Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the audit logging process. An attacker can obtain sensitive information by accessing improperly redacted HTTP request bodies recorded in audit logs. This may expose short-lived...

GHSA-GHFH-FMX4-26H8 OpenBao leaks HTTPRawBody in Audit Logs

Impact OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacted the following subsystems: - When using the ACME functionality of PKI, this would result in short-lived ACME verification challenge codes being leaked...

CVE-2025-62513 OpenBao leaks HTTPRawBody in Audit Logs

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

EUVD-2025-35533

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

EUVD-2025-35548

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...

EUVD-2025-35555

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through = 2.5.9...

EUVD-2025-35574

Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through = 1.1.23...

CVE-2025-62058 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62058 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62054 WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through = 4.1.8...

CVE-2025-62054 WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through = 4.1.8...

CVE-2025-62058

The CVE-2025-62058 entry concerns the Houzez Theme - Functionality WordPress plugin. A Cross-Site Scripting (XSS) vulnerability arises from improper input neutralization during web page generation in the Houzez Theme - Functionality plugin, affecting versions prior to 4.2.0. Public sources in the...

CVE-2025-62054

CVE-2025-62054 affects the Houzez Theme - Functionality plugin for WordPress (versions up to 4.1.8). The vulnerability is Local File Inclusion due to improper control of the filename in include/require statements (PHP Remote File Inclusion). Wordfence and Patchstack reference this as a LFI issue ...

CVE-2025-11949

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality...

CVE-2025-7851

CVE-2025-7851 affects TP-Link Omada gateways. Connected documents corroborate that an attacker may obtain the root shell on the underlying OS under restricted conditions, via issues described as unauthorized root access through a residual debug code/path and improper privilege management. The vul...

CVE-2025-7851 Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways...

CVE-2025-7851 Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways...

CVE-2025-41390

CVE-2025-41390 concerns an arbitrary code execution in TruffleHog 3.90.2 through the Git core.fsmonitor handling. A specially crafted repository (e.g., copied file-for-file via tar/cp/rsync) can trigger execution when Git operations are invoked by tooling, due to a malicious core.fsmonitor value ...

CVE-2025-41390

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...

WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin 4.2.0 - Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin Houzez Theme - Functionality versions 4.2.0...