129 CVEs tracked today. 12 Critical, 27 High, 76 Medium, 5 Low.
-
CVE-2026-22584
CRITICAL
CVSS 9.8
Salesforce Uni2TS time series forecasting library (through 1.2.0) has a code injection vulnerability that allows leveraging executable code in non-executable files across all platforms.
Linux
Windows
macOS
Code Injection
Uni2ts
-
CVE-2025-70974
CRITICAL
CVSS 10.0
Fastjson before 1.2.48 has a well-known autoType deserialization vulnerability enabling JNDI injection and RCE. Exploited in the wild since 2023 through GodzillaWebShell. Maximum CVSS 10.0 with scope change.
Java
Redhat
-
CVE-2025-70161
CRITICAL
CVSS 9.8
EDIMAX BR-6208AC V2 router allows command injection through the pppUserName field via system() without sanitization. PoC available.
Command Injection
Br 6208ac Firmware
RCE
-
CVE-2025-69542
CRITICAL
CVSS 9.8
D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.
D-Link
Command Injection
Dir 895la1 Firmware
-
CVE-2025-66050
CRITICAL
CVSS 9.8
Vivotek IP7137 camera ships without any admin password by default, and users are not informed they should set one. End-of-life product with no expected fix – all deployed cameras are likely exposed.
Denial Of Service
Ip7137 Firmware
-
CVE-2025-64093
CRITICAL
CVSS 10.0
Unauthenticated command injection via the hostname field enabling remote code execution with CVSS 10.0 and scope change. A separate vulnerability from CVE-2025-64090.
RCE
Icx510 Firmware
Icx500 Firmware
-
CVE-2025-64090
CRITICAL
CVSS 10.0
Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.
Command Injection
RCE
Remote Code Execution
IoT
Tcis 3 Firmware
-
CVE-2025-15501
CRITICAL
CVSS 9.8
Sangfor O&M Management System (through 3.0.8) has a second command injection in /isomp-protocol/protocol/getCmd, also via sessionPath. Public exploit with higher EPSS (1.2%) than the first vulnerability.
Command Injection
Operation And Maintenance Security Management System
-
CVE-2025-15500
CRITICAL
CVSS 9.8
Sangfor Operation and Maintenance Management System (through 3.0.8) has OS command injection in /isomp-protocol/protocol/getHis via the sessionPath parameter. Public exploit available, vendor unresponsive.
Command Injection
Operation And Maintenance Management System
-
CVE-2025-14741
CRITICAL
CVSS 9.1
Frontend Admin by DynamiApps (through 3.28.25) also allows unauthenticated deletion of arbitrary posts, pages, products, taxonomy terms, and user accounts due to missing capability checks.
WordPress
PHP
-
CVE-2025-14736
CRITICAL
CVSS 9.8
Frontend Admin by DynamiApps WordPress plugin (through 3.28.25) allows unauthenticated privilege escalation to administrator via insufficient role validation. Attackers can register as admins and take full control of the site.
WordPress
Privilege Escalation
-
CVE-2025-14598
CRITICAL
CVSS 9.8
BeeS Software BET Portal has SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and extract database contents. PoC available.
SQLi
Bet E Portal
-
CVE-2026-22197
HIGH
CVSS 8.1
GestSup versions before 3.2.60 allow authenticated attackers to execute SQL injection attacks through insufficiently sanitized filtering and sorting parameters in the asset list functionality, potentially enabling unauthorized database access or modification. The vulnerability requires valid credentials to exploit but has no available patch, leaving affected installations vulnerable to data breach or manipulation depending on database permissions.
SQLi
Gestsup
-
CVE-2026-22196
HIGH
CVSS 8.1
GestSup prior to version 3.2.60 is vulnerable to SQL injection in the ticket creation feature, allowing authenticated attackers to execute arbitrary database queries through unsanitized user input. An attacker with valid credentials can read or modify sensitive database contents depending on the database permission level. No patch is currently available.
