CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

CVE-2025-13606

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

CVE-2025-12894

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

CVE-2025-12894

CVE-2025-12894 affects the WordPress Import WP plugin (

DEBIAN-CVE-2012-3818

The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information...