CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS7.7AI score0.00031EPSS

CVE-2025-61837

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7AI score0.00031EPSS

CVE-2025-61839

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

5.5CVSS6.3AI score0.00034EPSS

CVE-2025-61842

Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS7.7AI score0.00031EPSS

CVE-2025-61838

5.5CVSS6AI score0.00025EPSS

CVE-2025-61844

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

RedhatCVE•added 2025/11/12 8:1 p.m.•4 views

CVE-2025-61840

5.5CVSS6AI score0.00025EPSS

5.5CVSS6.4AI score0.00025EPSS

CVE-2025-61841

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a...

OSV•added 2025/11/12 5:15 a.m.•3 views

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

4.3CVSS5.6AI score

Exploits0References4

OSSF Malicious Packages•added 2025/11/12 4:29 a.m.•2 views

Malicious code in webdriverio-terser-webpack-plugin-optimize-css-assets-webpack-plugin-rimraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 691578a3e3f39189b4005a3515a70fa7106475aa007895da92a8cc0a0ccba662 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

CNNVD•added 2025/11/12 12:0 a.m.•1 views

WordPress plugin Payment Plugins Braintree For WooCommerce 安全漏洞

WordPress Payments Braintree For WooCommerce plugin is a payment plugin designed specifically for WordPress websites, which supports payments done through both PayPal and credit cards. The WordPress Payments Braintree For WooCommerce plugin suffers from an authorization bypass vulnerability that...

7.5CVSS6.4AI score0.00523EPSS

Exploits0References7

5.5CVSS5.5AI score0.00025EPSS

EUVD-2025-93383

5.5CVSS5.9AI score0.00025EPSS

EUVD-2025-93387

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a...

5.5CVSS5.5AI score0.00025EPSS

EUVD-2025-93384

7.8CVSS7.2AI score0.00031EPSS

EUVD-2025-93386