{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "2528", "CVE_data_timestamp" : "2025-08-20T10:00Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9229", "ASSIGNER" : "productsecurity@teradyne-robotics.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://a.storyblok.com/f/230581/x/34a075d078/msa-17.pdf", "name" : "https://a.storyblok.com/f/230581/x/34a075d078/msa-17.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "name" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T09:15Z", "lastModifiedDate" : "2025-08-20T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9228", "ASSIGNER" : "productsecurity@teradyne-robotics.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://a.storyblok.com/f/230581/x/46f48d3787/msa-15.pdf", "name" : "https://a.storyblok.com/f/230581/x/46f48d3787/msa-15.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "name" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, \nallowing low-privilege users to create notes which are intended only for administrative users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T09:15Z", "lastModifiedDate" : "2025-08-20T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-5261", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-25-0201", "name" : "https://www.usom.gov.tr/bildirim/tr-25-0201", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazilim Çözümleri A.S. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2025-08-20T09:15Z", "lastModifiedDate" : "2025-08-20T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-5260", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-25-0201", "name" : "https://www.usom.gov.tr/bildirim/tr-25-0201", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazilim Çözümleri A.S. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.7 } }, "publishedDate" : "2025-08-20T09:15Z", "lastModifiedDate" : "2025-08-20T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-39954", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon", "name" : "https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\\linux\\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.\nUsers are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T09:15Z", "lastModifiedDate" : "2025-08-20T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9225", "ASSIGNER" : "productsecurity@teradyne-robotics.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://a.storyblok.com/f/230581/x/82d4989368/msa-14.pdf", "name" : "https://a.storyblok.com/f/230581/x/82d4989368/msa-14.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "name" : "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55715", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/otter-blocks/vulnerability/wordpress-otter-gutenberg-block-plugin-3-1-0-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/otter-blocks/vulnerability/wordpress-otter-gutenberg-block-plugin-3-1-0-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54750", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-11-1-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-11-1-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54735", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/cubewp-framework/vulnerability/wordpress-cubewp-framework-plugin-1-1-24-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/cubewp-framework/vulnerability/wordpress-cubewp-framework-plugin-1-1-24-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54726", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jquery-archive-list-widget/vulnerability/wordpress-js-archive-list-plugin-6-1-6-sql-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jquery-archive-list-widget/vulnerability/wordpress-js-archive-list-plugin-6-1-6-sql-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54713", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-288" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-3-0-broken-authentication-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-3-0-broken-authentication-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54677", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-3-arbitrary-file-upload-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-3-arbitrary-file-upload-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54670", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/oik/vulnerability/wordpress-oik-plugin-4-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/oik/vulnerability/wordpress-oik-plugin-4-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54056", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-audio2-html5/vulnerability/wordpress-responsive-html5-audio-player-pro-with-playlist-3-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-audio2-html5/vulnerability/wordpress-responsive-html5-audio-player-pro-with-playlist-3-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54055", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/druco/vulnerability/wordpress-druco-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/druco/vulnerability/wordpress-druco-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54053", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-4-2-2-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-4-2-2-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54052", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/real-estate-listing-realtyna-wpl/vulnerability/wordpress-realtyna-organic-idx-plugin-plugin-5-0-0-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/real-estate-listing-realtyna-wpl/vulnerability/wordpress-realtyna-organic-idx-plugin-plugin-5-0-0-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin allows PHP Local File Inclusion. This issue affects Realtyna Organic IDX plugin: from n/a through 5.0.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54049", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54048", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-sql-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-sql-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54046", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/ql-cost-calculator/vulnerability/wordpress-cost-calculator-plugin-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/ql-cost-calculator/vulnerability/wordpress-cost-calculator-plugin-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54044", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/elite-video-player/vulnerability/wordpress-elite-video-player-10-0-5-cross-site-scripting-xss-vulnerability-2?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/elite-video-player/vulnerability/wordpress-elite-video-player-10-0-5-cross-site-scripting-xss-vulnerability-2?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54040", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/webba-booking-lite/vulnerability/wordpress-webba-booking-5-1-20-broken-access-control-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/webba-booking-lite/vulnerability/wordpress-webba-booking-5-1-20-broken-access-control-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54034", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-4-10-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-4-10-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54032", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/real-estate-manager-pro/vulnerability/wordpress-real-estate-manager-pro-plugin-12-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/real-estate-manager-pro/vulnerability/wordpress-real-estate-manager-pro-plugin-12-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54031", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/supportboard/vulnerability/wordpress-support-board-3-8-0-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/supportboard/vulnerability/wordpress-support-board-3-8-0-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54028", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-7-2-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-7-2-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54027", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/supportboard/vulnerability/wordpress-support-board-3-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/supportboard/vulnerability/wordpress-support-board-3-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. This issue affects Support Board: from n/a through 3.8.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54025", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/woo-coupon-usage/vulnerability/wordpress-coupon-affiliates-plugin-6-4-0-settings-change-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/woo-coupon-usage/vulnerability/wordpress-coupon-affiliates-plugin-6-4-0-settings-change-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54021", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/simple-file-list/vulnerability/wordpress-simple-file-list-6-1-14-arbitrary-file-download-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/simple-file-list/vulnerability/wordpress-simple-file-list-6-1-14-arbitrary-file-download-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal. This issue affects Simple File List: from n/a through 6.1.14." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54019", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-5-arbitrary-code-execution-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-5-arbitrary-code-execution-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection. This issue affects Alone: from n/a through n/a." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54017", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-4-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-4-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54014", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-health-medical-clinic-15-1-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-health-medical-clinic-15-1-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54012", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/usc-e-shop/vulnerability/wordpress-welcart-e-commerce-plugin-2-11-16-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/usc-e-shop/vulnerability/wordpress-welcart-e-commerce-plugin-2-11-16-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/a through 2.11.16." