CVE-2025-22375 Authentication Bypass in CyberAudit-Web

An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instanc...

WordPress Rankology SEO – On-site SEO plugin <= 2.2.4 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by LVT-tholv2k in WordPress Plugin Rankology SEO – On-site SEO versions = 2.2.4...

WordPress DN Shipping by Weight for WooCommerce Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin DN Shipping by Weight for WooCommerce versions = 1.2...

WordPress Crowdfunding for WooCommerce Plugin <= 3.1.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Crowdfunding for WooCommerce versions = 3.1.12...

WordPress EmpikPlace for Woocommerce Plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin EmpikPlace for Woocommerce versions = 1.4.3...

WordPress IndieBlocks plugin <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin IndieBlocks versions = 0.13.1...

CVE-2025-21785 affecting package kernel for versions less than 6.6.79.1-1

CVE-2025-21785 affecting package kernel for versions less than 6.6.79.1-1. A patched version of the package is available...

WordPress Oxygen MyData for WooCommerce plugin <= 1.0.64 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by LVT-tholv2k in WordPress Plugin Oxygen MyData for WooCommerce versions = 1.0.64...

CVE-2025-20664

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-27...

PT-2025-15794 · Unknown · Agence Web Eoxia - Montpellier Wp Shop

Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting...

CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

CVE-2025-30151 Shopware allows Denial Of Service via password length

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...

PT-2025-15322 · Unknown · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5.6.3.154.205 20250114 Description: A critical issue has been found, affecting some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the ID argument leads to SQL injection. The attack can b...

WordPress Team Circle Image Slider With Lightbox plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Team Circle Image Slider With Lightbox versions = 1.0.4...

CVE-2025-31475

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...

CVE-2025-20659

The CVE-2025-20659 entry concerns a vulnerability in Modem where improper input validation can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and has an adjacent attack vector with no privileges require...

CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

CVE-2025-3160

A flaw has been found in the Open Asset Import Library assimp. In affected versions, a maliciously crafted file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior...

SUSE CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Sequential Order Numbers for WooCommerce versions = 3.6.2...