Latest CVE Feed
-
5.4
MEDIUMCVE-2025-12887
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' fu... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40242
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Race Condition
-
6.4
MEDIUMCVE-2025-13401
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attribute... Read more
Affected Products : autoptimize- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12826
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui_process_post_... Read more
Affected Products : custom_post_type_ui- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization