1008 matches found
CVE-2025-49416 WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Fastw3b LLC FW Gallery allows PHP Local File Inclusion. This issue affects FW Gallery: from n/a through 8.0.0...
CVE-2025-49416
CVE-2025-49416 affects the WordPress FW Gallery plugin (versions n/a–8.0.0). The vulnerability is an improper filename handling in PHP include/require logic leading to Local File Inclusion (LFI). The issue is severe (CVSS v3.1 base score 8.1) with potential high impact on confidentiality, integri...
CVE-2025-49416 WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File Inclusion.This issue affects FW Gallery: from n/a through = 8.0.0...
CVE-2025-49448 WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0...
CVE-2025-49447
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...
CVE-2025-49415
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...
CVE-2025-49447
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...
CVE-2025-49415
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...
CVE-2025-49415 WordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...
CVE-2025-49415
CVE-2025-49415 is a complex Android media decoder issue in the Dolby Unified Decoder (UDC) used in devices like Google Pixel 9. The bug arises from EMDF parsing in the skip buffer, enabling a buffer overrun on the evo heap and a leak via the emdf_container_length mechanism. The evo heap is a sing...
CVE-2025-49447
CVE-2025-49447 affects FW Food Menu (WordPress plugin) versions up to and including 6.0.0. The issue is described as an Unrestricted Upload of File with Dangerous Type, enabling the use of malicious files via an unauthenticated arbitrary file upload path. The CVSS 3.1 vector indicates network att...
CVE-2025-49447 WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...
CVE-2025-49268
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through = 4.9.4...
CVE-2025-49268 WordPress Verge3D plugin <= 4.9.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through = 4.9.4...
CVE-2025-49268
CVE-2025-49268 is a missing-authorization (broken access control) vulnerability in Verge3D by Soft8Soft. Affected software: Verge3D Publishing and E‑Commerce, versions up to and including 4.9.4 (historical range listed as from n/a through 4.9.4). Public references indicate unauthorized access con...
WordPress WP Plugin Info Card plugin <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via containerid Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Plugin Info Card versions = 5.3.1...
CVE-2025-48241
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.9.3...
CVE-2025-48241
CVE-2025-48241 corresponds to a Reflected XSS in Verge3D for WordPress (Verge3D
CVE-2025-48241 WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.9.3...
CVE-2025-22815
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...