EUVD-2026-31278

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the abilit...

EUVD-2025-209282

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2025-14857

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

EUVD-2025-13997

Malicious code in bioql PyPI...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208

CVE-2025-4208 affects the WordPress plugin “NEX-Forms – Ultimate Forms Plugin for WordPress.” The issue is a Limited Code Execution vulnerability in versions up to 8.9.1 caused by unsanitized user input being passed to call_user_func() inside the get_table_records function. This allows an authent...