CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

EUVD-2025-199817

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-10476

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-10476

WP Fastest Cache for WordPress

SQL Injection

melisplatform/melis-cms is vulnerable to SQL injection.The vulnerability is due to improper validation of the idPage parameter in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint, which allows an attacker to retrieve, create, update, or delete database records through crafted SQL queries...

WordPress WP Fastest Cache plugin <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability

Missing Authorization to Authenticated Subscriber+ DB Cleanup Actions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache versions = 1.4.0...

PT-2025-48261

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc db fix callback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

AMD XOCL driver improper input validation vulnerability

AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...

Library System mail.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...

EUVD-2025-199721

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

codealpha_task3

codealphatask3 This secure code review analyzes a small Flask...

CVE-2025-13507

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

CVE-2025-12743

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

CVE-2025-13596

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 - Veeam Backup & Replication Vulnerability...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)

Last week, there were 167 vulnerabilities disclosed in 152 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

SUSE-SU-2025:21144-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...