The Laravel Audit Log package is designed to provide detailed audit logging for Laravel applications. Each model gets a dedicated…
Development
CVE ID : CVE-2025-2918
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.
This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.
This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43698
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects.
This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43697
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.
This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49509
Published : June 10, 2025, 1:15 p.m. | 32 minutes ago
Description : Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects.
This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49511
Published : June 10, 2025, 1:15 p.m. | 32 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49510
Published : June 10, 2025, 1:15 p.m. | 32 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40654
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP)…