Latest CVE Feed
-
6.4
MEDIUMCVE-2025-5116
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-5103
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied par... Read more
Affected Products : ultimate_gift_cards_for_woocommerce- Published: Jun. 03, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-4420
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_b... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-1725
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitizati... Read more
Affected Products : file_manager- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-46355
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-41428
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more
Affected Products : aqt1000_firmware qca6391_firmware sd855_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qcm4490_firmware qcs4490_firmware +134 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-4567
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with... Read more
Affected Products : post_slider_and_post_carousel- Published: Jun. 03, 2025
- Modified: Aug. 01, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escala... Read more
Affected Products : fancybox- Published: Jun. 03, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-3584
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more
Affected Products : newsletter- Published: Jun. 03, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-31712
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31711
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Denial of Service
-
8.4
HIGHCVE-2025-31710
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more
Affected Products : qca6391_firmware sw5100_firmware sw5100p_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware +78 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27031
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-27029
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware ipq9008_firmware ipq9574_firmware qca8075_firmware qca8081_firmware qca8082_firmware qca8084_firmware qca8085_firmware qca8386_firmware +124 more products- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-21486
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21485
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-21480
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more
Affected Products : aqt1000_firmware qca6391_firmware sd855_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +142 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-21463
Transient DOS while processing the EHT operation IE in the received beacon frame.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Denial of Service