WordPress ElementInvader Addons for Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.5...

WordPress Falang multilanguage plugin <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin Falang multilanguage versions = 1.3.61...

WordPress Bot for Telegram on WooCommerce plugin <= 1.2.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Bot for Telegram on WooCommerce versions = 1.2.6...

WordPress GDPR CCPA Compliance Support plugin <= 2.7.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Aiden in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.3...

WordPress EAN for WooCommerce plugin <= 5.4.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin EAN for WooCommerce versions = 5.4.6...

WordPress Z-Downloads plugin < 1.11.5 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.5...

WordPress Hustle plugin < 7.8.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Hustle versions 7.8.5...

WordPress Stylish Price List plugin < 7.1.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Stylish Price List versions 7.1.8...

WordPress kbucket plugin < 4.1.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin KBucket versions 4.1.6...

WordPress HD Quiz plugin < 2.0.0 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin HD Quiz versions 2.0.0...

📄 Honeywell MB-Secure Command Injection

Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...

PT-2025-21889 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical issue was found in the PHPGurukul Auto Taxi Stand Management System, affecting an unknown functionality of the file /admin/index.php. The manipulation of the...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-138-01)

The version of mozilla-firefox installed on the remote host is prior to 128.10.1esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-138-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

CVE-2025-47790

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

CVE-2025-47787

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation...

CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting XSS Vulnerability in the group name parameter of the http://localhost/poller/groups form. This vulnerability allows attackers to inject malicious scripts into web...

WordPress MB Custom Post Types & Custom Taxonomies plugin < 2.7.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin MB Custom Post Types & Custom Taxonomies versions 2.7.7...

WordPress Jetpack plugin < 13.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack versions 13.8...

CVE-2025-47783

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

WordPress User Activity Tracking and Log plugin < 4.1.4 - IP Spoofing vulnerability

IP Spoofing vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin User Activity Tracking and Log versions 4.1.4...