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54008", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-smart-filters/vulnerability/wordpress-jetsmartfilters-3-6-7-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-smart-filters/vulnerability/wordpress-jetsmartfilters-3-6-7-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters allows Retrieve Embedded Sensitive Data. This issue affects JetSmartFilters: from n/a through 3.6.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54007", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-11-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-11-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Object Injection. This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.11." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53998", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-woo-builder/vulnerability/wordpress-jetwoobuilder-2-1-20-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-woo-builder/vulnerability/wordpress-jetwoobuilder-2-1-20-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder allows Retrieve Embedded Sensitive Data. This issue affects JetWooBuilder: from n/a through 2.1.20." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53993", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-popup/vulnerability/wordpress-jetpopup-2-0-15-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-popup/vulnerability/wordpress-jetpopup-2-0-15-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup allows Retrieve Embedded Sensitive Data. This issue affects JetPopup: from n/a through 2.0.15." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53992", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-tricks/vulnerability/wordpress-jettricks-1-5-4-1-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-tricks/vulnerability/wordpress-jettricks-1-5-4-1-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks allows Retrieve Embedded Sensitive Data. This issue affects JetTricks: from n/a through 1.5.4.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53988", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-blocks/vulnerability/wordpress-jetblocks-for-elementor-1-3-18-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-blocks/vulnerability/wordpress-jetblocks-for-elementor-1-3-18-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetBlocks For Elementor: from n/a through 1.3.18." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53987", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-menu/vulnerability/wordpress-jetmenu-2-4-11-1-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-menu/vulnerability/wordpress-jetmenu-2-4-11-1-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu allows Retrieve Embedded Sensitive Data. This issue affects JetMenu: from n/a through 2.4.11.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53985", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-tabs/vulnerability/wordpress-jettabs-2-2-9-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-tabs/vulnerability/wordpress-jettabs-2-2-9-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs allows Retrieve Embedded Sensitive Data. This issue affects JetTabs: from n/a through 2.2.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53983", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-7-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-7-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53580", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-6-9-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-6-9-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple Business Directory Pro: from n/a through n/a." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53577", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/global-dns/vulnerability/wordpress-global-dns-plugin-3-1-0-remote-code-execution-rce-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/global-dns/vulnerability/wordpress-global-dns-plugin-3-1-0-remote-code-execution-rce-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DNS: from n/a through 3.1.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53567", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/ghostkit/vulnerability/wordpress-ghost-kit-3-4-1-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/ghostkit/vulnerability/wordpress-ghost-kit-3-4-1-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit allows PHP Local File Inclusion. This issue affects Ghost Kit: from n/a through 3.4.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53565", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/business-reviews-wp/vulnerability/wordpress-widget-for-google-reviews-1-0-15-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/business-reviews-wp/vulnerability/wordpress-widget-for-google-reviews-1-0-15-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion. This issue affects Widget for Google Reviews: from n/a through 1.0.15." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53564", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg_radio_player_addon_visual_composer/vulnerability/wordpress-html5-radio-player-wpbakery-page-builder-addon-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg_radio_player_addon_visual_composer/vulnerability/wordpress-html5-radio-player-wpbakery-page-builder-addon-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Reflected XSS. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53563", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/video_player_youtube_vimeo/vulnerability/wordpress-youtube-vimeo-video-player-and-slider-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/video_player_youtube_vimeo/vulnerability/wordpress-youtube-vimeo-video-player-and-slider-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider: from n/a through 3.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53562", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg_universal_video_player_addon_visual_composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg_universal_video_player_addon_visual_composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53561", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-35" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/prevent-file-access/vulnerability/wordpress-prevent-files-folders-access-plugin-2-6-0-path-traversal-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/prevent-file-access/vulnerability/wordpress-prevent-files-folders-access-plugin-2-6-0-path-traversal-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53560", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/noisa/vulnerability/wordpress-noisa-2-6-0-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/noisa/vulnerability/wordpress-noisa-2-6-0-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This issue affects Noisa: from n/a through 2.6.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53559", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-universal-video-player-addon-visual-composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability-3?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-universal-video-player-addon-visual-composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability-3?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53319", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/adthrive-ads/vulnerability/wordpress-raptive-ads-plugin-3-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/adthrive-ads/vulnerability/wordpress-raptive-ads-plugin-3-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53299", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/tmm_content_composer/vulnerability/wordpress-thememakers-visual-content-composer-plugin-1-5-8-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/tmm_content_composer/vulnerability/wordpress-thememakers-visual-content-composer-plugin-1-5-8-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer allows Object Injection. This issue affects ThemeMakers Visual Content Composer: from n/a through 1.5.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53226", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/comments-capcha-box/vulnerability/wordpress-comments-capcha-box-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/comments-capcha-box/vulnerability/wordpress-comments-capcha-box-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box allows Reflected XSS. This issue affects Comments Capcha Box: from n/a through 1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53213", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/elex-reachship-multi-carrier-conditional-shipping/vulnerability/wordpress-reachship-woocommerce-multi-carrier-conditional-shipping-4-3-1-arbitrary-file-upload-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/elex-reachship-multi-carrier-conditional-shipping/vulnerability/wordpress-reachship-woocommerce-multi-carrier-conditional-shipping-4-3-1-arbitrary-file-upload-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a through 4.3.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53212", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/revolution-video-player/vulnerability/wordpress-revolution-video-player-with-bottom-playlist-2-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/revolution-video-player/vulnerability/wordpress-revolution-video-player-with-bottom-playlist-2-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a through 2.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53210", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/zoloblocks/vulnerability/wordpress-zoloblocks-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/zoloblocks/vulnerability/wordpress-zoloblocks-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PHP Local File Inclusion. This issue affects ZoloBlocks: from n/a through 2.3.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53208", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/paymaya-checkout-for-woocommerce/vulnerability/wordpress-maya-business-1-2-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/paymaya-checkout-for-woocommerce/vulnerability/wordpress-maya-business-1-2-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Maya Business: from n/a through 1.2.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53207", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-travel-blocks/vulnerability/wordpress-wp-travel-gutenberg-blocks-3-9-0-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-travel-blocks/vulnerability/wordpress-wp-travel-gutenberg-blocks-3-9-0-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks allows PHP Local File Inclusion. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53205", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-audio4-html5-shoutcast/vulnerability/wordpress-radio-player-shoutcast-icecast-4-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-audio4-html5-shoutcast/vulnerability/wordpress-radio-player-shoutcast-icecast-4-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast allows Reflected XSS. This issue affects Radio Player Shoutcast & Icecast: from n/a through 4.4.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53204", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/eventlist/vulnerability/wordpress-eventlist-1-9-2-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/eventlist/vulnerability/wordpress-eventlist-1-9-2-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows PHP Local File Inclusion. This issue affects eventlist: from n/a through 1.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53201", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/noo-jobmonster/vulnerability/wordpress-jobmonster-4-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/noo-jobmonster/vulnerability/wordpress-jobmonster-4-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster allows Reflected XSS. This issue affects Jobmonster: from n/a through 4.7.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53198", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-4-0-4-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-4-0-4-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53196", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-3-7-0-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-3-7-0-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53195", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53194", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1336" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-3-7-0-remote-code-execution-rce-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-3-7-0-remote-code-execution-rce-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection. This issue affects JetEngine: from n/a through 3.7.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49896", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-discord-post-plus/vulnerability/wordpress-wp-discord-post-plus-supports-unlimited-channels-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-discord-post-plus/vulnerability/wordpress-wp-discord-post-plus-supports-unlimited-channels-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus – Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus – Supports Unlimited Channels: from n/a through 1.0.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49894", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-emmet/vulnerability/wordpress-wp-emmet-plugin-0-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-emmet/vulnerability/wordpress-wp-emmet-plugin-0-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rewish WP Emmet allows Stored XSS. This issue affects WP Emmet: from n/a through 0.3.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49893", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/elizaibot-chatbots/vulnerability/wordpress-elizaibots-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/elizaibot-chatbots/vulnerability/wordpress-elizaibots-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in liseperu Elizaibots allows Stored XSS. This issue affects Elizaibots: from n/a through 1.0.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49892", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/pending-order-bot/vulnerability/wordpress-pending-order-bot-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/pending-order-bot/vulnerability/wordpress-pending-order-bot-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badasswp Pending Order Bot allows Stored XSS. This issue affects Pending Order Bot: from n/a through 1.0.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49891", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/simple-contact-info-widget/vulnerability/wordpress-contact-info-widget-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/simple-contact-info-widget/vulnerability/wordpress-contact-info-widget-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in riotweb Contact Info Widget allows Stored XSS. This issue affects Contact Info Widget: from n/a through 2.6.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49890", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/awstats-script/vulnerability/wordpress-awstats-script-plugin-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/awstats-script/vulnerability/wordpress-awstats-script-plugin-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jorge Garcia de Bustos AWStats Script allows Stored XSS. This issue affects AWStats Script: from n/a through 0.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49889", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/customcomment/vulnerability/wordpress-custom-comment-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/customcomment/vulnerability/wordpress-custom-comment-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49438", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/simple-login-log/vulnerability/wordpress-simple-login-log-plugin-1-1-3-php-object-injection-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/simple-login-log/vulnerability/wordpress-simple-login-log-plugin-1-1-3-php-object-injection-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49436", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/custom-menu/vulnerability/wordpress-custom-menu-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/custom-menu/vulnerability/wordpress-custom-menu-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49434", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/laposta-woocommerce/vulnerability/wordpress-laposta-woocommerce-plugin-1-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/laposta-woocommerce/vulnerability/wordpress-laposta-woocommerce-plugin-1-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stijnvanderree Laposta WooCommerce allows Stored XSS. This issue affects Laposta WooCommerce: from n/a through 1.9.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49428", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/cookie-warning/vulnerability/wordpress-cookie-warning-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/cookie-warning/vulnerability/wordpress-cookie-warning-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49426", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/cookie-warning/vulnerability/wordpress-cookie-warning-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/cookie-warning/vulnerability/wordpress-cookie-warning-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49424", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/animated-icon-banner-for-visual-composer/vulnerability/wordpress-essential-doo-components-for-visual-composer-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/animated-icon-banner-for-visual-composer/vulnerability/wordpress-essential-doo-components-for-visual-composer-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a through 1.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49422", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/iframe-wrapper/vulnerability/wordpress-iframe-wrapper-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/iframe-wrapper/vulnerability/wordpress-iframe-wrapper-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49420", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/markup-markdown/vulnerability/wordpress-markup-markdown-plugin-3-20-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/markup-markdown/vulnerability/wordpress-markup-markdown-plugin-3-20-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre-Henri Lavigne Markup Markdown allows Stored XSS. This issue affects Markup Markdown: from n/a through 3.20.6." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49413", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/terms-of-service-and-privacy-policy/vulnerability/wordpress-terms-of-service-privacy-policy-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/terms-of-service-and-privacy-policy/vulnerability/wordpress-terms-of-service-privacy-policy-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishloop Terms of Service & Privacy Policy Generator allows Stored XSS. This issue affects Terms of Service & Privacy Policy Generator: from n/a through 1.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49412", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/page-transition/vulnerability/wordpress-page-transition-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/page-transition/vulnerability/wordpress-page-transition-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition allows Stored XSS. This issue affects Page Transition: from n/a through 1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49411", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/iframe-block/vulnerability/wordpress-iframe-block-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/iframe-block/vulnerability/wordpress-iframe-block-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49410", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/tc-testimonial/vulnerability/wordpress-tc-testimonials-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/tc-testimonial/vulnerability/wordpress-tc-testimonials-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49409", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/sensorpress-uptime-monitoring/vulnerability/wordpress-sensorpress-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/sensorpress-uptime-monitoring/vulnerability/wordpress-sensorpress-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49408", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-201" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/templately/vulnerability/wordpress-templately-plugin-3-2-7-sensitive-data-exposure-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/templately/vulnerability/wordpress-templately-plugin-3-2-7-sensitive-data-exposure-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49406", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-4-1-1-broken-access-control-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-4-1-1-broken-access-control-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49400", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49399", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-9-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-9-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49397", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-colorbox/vulnerability/wordpress-colorbox-lightbox-plugin-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-colorbox/vulnerability/wordpress-colorbox-lightbox-plugin-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox allows Stored XSS. This issue affects Colorbox Lightbox: from n/a through 1.1.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49396", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-7-broken-access-control-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-7-broken-access-control-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Missing Authorization vulnerability in themifyme Themify Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Themify Builder: from n/a through 7.6.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49395", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/themify-icons/vulnerability/wordpress-themify-icons-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/themify-icons/vulnerability/wordpress-themify-icons-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49392", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/themify-audio-dock/vulnerability/wordpress-themify-audio-dock-plugin-2-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/themify-audio-dock/vulnerability/wordpress-themify-audio-dock-plugin-2-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Audio Dock allows Stored XSS. This issue affects Themify Audio Dock: from n/a through 2.0.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49391", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49389", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/notice-bar/vulnerability/wordpress-notice-bar-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/notice-bar/vulnerability/wordpress-notice-bar-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49382", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/jobzilla/vulnerability/wordpress-jobzilla-job-board-wordpress-theme-theme-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/jobzilla/vulnerability/wordpress-jobzilla-job-board-wordpress-theme-theme-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation. This issue affects JobZilla - Job Board WordPress Theme: from n/a through 2.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-49381", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/adstxt-guru-connect/vulnerability/wordpress-ads-txt-guru-connect-plugin-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/adstxt-guru-connect/vulnerability/wordpress-ads-txt-guru-connect-plugin-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Guru Connect: from n/a through 1.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48302", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-fundraising-donation/vulnerability/wordpress-fundengine-plugin-1-7-4-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-fundraising-donation/vulnerability/wordpress-fundengine-plugin-1-7-4-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48298", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/seopress-for-mainwp/vulnerability/wordpress-seopress-for-mainwp-1-4-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/seopress-for-mainwp/vulnerability/wordpress-seopress-for-mainwp-1-4-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP allows PHP Local File Inclusion. This issue affects SEOPress for MainWP: from n/a through 1.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48297", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-14-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-14-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48296", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/upstore/vulnerability/wordpress-upstore-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/upstore/vulnerability/wordpress-upstore-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore allows Reflected XSS. This issue affects UpStore: from n/a through 1.7.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48171", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/cena/vulnerability/wordpress-cena-store-2-11-26-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/cena/vulnerability/wordpress-cena-store-2-11-26-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store allows PHP Local File Inclusion. This issue affects Cena Store: from n/a through 2.11.26." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48170", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-universal-video-player-addon-visual-composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-universal-video-player-addon-visual-composer/vulnerability/wordpress-universal-video-player-addon-for-wpbakery-page-builder-3-2-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48169", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/code-engine/vulnerability/wordpress-code-engine-plugin-0-3-3-remote-code-execution-rce-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/code-engine/vulnerability/wordpress-code-engine-plugin-0-3-3-remote-code-execution-rce-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48168", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-audio5-html5-shoutcast-sticky/vulnerability/wordpress-apollo-sticky-full-width-html5-audio-player-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-audio5-html5-shoutcast-sticky/vulnerability/wordpress-apollo-sticky-full-width-html5-audio-player-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player allows Reflected XSS. This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through 3.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48165", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/delucks-seo/vulnerability/wordpress-delucks-seo-plugin-2-6-0-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/delucks-seo/vulnerability/wordpress-delucks-seo-plugin-2-6-0-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO allows Privilege Escalation. This issue affects DELUCKS SEO: from n/a through 2.6.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48164", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/suredash/vulnerability/wordpress-suredash-1-0-3-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/suredash/vulnerability/wordpress-suredash-1-0-3-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48163", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg-audio8-html5-radio-ads/vulnerability/wordpress-shout-html5-radio-player-with-ads-shoutcast-and-icecast-support-3-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg-audio8-html5-radio-ads/vulnerability/wordpress-shout-html5-radio-player-with-ads-shoutcast-and-icecast-support-3-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support allows Reflected XSS. This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through 3.5.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48162", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-15-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-15-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro allows Reflected XSS. This issue affects Simple Business Directory Pro: from n/a through 15.5.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48160", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/caliris-wp/vulnerability/wordpress-caliris-1-5-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/caliris-wp/vulnerability/wordpress-caliris-1-5-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris allows PHP Local File Inclusion. This issue affects Caliris: from n/a through 1.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48159", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/video-player-youtube-vimeo/vulnerability/wordpress-youtube-vimeo-video-player-and-slider-wp-plugin-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/video-player-youtube-vimeo/vulnerability/wordpress-youtube-vimeo-video-player-and-slider-wp-plugin-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through 3.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48158", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/buddypress-xprofile-image-field/vulnerability/wordpress-buddypress-xprofile-custom-image-field-plugin-3-0-1-arbitrary-file-deletion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/buddypress-xprofile-image-field/vulnerability/wordpress-buddypress-xprofile-custom-image-field-plugin-3-0-1-arbitrary-file-deletion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal. This issue affects BuddyPress XProfile Custom Image Field: from n/a through 3.0.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48157", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/formality/vulnerability/wordpress-formality-1-5-9-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/formality/vulnerability/wordpress-formality-1-5-9-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48154", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/lbg_vp_youtube_vimeo_addon_visual_composer/vulnerability/wordpress-multimedia-playlist-slider-addon-for-wpbakery-page-builder-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/lbg_vp_youtube_vimeo_addon_visual_composer/vulnerability/wordpress-multimedia-playlist-slider-addon-for-wpbakery-page-builder-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48152", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/rentsyst/vulnerability/wordpress-rentsyst-plugin-2-0-100-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/rentsyst/vulnerability/wordpress-rentsyst-plugin-2-0-100-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst allows Reflected XSS. This issue affects Rentsyst: from n/a through 2.0.100." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48151", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/cm-map-locations/vulnerability/wordpress-cm-map-locations-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/cm-map-locations/vulnerability/wordpress-cm-map-locations-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.1.6." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48149", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/theme/cookandmeal/vulnerability/wordpress-cook-meal-1-2-3-local-file-inclusion-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/theme/cookandmeal/vulnerability/wordpress-cook-meal-1-2-3-local-file-inclusion-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion. This issue affects Cook&Meal: from n/a through 1.2.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48148", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/storekeeper-for-woocommerce/vulnerability/wordpress-storekeeper-for-woocommerce-plugin-14-4-4-arbitrary-file-upload-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/storekeeper-for-woocommerce/vulnerability/wordpress-storekeeper-for-woocommerce-plugin-14-4-4-arbitrary-file-upload-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-48142", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/bookify/vulnerability/wordpress-bookify-1-0-9-privilege-escalation-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/bookify/vulnerability/wordpress-bookify-1-0-9-privilege-escalation-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-47650", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/infility-global/vulnerability/wordpress-infility-global-2-11-2-arbitrary-file-download-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/infility-global/vulnerability/wordpress-infility-global-2-11-2-arbitrary-file-download-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal. This issue affects Infility Global: from n/a through 2.14.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-30975", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/add-custom-codes/vulnerability/wordpress-add-custom-codes-4-80-arbitrary-code-execution-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/add-custom-codes/vulnerability/wordpress-add-custom-codes-4-80-arbitrary-code-execution-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection. This issue affects Add Custom Codes: from n/a through 4.80." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-28977", "ASSIGNER" : "audit@patchstack.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://patchstack.com/database/wordpress/plugin/wp-pipes/vulnerability/wordpress-wp-pipes-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "name" : "https://patchstack.com/database/wordpress/plugin/wp-pipes/vulnerability/wordpress-wp-pipes-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T08:15Z", "lastModifiedDate" : "2025-08-20T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9202", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://research.cleantalk.org/CVE-2025-9202", "name" : "https://research.cleantalk.org/CVE-2025-9202", "refsource" : "", "tags" : [ ] }, { "url" : "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php", "name" : "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-20T07:15Z", "lastModifiedDate" : "2025-08-20T07:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8618", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/woo-smart-quick-view/trunk/wpc-smart-quick-view.php#L545", "name" : "https://plugins.trac.wordpress.org/browser/woo-smart-quick-view/trunk/wpc-smart-quick-view.php#L545", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3346074/", "name" : "https://plugins.trac.wordpress.org/changeset/3346074/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/woo-smart-quick-view", "name" : "https://wordpress.org/plugins/woo-smart-quick-view", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8b2ec1-a76b-42df-8540-4aecaa35efd3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8b2ec1-a76b-42df-8540-4aecaa35efd3?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2025-08-20T05:15Z", "lastModifiedDate" : "2025-08-20T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55706", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jvn.jp/en/jp/JVN76729865/", "name" : "https://jvn.jp/en/jp/JVN76729865/", "refsource" : "", "tags" : [ ] }, { "url" : "https://movabletype.org/news/2025/08/mt-843-released.html", "name" : "https://movabletype.org/news/2025/08/mt-843-released.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T05:15Z", "lastModifiedDate" : "2025-08-20T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54551", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-472" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://healthcaresolutions-us.fujifilm.com/synapse-mobility-vulnerability-notification", "name" : "https://healthcaresolutions-us.fujifilm.com/synapse-mobility-vulnerability-notification", "refsource" : "", "tags" : [ ] }, { "url" : "https://jvn.jp/en/vu/JVNVU94286093/", "name" : "https://jvn.jp/en/vu/JVNVU94286093/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the search function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T05:15Z", "lastModifiedDate" : "2025-08-20T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-53522", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-348" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jvn.jp/en/jp/JVN76729865/", "name" : "https://jvn.jp/en/jp/JVN76729865/", "refsource" : "", "tags" : [ ] }, { "url" : "https://movabletype.org/news/2025/08/mt-843-released.html", "name" : "https://movabletype.org/news/2025/08/mt-843-released.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T05:15Z", "lastModifiedDate" : "2025-08-20T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57791", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-88" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html", "name" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57790", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-36" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html", "name" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57789", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-257" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html", "name" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57788", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-259" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html", "name" : "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57748", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57747", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57746", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57745", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57744", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57743", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-57742", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Not used" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T04:16Z", "lastModifiedDate" : "2025-08-20T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8289", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.4/classes/class-wpcf7r-save-files.php#L80", "name" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.4/classes/class-wpcf7r-save-files.php#L80", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7909b75-8087-4d38-8325-c619bf84d997?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7909b75-8087-4d38-8325-c619bf84d997?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a file upload action, and doesn't affect sites with PHP version > 8. This vulnerability also requires the 'Redirection For Contact Form 7 Extension - Create Post' extension to be installed and activated in order to be exploited. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. We confirmed there is a usable gadget in Contact Form 7 plugin that makes arbitrary file deletion possible when installed with this plugin. Given Contact Form 7 is a requirement of this plugin, it is likely that any site with this plugin and the 'Redirection For Contact Form 7 Extension - Create Post' extension enabled is vulnerable to arbitrary file deletion." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 } }, "publishedDate" : "2025-08-20T03:15Z", "lastModifiedDate" : "2025-08-20T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8145", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.3/classes/class-wpcf7r-lead.php#L144", "name" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.3/classes/class-wpcf7r-lead.php#L144", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb275d5-ec4b-419f-84e1-84172d381411?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb275d5-ec4b-419f-84e1-84172d381411?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in a Contact Form 7 plugin allows attackers to delete arbitrary files. Additionally, in certain server configurations, Remote Code Execution is possible" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2025-08-20T03:15Z", "lastModifiedDate" : "2025-08-20T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8141", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.3/classes/class-wpcf7r-save-files.php#L80", "name" : "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.3/classes/class-wpcf7r-save-files.php#L80", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fafd0159-25ab-430d-88ef-c4d09d23baa7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fafd0159-25ab-430d-88ef-c4d09d23baa7?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2025-08-20T03:15Z", "lastModifiedDate" : "2025-08-20T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54364", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1333" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/microsoft/knack", "name" : "https://github.com/microsoft/knack", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos", "name" : "https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 2 of 2)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T03:15Z", "lastModifiedDate" : "2025-08-20T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54363", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1333" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/microsoft/knack", "name" : "https://github.com/microsoft/knack", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos", "name" : "https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T03:15Z", "lastModifiedDate" : "2025-08-20T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9132", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html", "name" : "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://issues.chromium.org/issues/436181695", "name" : "https://issues.chromium.org/issues/436181695", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T01:15Z", "lastModifiedDate" : "2025-08-20T01:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-12223", "ASSIGNER" : "vdp@themissinglink.com.au" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.themissinglink.com.au/security-advisories/cve-2024-12223", "name" : "https://www.themissinglink.com.au/security-advisories/cve-2024-12223", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-20T01:15Z", "lastModifiedDate" : "2025-08-20T01:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9193", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1iorjSJ8gh3hTDZUy1fHyV-TJXFP43yIo/view?usp=sharing", "name" : "https://drive.google.com/file/d/1iorjSJ8gh3hTDZUy1fHyV-TJXFP43yIo/view?usp=sharing", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320579", "name" : "VDB-320579 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320579", "name" : "VDB-320579 | TOTVS Portal Meu RH Password Reset redirect", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.636360", "name" : "Submit #636360 | TOTVS Portal Meu RH 12.1.17 Open Redirect combined with phishing in password reset", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and may be used. Upgrading to version 12.1.2410.274, 12.1.2502.178 and 12.1.2506.121 is recommended to address this issue. It is recommended to upgrade the affected component. The vendor explains, that \"[o]ur internal validation (...) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs.\" This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-20T00:15Z", "lastModifiedDate" : "2025-08-20T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9176", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" }, { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01", "name" : "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320557", "name" : "VDB-320557 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320557", "name" : "VDB-320557 | neurobin shc Environment Variable shc.c make os command injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630744", "name" : "Submit #630744 | shc <=4.0.3 Command Execution", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-20T00:15Z", "lastModifiedDate" : "2025-08-20T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9175", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087", "name" : "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320556", "name" : "VDB-320556 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320556", "name" : "VDB-320556 | neurobin shc shc.c make stack-based overflow", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630743", "name" : "Submit #630743 | shc <=4.0.3 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T23:15Z", "lastModifiedDate" : "2025-08-19T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9174", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" }, { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96", "name" : "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320555", "name" : "VDB-320555 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320555", "name" : "VDB-320555 | neurobin shc Filename shc.c make os command injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630742", "name" : "Submit #630742 | shc <=4.0.3 Command Execution", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T23:15Z", "lastModifiedDate" : "2025-08-19T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9171", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320548", "name" : "VDB-320548 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320548", "name" : "VDB-320548 | SolidInvoice Clients clients cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630639", "name" : "Submit #630639 | Open-Source SolidInvoice 2.4.0 PoC – Stored XSS via Client Name Field in SolidInvoice 2.4.0", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T23:15Z", "lastModifiedDate" : "2025-08-19T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9170", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md#-exploitation-steps", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md#-exploitation-steps", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320547", "name" : "VDB-320547 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320547", "name" : "VDB-320547 | SolidInvoice Tax Rates rates cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630627", "name" : "Submit #630627 | Open-Source SolidInvoice 2.4.0 Stored Cross-Site Scripting (XSS)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T22:15Z", "lastModifiedDate" : "2025-08-19T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9169", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320546", "name" : "VDB-320546 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320546", "name" : "VDB-320546 | SolidInvoice Quote quotes cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630626", "name" : "Submit #630626 | Open-Source SolidInvoic 2.4.0 stored Cross-Site Scripting (XSS)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T22:15Z", "lastModifiedDate" : "2025-08-19T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9187", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072", "name" : "Memory safety bugs fixed in Firefox 142 and Thunderbird 142", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9186", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1445758", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1445758", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9185", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166", "name" : "Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9184", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1929482%2C1976376%2C1979163%2C1979955", "name" : "Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9183", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976102", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976102", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9182", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9181", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9180", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9179", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-64/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-65/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-66/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-67/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-70/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-71/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-72/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9168", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md#-exploitation-steps", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md#-exploitation-steps", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320545", "name" : "VDB-320545 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320545", "name" : "VDB-320545 | SolidInvoice Invoice Creation invoice cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630625", "name" : "Submit #630625 | Open-Source SolidInvoice 2.4.0 Stored Cross-Site Scripting (XSS)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9167", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md#-exploitation-steps", "name" : "https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md#-exploitation-steps", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320544", "name" : "VDB-320544 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320544", "name" : "VDB-320544 | SolidInvoice Recurring Invoice recurring cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630624", "name" : "Submit #630624 | Open-Source SolidInvoice 2.4.0 Stored Cross-Site Scripting (XSS)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8364", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1909609", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1909609", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1969937", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1969937", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.\n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8042", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1791322", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1791322", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8041", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-56/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55033", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55032", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55031", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-69/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55030", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976304", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1976304", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55029", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1973577", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1973577", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55028", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1850240", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1850240", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-68/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54145", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1946122", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1946122", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54144", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1946062", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1946062", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54143", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "name" : "https://www.mozilla.org/security/advisories/mfsa2025-60/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T21:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9165", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" }, { "lang" : "en", "value" : "CWE-401" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.libtiff.org/", "name" : "http://www.libtiff.org/", "refsource" : "", "tags" : [ ] }, { "url" : "https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing", "name" : "https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing", "refsource" : "", "tags" : [ ] }, { "url" : "https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0", "name" : "https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0", "refsource" : "", "tags" : [ ] }, { "url" : "https://gitlab.com/libtiff/libtiff/-/issues/728", "name" : "https://gitlab.com/libtiff/libtiff/-/issues/728", "refsource" : "", "tags" : [ ] }, { "url" : "https://gitlab.com/libtiff/libtiff/-/merge_requests/747", "name" : "https://gitlab.com/libtiff/libtiff/-/merge_requests/747", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320543", "name" : "VDB-320543 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320543", "name" : "VDB-320543 | LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630506", "name" : "Submit #630506 | libtiff tiffcmp 4.7.0+ (latest master branch) Memory Leak", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630507", "name" : "Submit #630507 | libtiff tiffcmp 4.7.0+ (latest master branch) Memory Leak (Duplicate)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9157", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing", "name" : "https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da", "name" : "https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/appneta/tcpreplay/issues/970", "name" : "https://github.com/appneta/tcpreplay/issues/970", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053", "name" : "https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320537", "name" : "VDB-320537 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320537", "name" : "VDB-320537 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630495", "name" : "Submit #630495 | tcpreplay tcprewrite tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9156", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kangsf1989/2025/issues/1", "name" : "https://github.com/kangsf1989/2025/issues/1", "refsource" : "", "tags" : [ ] }, { "url" : "https://itsourcecode.com/", "name" : "https://itsourcecode.com/", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320536", "name" : "VDB-320536 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320536", "name" : "VDB-320536 | itsourcecode Sports Management System sports.php sql injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630274", "name" : "Submit #630274 | itsourcecode Sports Management System V1.0 SQL injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9155", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/HjsCS/CVE/issues/2", "name" : "https://github.com/HjsCS/CVE/issues/2", "refsource" : "", "tags" : [ ] }, { "url" : "https://itsourcecode.com/", "name" : "https://itsourcecode.com/", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320535", "name" : "VDB-320535 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320535", "name" : "VDB-320535 | itsourcecode Online Tour and Travel Management System forget_password.php sql injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630202", "name" : "Submit #630202 | itsourcecode Online Tour and Travel Management System V1.0 SQL injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55740", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1392" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Anipaleja/nginx-defender/security/advisories/GHSA-pr72-8fxw-xx22", "name" : "https://github.com/Anipaleja/nginx-defender/security/advisories/GHSA-pr72-8fxw-xx22", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files\nconfig.yaml and docker-compose.yml contain default credentials (default_password: \"change_me_please\", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55737", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-88wr", "name" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-88wr", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-52337", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cwe.mitre.org/data/definitions/434.html", "name" : "https://cwe.mitre.org/data/definitions/434.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/TrustStackSecurity/Advisories/blob/main/CVE-2025-52337/README.md", "name" : "https://github.com/TrustStackSecurity/Advisories/blob/main/CVE-2025-52337/README.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvd.nist.gov/vuln/detail/CVE-2022-22947", "name" : "https://nvd.nist.gov/vuln/detail/CVE-2022-22947", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-51543", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cicool.com", "name" : "http://cicool.com", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/JustDinooo/CVEs/blob/main/CVE-2025-51543/poc.md", "name" : "https://github.com/JustDinooo/CVEs/blob/main/CVE-2025-51543/poc.md", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-50926", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstorm.news/files/id/207907", "name" : "https://packetstorm.news/files/id/207907", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.ehcp.net/?p=402", "name" : "https://www.ehcp.net/?p=402", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-43744", "ASSIGNER" : "security@liferay.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744", "name" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-43743", "ASSIGNER" : "security@liferay.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743", "name" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-2988", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-497" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.ibm.com/support/pages/node/7242391", "name" : "https://www.ibm.com/support/pages/node/7242391", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 } }, "publishedDate" : "2025-08-19T20:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9154", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/HjsCS/CVE/issues/3", "name" : "https://github.com/HjsCS/CVE/issues/3", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/HjsCS/CVE/issues/3", "name" : "https://github.com/HjsCS/CVE/issues/3", "refsource" : "", "tags" : [ ] }, { "url" : "https://itsourcecode.com/", "name" : "https://itsourcecode.com/", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320534", "name" : "VDB-320534 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320534", "name" : "VDB-320534 | itsourcecode Online Tour and Travel Management System page-login.php sql injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630201", "name" : "Submit #630201 | itsourcecode Online Tour and Travel Management System V1.0 SQL injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9153", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/HjsCS/CVE/issues/4", "name" : "https://github.com/HjsCS/CVE/issues/4", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/HjsCS/CVE/issues/4", "name" : "https://github.com/HjsCS/CVE/issues/4", "refsource" : "", "tags" : [ ] }, { "url" : "https://itsourcecode.com/", "name" : "https://itsourcecode.com/", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320533", "name" : "VDB-320533 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320533", "name" : "VDB-320533 | itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.630200", "name" : "Submit #630200 | itsourcecode Online Tour and Travel Management System V1.0 Unrestricted Upload", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55736", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-425" }, { "lang" : "en", "value" : "CWE-807" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72", "name" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to \"admin\", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55735", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-807" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-gj9v-qhc3-gcfx", "name" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-gj9v-qhc3-gcfx", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable \"postContent\". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55734", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-h239-vv39-v3vx", "name" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-h239-vv39-v3vx", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-jw79-2xvp-76p8", "name" : "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-jw79-2xvp-76p8", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is \"admin\" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page, but that control is not done for the pages routes/adminPanelComments.py and routes/adminPanelPosts.py. Thus, an unauthorized user can bypass the intended restrictions, leaking sensitive data and accessing the following pages: /admin/posts, /adminpanel/posts, /admin/comments, and /adminpanel/comments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55733", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ThinkInAIXYZ/deepchat/commit/a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2", "name" : "https://github.com/ThinkInAIXYZ/deepchat/commit/a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2j", "name" : "https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2j", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2j", "name" : "https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2j", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55306", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6", "name" : "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55303", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820", "name" : "https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749", "name" : "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749", "name" : "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images. A bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png. This vulnerability is fixed in 5.13.2 and 4.16.18." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-52338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cwe.mitre.org/data/definitions/521.html", "name" : "https://cwe.mitre.org/data/definitions/521.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://cwe.mitre.org/data/definitions/522.html", "name" : "https://cwe.mitre.org/data/definitions/522.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/TrustStackSecurity/Advisories/tree/main/CVE-2025-52338", "name" : "https://github.com/TrustStackSecurity/Advisories/tree/main/CVE-2025-52338", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.logicdata.com/products/webstore-for-erp-ecommerce-integration/", "name" : "https://www.logicdata.com/products/webstore-for-erp-ecommerce-integration/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-50891", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nikolas-ch/CVEs/blob/main/AdformTracking_ReflectedXSS/AdformTracking_ReflectedXSS.txt", "name" : "https://github.com/nikolas-ch/CVEs/blob/main/AdformTracking_ReflectedXSS/AdformTracking_ReflectedXSS.txt", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/nikolas-ch/CVEs/tree/main/AdformTracking_ReflectedXSS", "name" : "https://github.com/nikolas-ch/CVEs/tree/main/AdformTracking_ReflectedXSS", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie hijacking." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-43745", "ASSIGNER" : "security@liferay.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745", "name" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-43737", "ASSIGNER" : "security@liferay.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43737", "name" : "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43737", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-33008", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.ibm.com/support/pages/node/7242392", "name" : "https://www.ibm.com/support/pages/node/7242392", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-31988", "ASSIGNER" : "psirt@hcl.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123435", "name" : "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123435", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-44373", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/AllskyTeam/allsky", "name" : "https://github.com/AllskyTeam/allsky", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/AllskyTeam/allsky/blob/master/html/includes/save_file.php", "name" : "https://github.com/AllskyTeam/allsky/blob/master/html/includes/save_file.php", "refsource" : "", "tags" : [ ] }, { "url" : "https://lean-strand-cb6.notion.site/CVE-2024-44373-21efbd400a6c80f4a5abf5d5eb9b068c", "name" : "https://lean-strand-cb6.notion.site/CVE-2024-44373-21efbd400a6c80f4a5abf5d5eb9b068c", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T19:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9151", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" }, { "lang" : "en", "value" : "CWE-266" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/echo0d/vulnerability/blob/main/LiuYuYang01_ThriveX-Blog/IncorrectAuthorization.md", "name" : "https://github.com/echo0d/vulnerability/blob/main/LiuYuYang01_ThriveX-Blog/IncorrectAuthorization.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/echo0d/vulnerability/blob/main/LiuYuYang01_ThriveX-Blog/IncorrectAuthorization.md#poc", "name" : "https://github.com/echo0d/vulnerability/blob/main/LiuYuYang01_ThriveX-Blog/IncorrectAuthorization.md#poc", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320530", "name" : "VDB-320530 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320530", "name" : "VDB-320530 | LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.629873", "name" : "Submit #629873 | LiuYuYang01 https://github.com/LiuYuYang01/ThriveX-Blog <=3.1.7 Incorrect Authorization", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9150", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/xinzfy/cve/issues/1", "name" : "https://github.com/xinzfy/cve/issues/1", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320529", "name" : "VDB-320529 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320529", "name" : "VDB-320529 | Surbowl dormitory-management-php violation_add.php sql injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.629618", "name" : "Submit #629618 | github.com dormitory-management-php V1.0 SQL Injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9149", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md", "name" : "https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md#poc", "name" : "https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md#poc", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320528", "name" : "VDB-320528 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320528", "name" : "VDB-320528 | Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.629181", "name" : "Submit #629181 | Wavlink WL-NU516U1-A M16U1_V240425 Buffer Overflow", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-8450", "ASSIGNER" : "security.reports@fortra.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cve.org/cverecord?id=CVE-2025-8450", "name" : "https://www.cve.org/cverecord?id=CVE-2025-8450", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55295", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/StuffAnThings/qbit_manage/releases/tag/v4.5.4", "name" : "https://github.com/StuffAnThings/qbit_manage/releases/tag/v4.5.4", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/StuffAnThings/qbit_manage/security/advisories/GHSA-vh56-26wq-vvfv", "name" : "https://github.com/StuffAnThings/qbit_manage/security/advisories/GHSA-vh56-26wq-vvfv", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55294", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bencevans/screenshot-desktop/commit/59c87b0c175eec76090e6ccde313f4fc5d569b78", "name" : "https://github.com/bencevans/screenshot-desktop/commit/59c87b0c175eec76090e6ccde313f4fc5d569b78", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94", "name" : "https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-55153", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE is a duplicate of another CVE." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T18:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9148", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hip-motorcycle-97a.notion.site/Chat2DB-H2-JDBC-Connection-Remote-Code-Execution-2465f5e4caac80999d51dc98e8fc935f", "name" : "https://hip-motorcycle-97a.notion.site/Chat2DB-H2-JDBC-Connection-Remote-Code-Execution-2465f5e4caac80999d51dc98e8fc935f", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.320527", "name" : "VDB-320527 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320527", "name" : "VDB-320527 | CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.628912", "name" : "Submit #628912 | CodePhiliaX Chat2DB 0.3.7 JDBC Connection Remote Code Execution", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2025-08-19T17:15Z", "lastModifiedDate" : "2025-08-19T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-9147", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.320526", "name" : "VDB-320526 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.320526", "name" : "VDB-320526 | jasonclark getsemantic index.php cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.628786", "name" : "https://vuldb.com/?submit.628786", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.628786", "name" : "Submit #628786 | jasonclark getsemantic Master xss", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T17:15Z", "lastModifiedDate" : "2025-08-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54881", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832", "name" : "https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e", "name" : "https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh", "name" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T17:15Z", "lastModifiedDate" : "2025-08-19T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54880", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc", "name" : "https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4", "name" : "https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw", "name" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw", "name" : "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T17:15Z", "lastModifiedDate" : "2025-08-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-54411", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff", "name" : "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884", "name" : "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate\nany users for the time being. This vulnerability is fixed in 3.5.0.beta8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-08-19T17:15Z", "lastModifiedDate" : "2025-08-19T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2025-52478", "ASSIGNER" : "security-advisories@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/n8n-io/n8n/commit/7940384a85041a1890b1203d69c092c887312500", "name" : "https://github.com/n8n-io/n8n/commit/7940384a85041a1890b1203d69c092c887312500", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/n8n-io/n8n/pull/16329", "name" : "https://github.com/n8n-io/n8n/pull/16329", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/n8n-io/n8n/security/advisories/GHSA-hfmv-hhh3-43f2", "name" : "https://github.com/n8n-io/n8n/security/advisories/GHSA-hfmv-hhh3-43f2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an