Latest CVE Feed
-
10.0
CRITICALCVE-2025-61492
A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-13667
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. T... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-13520
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for una... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-13529
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific p... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-67364
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical ... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-13419
The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, a... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-14077
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attacke... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.4
MEDIUMCVE-2025-14792
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it pos... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-47336
Memory corruption while performing sensor register read operations.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2025-47333
Memory corruption while handling buffer mapping operations in the cryptographic driver.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_page function. This makes it possible for unauthenticated... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-14867
The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and abo... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-15018
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'random_password' filter to registration contexts, allowing the ... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-14145
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nh_row shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitizatio... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14122
The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliding_faq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This mak... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14118
The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14112
The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possib... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-49335
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.... Read more
Affected Products : external_media- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Server-Side Request Forgery
-
7.1
HIGHCVE-2025-14631
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-65805
OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string lo... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption