CVE-2025-64122

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

Apache VCL SQL Injection Vulnerability

Apache VCL is a set of open source cloud computing platform of the American Apache Apache Foundation. An SQL injection vulnerability exists in Apache VCL versions 2.2 to 2.5.1, which stems from improper neutralization of special elements in SQL commands, and can be exploited by an attacker to cau...

WordPress WP Hide & Security Enhancer plugin <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Contents Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Hide Security Enhancer versions = 2.5.1...