CVE ID : CVE-2025-2942
Published : July 11, 2025, 6:15 a.m. | 3 hours, 22 minutes ago
Description : The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30023
Published : July 11, 2025, 6:15 a.m. | 3 hours, 14 minutes ago
Description : The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30024
Published : July 11, 2025, 6:15 a.m. | 3 hours, 22 minutes ago
Description : The communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30025
Published : July 11, 2025, 6:15 a.m. | 3 hours, 22 minutes ago
Description : The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30026
Published : July 11, 2025, 6:15 a.m. | 3 hours, 22 minutes ago
Description : The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6200
Published : July 11, 2025, 6:15 a.m. | 3 hours, 22 minutes ago
Description : The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5028
Published : July 11, 2025, 7:15 a.m. | 2 hours, 22 minutes ago
Description : Installation file of ESET security products on Windows
allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5392
Published : July 11, 2025, 7:15 a.m. | 2 hours, 14 minutes ago
Description : The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5992
Published : July 11, 2025, 7:15 a.m. | 2 hours, 22 minutes ago
Description : When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6716
Published : July 11, 2025, 7:15 a.m. | 2 hours, 22 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘upload[1][title]’ parameter in all versions up to, and including, 26.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4593
Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago
Description : The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the ‘rp_user_data’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5530
Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago
Description : The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shortcode_btn’ shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6068
Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago
Description : The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6745
Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago
Description : The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7442
Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago
Description : The WPGYM – Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions in all versions up to 67.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6438
Published : July 11, 2025, 9:15 a.m. | 22 minutes ago
Description : CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access
when the server is accessed via the network using an application account.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6838
Published : July 11, 2025, 9:15 a.m. | 22 minutes ago
Description : The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6851
Published : July 11, 2025, 9:15 a.m. | 22 minutes ago
Description : The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7418
Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1727
Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago
Description : The protocol used for remote linking over RF for End-of-Train and
Head-of-Train (also known as a FRED) relies on a BCH checksum for packet
creation. It is possible to create these EoT and HoT packets with a
software defined radio and issue brake control commands to the EoT
device, disrupting operations or potentially overwhelming the brake
systems.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…