Latest CVE Feed
-
1.8
LOWCVE-2025-66479
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not ... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-13006
The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible fo... Read more
Affected Products : medikaid- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-13312
The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated att... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-9127
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-12374
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not pr... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
4.1
MEDIUMCVE-2025-12996
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
6.3
MEDIUMCVE-2025-1910
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobi... Read more
Affected Products : mobile_vpn_with_ssl_client- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2024-58278
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to byp... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-12804
The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bookingcalendar' shortcode in all versions up to, and including, 10.14.6 due to insufficient input sanitization and output escaping on user supplied att... Read more
Affected Products : booking_calendar- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-13360
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthent... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-12355
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthen... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12133
The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all versions up to, and includi... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12130
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /v... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-13684
The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page function. This makes it possible for unauthenticated attackers to modif... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-32900
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect befor... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-12354
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticat... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
4.4
MEDIUMCVE-2025-12186
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13860
The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-12191
The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdfcatalog' AJAX action in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possi... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-12181
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Aut... Read more
Affected Products : contentstudio- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration