CVE-2025-0101

CVE-2025-0101 involves a 32-bit time overflow on WAGO devices where a low-privilege user can set the system date to January 19, 2038. Affected components are not exhaustively listed in the provided documents, but multiple sources (Red Hat, NVD, CVE listing, and vendor-related enrichments) describ...

PT-2025-16563 · Wago · Cc100 0751-9X01 +12

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A user with low privileges can set the device date to January 19, 2038, exceeding the 32-bit time limit. This causes some functions to behave unexpectedly or stop working altogether, both...

CVE-2025-27008

Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through 1.6.1...

CVE-2025-26953

CVE-2025-26953 is a Missing Authorization vulnerability in Crocoblock JetMenu (JetMenu for Elementor) affecting versions up to and including 2.4.9. The issue allows accessing functionality not constrained by ACLs, with CVSS v3.1 base score 7.5 (Network, Low attack complexity, No privileges requir...

CVE-2025-1292

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NVRead functionality during the Challenge-Response process...

CVE-2025-1122

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NVRead functionality during the Challenge-Response process...

CVE-2025-32949

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading...

CVE-2025-32949

PeerTube is affected by an authenticated resource-exhaustion vulnerability in the User Import feature when handling archives. The issue occurs because the archive-reading library yauzl has no mechanism to detect or prevent Zip Bombs, allowing a Zip Bomb to cause extremely large disk-space consump...

CVE-2025-32948

PeerTube (inbox via ActivityPub) is affected by CVE-2025-32948, where mishandling of Create Activity can be abused to crash the server or trigger blind SSRF by sending crafted ActivityPub activities to the inbox. The vulnerability arises from handling ActivityPub activities in playlists, enabling...

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-26944 WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through = 2.0.11...

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

CVE-2025-26942 WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through = 1.5.1...

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

PT-2025-16322 · Jetblog · Jetblog

Name of the Vulnerable Software and Affected Versions: JetBlog versions n/a through 2.4.3 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For JetBlog versions n/a through 2.4.3,...

RHEL 7 : openstack-nova (RHSA-2016:0364)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0364 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

CVE-2025-3556

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

ABB MV Drives

SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...

Cross-Site Scripting (XSS)

publifycore is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the redirect functionality, allowing a publisher to execute scripts in an administrator's browser...