SQLi
Gestsup
-
CVE-2026-22195
HIGH
CVSS 8.1
Authenticated attackers can exploit SQL injection in GestSup's search functionality (versions before 3.2.60) to manipulate database queries and access or modify sensitive data. The vulnerability stems from insufficient input validation on user-controlled search parameters in SQL statements. With no patch currently available, affected organizations should implement database access controls and monitor for suspicious search activity.
SQLi
Gestsup
-
CVE-2026-22194
HIGH
CVSS 8.8
GestSup through version 3.2.60 fails to implement CSRF protections, enabling attackers to forge requests that execute actions with a victim's privileges when they visit a malicious site. An unauthenticated attacker can exploit this to create privileged administrative accounts by targeting logged-in users, with no patch currently available to remediate the vulnerability.
CSRF
Gestsup
-
CVE-2026-20976
HIGH
CVSS 7.8
Galaxy Store versions up to 4.6.02 contains a vulnerability that allows attackers to execute arbitrary script (CVSS 7.8).
RCE
Samsung
Galaxy Store
-
CVE-2026-20971
HIGH
CVSS 7.8
Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.
Use After Free
Android
-
CVE-2026-20970
HIGH
CVSS 7.8
Android versions up to 15.0 contains a vulnerability that allows attackers to execute the privileged APIs (CVSS 7.8).
Authentication Bypass
Android
-
CVE-2026-0830
HIGH
CVSS 7.8
Kiro IDE versions before 0.6.18 are vulnerable to command injection when processing maliciously named workspace folders in the GitLab Merge-Request helper, allowing local attackers with user interaction to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction to open a crafted workspace, but no patch is currently available and exploitation requires minimal complexity. Users should restrict workspace access and avoid opening untrusted workspace folders until an update is released.
Gitlab
Command Injection
-
CVE-2025-69195
HIGH
CVSS 7.6
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]
Buffer Overflow
Stack Overflow
Memory Corruption
Denial Of Service
Wget2
-
CVE-2025-69194
HIGH
CVSS 8.8
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]
Path Traversal
Wget2
Redhat
Suse
-
CVE-2025-67133
HIGH
CVSS 7.5
Vida V1 Pro Firmware versions up to 2.0.7 is affected by uncontrolled resource consumption (CVSS 7.5).
Denial Of Service
Vida V1 Pro Firmware
-
CVE-2025-67070
HIGH
CVSS 8.2
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. [CVSS 8.2 HIGH]
Authentication Bypass
-
CVE-2025-66744
HIGH
CVSS 7.5
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system [CVSS 7.5 HIGH]
Path Traversal
-
CVE-2025-66052
HIGH
CVSS 7.2
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. [CVSS 7.2 HIGH]
Command Injection
Ip7137 Firmware
-
CVE-2025-66049
HIGH
CVSS 7.5
Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected t...
Information Disclosure
Ip7137 Firmware
-
CVE-2025-64092
HIGH
CVSS 7.5
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. [CVSS 7.5 HIGH]
SQLi
Icx500 Firmware
Icx510 Firmware
-
CVE-2025-64091
HIGH
CVSS 8.6
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. [CVSS 8.6 HIGH]
Command Injection
Tcis 3 Firmware
-
CVE-2025-56225
HIGH
CVSS 7.5
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. [CVSS 7.5 HIGH]
Null Pointer Dereference
Fluidsynth
Suse
-
CVE-2025-15499
HIGH
CVSS 8.8
Operation And Maintenance Management System versions up to 3.0.8. is affected by command injection (CVSS 8.8).
Java
Command Injection
Operation And Maintenance Management System
-
CVE-2025-15057
HIGH
CVSS 7.2
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. [CVSS 7.2 HIGH]
WordPress
Industrial
XSS
PHP
-
CVE-2025-15055
HIGH
CVSS 7.2
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
WordPress
Industrial
XSS
PHP
-
CVE-2025-15035
HIGH
CVSS 7.3
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. [CVSS 7.3 HIGH]
TP-Link
Archer Axe75 Firmware
-
CVE-2025-14937
HIGH
CVSS 7.2
Frontend Admin by DynamiApps (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 7.2).
WordPress
XSS
PHP
-
CVE-2025-14657
HIGH
CVSS 7.2
The Eventin - Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'post_settings' function in all versions up to, and including, 4.0.51. [CVSS 7.2 HIGH]
WordPress
PHP
-
CVE-2025-13772
HIGH
CVSS 7.1
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. [CVSS 7.1 HIGH]
Gitlab
AI / ML
Redhat
-
CVE-2025-13761
HIGH
CVSS 8.0
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. [CVSS 8.0 HIGH]
Gitlab
Redhat
-
CVE-2025-9222
HIGH
CVSS 8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. [CVSS 8.7 HIGH]
Gitlab
XSS
Redhat
-
CVE-2026-22713
MEDIUM
CVSS 5.4
Cross-site scripting (XSS) in MediaWiki's GrowthExperiments extension (versions 1.39, 1.43, 1.44, 1.45) allows authenticated attackers to inject malicious scripts through improper input validation, with public exploit code available. An attacker with user privileges can exploit this vulnerability to perform actions on behalf of other users or steal sensitive information due to the low complexity attack vector and user interaction requirement. A patch is available for affected installations.
Mediawiki
XSS
Growthexperiments
-
CVE-2026-22712
MEDIUM
CVSS 4.3
Improper output encoding in MediaWiki's Approved Revs extension through magic word replacement allows unauthenticated attackers to manipulate input data and conduct content injection attacks. Affected versions 1.39, 1.43, 1.44, and 1.45 are vulnerable to this network-accessible flaw that requires user interaction, and public exploit code exists. A patch is available to remediate the vulnerability.
Mediawiki
Approved Revs
-
CVE-2026-22710
MEDIUM
CVSS 5.4
Cross-site scripting (XSS) in MediaWiki's Wikibase extension allows authenticated attackers to inject malicious scripts through improper input handling during page generation, affecting versions 1.39, 1.43, 1.44, and 1.45. Exploitation requires user interaction and results in limited confidentiality and integrity impact within the affected application context. A patch is available and public exploit code exists for this vulnerability.
Mediawiki
XSS
Wikibase
-
CVE-2026-22198
MEDIUM
CVSS 6.1
GestSup before version 3.2.60 contains a pre-authentication stored XSS vulnerability in API error logging that allows unauthenticated attackers to inject malicious scripts into log files via crafted API requests. When administrators view these logs in the web interface, the injected scripts execute in their browser with administrative privileges due to insufficient output encoding. This impacts both GestSup and PHP-based installations, enabling attackers to compromise administrator accounts without prior authentication.
PHP
XSS
Gestsup
-
CVE-2026-21409
MEDIUM
CVSS 5.9
Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. [CVSS 5.9 MEDIUM]
Authentication Bypass
-
CVE-2026-20975
MEDIUM
CVSS 5.5
Cloud versions up to 5.6.11 contains a vulnerability that allows attackers to access specific files in arbitrary path (CVSS 5.5).
Samsung
Cloud
-
CVE-2026-20974
MEDIUM
CVSS 4.6
Android versions up to 13.0 contains a vulnerability that allows attackers to bypass Carrier Relock (CVSS 4.6).
Authentication Bypass
Android
-
CVE-2026-20973
MEDIUM
CVSS 5.3
libimagecodec.quram.so in Android devices prior to the January 2026 Security Maintenance Release 1 contains an out-of-bounds read vulnerability that allows remote attackers to access sensitive memory without authentication. The vulnerability has a network attack vector with low complexity, enabling potential information disclosure through specially crafted input. No patch is currently available.
Buffer Overflow
Information Disclosure
Android
-
CVE-2026-20969
MEDIUM
CVSS 5.5
Android versions up to 13.0 contains a vulnerability that allows attackers to access file with system privilege (CVSS 5.5).
Information Disclosure
Android
-
CVE-2026-20968
MEDIUM
CVSS 6.7
Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.
