Latest CVE Feed
- 
                                
                                4.3MEDIUMCVE-2025-10377The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attack... Read more Affected Products : system_dashboard- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                2.7LOWCVE-2025-10173The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. Th... Read more Affected Products : shopengine- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
 
- 
                                
                                5.5MEDIUMCVE-2025-10999A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local a... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                5.5MEDIUMCVE-2025-10998A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-10997A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The e... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-10996A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                6.4MEDIUMCVE-2025-8906The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user suppl... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.4MEDIUMCVE-2025-8200The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on us... Read more Affected Products : mega_elements- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                7.8HIGHCVE-2025-10995A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is ... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-10994A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit ... Read more Affected Products : open_babel- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.2HIGHCVE-2025-10993A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack rem... Read more Affected Products : muyucms- Published: Sep. 26, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Injection
 
- 
                                
                                5.5MEDIUMCVE-2025-10992A vulnerability was determined in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead to improper authorization. The attack may be performed f... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
 
- 
                                
                                4.3MEDIUMCVE-2025-10752The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomne... Read more Affected Products : oauth_single_sign_on- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                6.4MEDIUMCVE-2025-10178The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user sup... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                5.0MEDIUMCVE-2025-60251Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authentication
 
- 
                                
                                4.7MEDIUMCVE-2025-60250Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cryptography
 
- 
                                
                                8.2HIGHCVE-2025-60017Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
 
- 
                                
                                8.8HIGHCVE-2025-10989A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can ... Read more Affected Products : ruoyi- Published: Sep. 26, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.5MEDIUMCVE-2025-10988A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.5MEDIUMCVE-2025-10987A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper a... Read more Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
 
 
                         
                         
                         
                                             
                                            