CVE-2025-2876

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-30373 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.8)

org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.16 Source cves: CVE-2025-30373 Source advisory: OSV:GHSA-Q7G5-JQ6P-6WVX...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-30373 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.8)

org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.16 Source cves: CVE-2025-30373 Source advisory: SNYK:JAVA-ORGGRAYLOG2-9668945...

acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1), aind-airflow-jobs (>=0.2.1 <=0.2.6) +22 more potentially affected by CVE-2025-30473 via apache-airflow-providers-common-sql (>=1.0.0 <=1.20.0)

apache-airflow-providers-common-sql PYPI version =1.0.0, =0.10.5.2rc3, =0.2.1, =0.11.0, =0.2.0, =0.0.1, =0.0.1, =0.3.1, =0.0.4, =0.0.1a0, =2.6.0, =1.0.0rc1, =0.0.36, =1.0.0rc1, =1.0.0, =2.5.1rc1 and more Source cves: CVE-2025-30473 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSCOMMONSQL-9667...

Fedora 40 : containernetworking-plugins (2025-f87fe38331)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f87fe38331 advisory. Resolve FTBFS and rhbz2351926 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Fedora: Security Advisory (FEDORA-2025-f87fe38331)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32152

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Essential Plugin Slider a SlidersPack sliderspack-all-in-one-image-sliders allows PHP Local File Inclusion.This issue affects Slider a SlidersPack: from n/a through = 2.3...

CVE-2025-32152

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Essential Plugin Slider a SlidersPack sliderspack-all-in-one-image-sliders allows PHP Local File Inclusion.This issue affects Slider a SlidersPack: from n/a through = 2.3...

CVE-2025-32269

Technical details about CVE-2025-32269 are not publicly provided in the supplied documents; the connected sources do not reveal affected versions, exploit information, or fixes. Monitor for official updates.

CVE-2025-32269 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.3...

CVE-2025-32197 WordPress Piotnet Addons For Elementor plugin <= 2.4.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through = 2.4.36...

CVE-2025-31824

Server-Side Request Forgery SSRF vulnerability in Wombat Plugins WP Optin Wheel wp-optin-wheel allows Server Side Request Forgery.This issue affects WP Optin Wheel: from n/a through = 1.4.7...

CVE-2025-31897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1819 more potentially affected by CVE-2025-31721 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2025-31721 Source advisory: OSV:GHSA-WR6W-JXG7-QPFH...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +497 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-31720https://vulners.com/cve/CVE-2025-3...

CVE-2024-13637

CVE-2024-13637 pertains to the Demo Awesome WordPress plugin. The vulnerability is in the install_plugin function, where a missing capability check allows an authenticated user with Subscriber-level access and above to install and activate arbitrary plugins. Affected versions are up to and includ...

CVE-2024-13637 Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation

The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

Official Tauri Plugins 输入验证错误漏洞

Official Tauri Plugins is an official Tauri plugin from Tauri Open Source. An input validation error vulnerability exists in versions of Official Tauri Plugins prior to 2.2.1, which stems from improper protocol validation and could lead to remote code execution...

CVE-2025-31824

Server-Side Request Forgery SSRF vulnerability in Wombat Plugins WP Optin Wheel wp-optin-wheel allows Server Side Request Forgery.This issue affects WP Optin Wheel: from n/a through = 1.4.7...