Use After Free
Android
-
CVE-2026-0817
MEDIUM
CVSS 5.3
Insufficient access controls in the MediaWiki CampaignEvents extension (versions 1.39, 1.43, 1.44, 1.45) permit unauthenticated attackers to perform unauthorized actions by bypassing privilege checks. An attacker could exploit this vulnerability to gain elevated privileges within the extension without proper authorization. A patch is available to remediate this low-impact authorization flaw.
Mediawiki
Campaignevents
-
CVE-2026-0803
MEDIUM
CVSS 6.3
PHPGurukul Online Course Registration System through version 3.1 contains a SQL injection vulnerability in /enroll.php that allows authenticated attackers to manipulate multiple parameters (studentregno, Pincode, session, department, level, course, sem) to execute arbitrary database queries over the network. Public exploit code exists for this vulnerability, and no patch is currently available, creating risk for deployments handling course enrollment data.
PHP
SQLi
Online Course Registration System
-
CVE-2026-0733
MEDIUM
CVSS 6.3
SQL injection in PHPGurukul Online Course Registration System through 3.1 allows authenticated attackers to manipulate the id/cid parameters in the manage-students.php admin function, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available.
PHP
SQLi
Online Course Registration System
-
CVE-2026-0732
MEDIUM
CVSS 6.3
Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.
D-Link
Command Injection
Di 8200g Firmware
-
CVE-2026-0627
MEDIUM
CVSS 6.4
Stored XSS in the AMP for WP WordPress plugin (versions up to 1.1.10) allows authenticated users with Author privileges or higher to execute arbitrary JavaScript by uploading malicious SVG files with event handlers and animation attributes that bypass incomplete script tag filtering. The injected payload executes in the browsers of any user viewing the uploaded file, enabling session hijacking, credential theft, or malware distribution. No patch is currently available.
WordPress
XSS
-
CVE-2026-0563
MEDIUM
CVSS 6.4
Stored cross-site scripting in the WP Google Street View & Google Maps plugin for WordPress versions up to 1.1.8 allows authenticated contributors and higher-privileged users to inject malicious scripts via the 'wpgsv_map' shortcode due to inadequate input sanitization, enabling arbitrary code execution when visitors access affected pages. The vulnerability requires authenticated access and has no available patch as of this report.
WordPress
XSS
-
CVE-2025-67811
MEDIUM
CVSS 6.5
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. [CVSS 6.5 MEDIUM]
SQLi
Rhapsode
-
CVE-2025-67810
MEDIUM
CVSS 6.5
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. [CVSS 6.5 MEDIUM]
Buffer Overflow
Information Disclosure
Rhapsode
-
CVE-2025-67282
MEDIUM
CVSS 5.4
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user. [CVSS 5.4 MEDIUM]
Golang
Tim Flow
-
CVE-2025-67281
MEDIUM
CVSS 5.4
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. [CVSS 5.4 MEDIUM]
SQLi
Tim Flow
-
CVE-2025-67280
MEDIUM
CVSS 5.4
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user. [CVSS 5.4 MEDIUM]
Information Disclosure
SQLi
Tim Flow
-
CVE-2025-67279
MEDIUM
CVSS 5.3
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format [CVSS 5.3 MEDIUM]
Privilege Escalation
Tim Flow
-
CVE-2025-67278
MEDIUM
CVSS 6.5
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request [CVSS 6.5 MEDIUM]
Privilege Escalation
Tim Flow
-
CVE-2025-67004
MEDIUM
CVSS 6.5
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. [CVSS 6.5 MEDIUM]
Information Disclosure
Couchcms
-
CVE-2025-66715
MEDIUM
CVSS 6.5
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. [CVSS 6.5 MEDIUM]
Command Injection
RCE
Odis
-
CVE-2025-66315
MEDIUM
CVSS 4.3
Mf258K Pro Firmware versions up to zte_mf258kpro_play_v1.0.0b03 is affected by improper privilege management (CVSS 4.3).
