypass
CVE-2026-0642 LOW CVSS 2.4
House Rental And Property Listing Project versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
CVE-2025-31964 LOW CVSS 2.2
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by information exposure (CVSS 2.2).

Information Disclosure
CVE-2025-31963 LOW CVSS 2.9
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by missing authentication for critical function (CVSS 2.9).

CSRF
CVE-2025-31962 LOW CVSS 2.0
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by insufficient session expiration (CVSS 2.0).

Authentication Bypass
CVE-2025-15474 None
AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections.

Denial Of Service
CVE-2025-12958 LOW CVSS 2.7
Rankology SEO and Analytics Tool (WordPress plugin) is affected by improper authorization (CVSS 2.7).

WordPress Authentication Bypass
CVE-2025-11235 LOW CVSS 3.7
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. [CVSS 3.7 LOW]

Windows
CVE-2025-9611 None
Microsoft Playwright MCP Server versions up to 0.0.40 contains a vulnerability that allows attackers to perform a DNS rebinding attack via a victim’s web browser and send unauthorized.

Microsoft Dns
CVE-2025-6225 None
Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form.

Command Injection

Today's Vulnerabilities Vulnerabilities