Privilege Escalation
Mf258k Pro Firmware
-
CVE-2025-66051
MEDIUM
CVSS 6.5
Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. [CVSS 6.5 MEDIUM]
Path Traversal
Ip7137 Firmware
-
CVE-2025-60538
MEDIUM
CVSS 6.5
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. [CVSS 6.5 MEDIUM]
Authentication Bypass
Shiori
Suse
-
CVE-2025-51626
MEDIUM
CVSS 6.5
SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. [CVSS 6.5 MEDIUM]
PHP
SQLi
Pss.Sale.Com
-
CVE-2025-46645
MEDIUM
CVSS 6.5
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]
Command Injection
Data Domain Operating System
-
CVE-2025-46644
MEDIUM
CVSS 6.0
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.0 MEDIUM]
Command Injection
Data Domain Operating System
-
CVE-2025-46299
MEDIUM
CVSS 4.3
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 4.3 MEDIUM]
Apple
Authentication Bypass
Redhat
Suse
-
CVE-2025-46298
MEDIUM
CVSS 6.5
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 6.5 MEDIUM]
Apple
Buffer Overflow
-
CVE-2025-46297
MEDIUM
CVSS 5.5
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. [CVSS 5.5 MEDIUM]
Apple
macOS
-
CVE-2025-46286
MEDIUM
CVSS 4.3
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. [CVSS 4.3 MEDIUM]
Apple
iOS
Ipados
Iphone Os
-
CVE-2025-15496
MEDIUM
CVSS 6.3
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. [CVSS 6.3 MEDIUM]
SQLi
Yshopmall
-
CVE-2025-15495
MEDIUM
CVSS 4.7
A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. [CVSS 4.7 MEDIUM]
PHP
Simple Php Cms
-
CVE-2025-15494
MEDIUM
CVSS 6.3
A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. [CVSS 6.3 MEDIUM]
SQLi
Docsys
-
CVE-2025-15493
MEDIUM
CVSS 6.3
Docsys versions up to 2.02.36. contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
SQLi
Docsys
-
CVE-2025-15492
MEDIUM
CVSS 6.3
A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. [CVSS 6.3 MEDIUM]
SQLi
Docsys
-
CVE-2025-15019
MEDIUM
CVSS 6.4
The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialty_cs_alt' post meta in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14980
MEDIUM
CVSS 6.5
The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. [CVSS 6.5 MEDIUM]
WordPress
Information Disclosure
AI / ML
PHP
-
CVE-2025-14893
MEDIUM
CVSS 6.4
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14886
MEDIUM
CVSS 5.3
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. [CVSS 5.3 MEDIUM]
WordPress
PHP
-
CVE-2025-14803
MEDIUM
CVSS 6.8
The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting. [CVSS 6.8 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14782
MEDIUM
CVSS 5.3
The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_export' function. [CVSS 5.3 MEDIUM]
WordPress
PHP
-
CVE-2025-14720
MEDIUM
CVSS 5.3
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. [CVSS 5.3 MEDIUM]
WordPress
PHP
-
CVE-2025-14718
MEDIUM
CVSS 5.4
The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to create, update, delete, and publish malicious workflows that may automatically delete any post upon publication or update, including posts created by...
WordPress
PHP
-
CVE-2025-14574
MEDIUM
CVSS 5.3
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. [CVSS 5.3 MEDIUM]
WordPress
Information Disclosure
PHP
-
CVE-2025-14172
MEDIUM
CVSS 6.5
WP Page Permalink Extension (WordPress plugin) versions up to 1.5.4. is affected by missing authorization (CVSS 6.5).
WordPress
PHP
-
CVE-2025-14146
MEDIUM
CVSS 5.3
The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the `WPBC_FLEXTIMELINE_NAV` AJAX action. This is due to the nonce verification being conditionally disabled by default (`booking_is_nonce_at_front_end` option is `'Off'` by default). When the `booking_is_show_popover_in_timeline_front_end` option is enabled (which is the default in demo installations and can be enabled by administrators), it is possible ...
WordPress
Information Disclosure
PHP
-
CVE-2025-13967
MEDIUM
CVSS 6.4
The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_name' parameter of the [woodpecker-connector] shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13935
MEDIUM
CVSS 4.3
eLearning and online course solution versions up to 3.9.2. is affected by missing authorization (CVSS 4.3).
WordPress
PHP
-
CVE-2025-13934
MEDIUM
CVSS 4.3
eLearning and online course solution versions up to 3.9.3. is affected by missing authorization (CVSS 4.3).
WordPress
PHP
-
CVE-2025-13908
MEDIUM
CVSS 6.4
The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'the_tooltip' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13903
MEDIUM
CVSS 6.4
The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pullquote' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13900
MEDIUM
CVSS 6.4
The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the [wppum_end] shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13897
MEDIUM
CVSS 6.4
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aft_testimonial_meta_name' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied attributes. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13895
MEDIUM
CVSS 6.1
The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13893
MEDIUM
CVSS 6.1
The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13892
MEDIUM
CVSS 6.1
The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13862
MEDIUM
CVSS 6.4
The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category` parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13854
MEDIUM
CVSS 6.4
The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' parameter of the arctext shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13853
MEDIUM
CVSS 6.4
The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data_tech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13852
MEDIUM
CVSS 6.4
The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the lead_form shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13781
MEDIUM
CVSS 6.5
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. [CVSS 6.5 MEDIUM]
Gitlab
AI / ML
-
CVE-2025-13753
MEDIUM
CVSS 4.3
The WP Table Builder - Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the save_table() function in all versions up to, and including, 2.0.19. [CVSS 4.3 MEDIUM]
WordPress
Authentication Bypass
-
CVE-2025-13749
MEDIUM
CVSS 4.3
The Clearfy Cache - WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcr_upm_change_flag" function. [CVSS 4.3 MEDIUM]
WordPress
CSRF
PHP
-
CVE-2025-13729
MEDIUM
CVSS 6.4
The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'entry-views' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13717
MEDIUM
CVSS 5.3
The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_gvccf_check_download_request' function in all versions up to, and including, 2.4. [CVSS 5.3 MEDIUM]
WordPress
PHP
-
CVE-2025-13704
MEDIUM
CVSS 6.4
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head_class' parameter of the 'autogen_menu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13701
MEDIUM
CVSS 6.1
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13628
MEDIUM
CVSS 4.3
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulk_action_handler' and 'coupon_permanent_delete' functions in all versions up to, and including, 3.9.3. [CVSS 4.3 MEDIUM]
WordPress
PHP
-
CVE-2025-11453
MEDIUM
CVSS 6.4
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _inpost_head_script parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
WordPress
XSS
-
CVE-2025-11246
MEDIUM
CVSS 5.4
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. [CVSS 5.4 MEDIUM]
Gitlab
-
CVE-2025-10569
MEDIUM
CVSS 6.5
Gitlab versions up to 18.5.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab
Denial Of Service
-
CVE-2026-22714
None
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39.
Mediawiki
XSS
-
CVE-2026-22082
None
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface.
Information Disclosure
-
CVE-2026-22081
None
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface.
Information Disclosure
-
CVE-2026-22080
None
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface.
Authentication Bypass
Information Disclosure
-
CVE-2026-22079
None
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface.
Authentication Bypass
Information Disclosure
-
CVE-2026-20972
LOW
CVSS 3.3
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. [CVSS 3.3 LOW]
Android
-
CVE-2025-69426
None
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can...
Docker
Ssh
IoT
Command Injection
-
CVE-2025-69425
None
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compr...
IoT
Command Injection
-
CVE-2025-62487
LOW
CVSS 3.5
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. [CVSS 3.5 LOW]
Authentication Bypass
-
CVE-2025-46676
LOW
CVSS 2.7
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. [CVSS 2.7 LOW]
Information Disclosure
-
CVE-2025-46643
LOW
CVSS 2.3
Data Domain Operating System versions up to 8.4.0.0 is affected by heap-based buffer overflow (CVSS 2.3).
Buffer Overflow
Heap Overflow
Denial Of Service
-
CVE-2025-7072
None
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges.
Authentication Bypass
-
CVE-2025-3950
LOW
CVSS 3.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. [CVSS 3.5 LOW]
Gitlab
-
CVE-2020-36875
None
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget.
WordPress
PHP
RCE