CVE-2025-32118

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

CVE-2025-32203

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in manu225 Falling things falling-things allows SQL Injection.This issue affects Falling things: from n/a through = 1.08...

CVE-2025-32165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through = 2.5.1...

CVE-2025-32127

CVE-2025-32127 concerns an SQL Injection in onOffice for WP-Websites (WordPress plugin) where improper neutralization of special elements in SQL commands is reported. Affected version range is onOffice for WP-Websites: from n/a through 5.7. The provided material cites a base score of 7.6 (HIGH) w...

CVE-2025-3087

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts...

WordPress plugin Booster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call

Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...

CVE-2025-31815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through = 1.2.5...

Element X iOS 信息泄露漏洞

Element X iOS is an Element open source next-generation Matrix client for iOS built on SwiftUI for Matrix rust-sdk. An information disclosure vulnerability exists in Element X iOS versions 1.6.13 through 25.03.7, which originates in the element.json file and could lead to the disclosure of media...

Open Solutions For Education openSIS 安全漏洞

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS versions v8.0 through v9.1 that stems from a directory traversal issue...

CVE-2025-31697

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Formatter Suite allows Cross-Site Scripting XSS.This issue affects Formatter Suite: from 0.0.0 before 2.1.0...

CVE-2025-31549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Agency Dominion Inc. Fusion fusion allows DOM-Based XSS.This issue affects Fusion: from n/a through = 1.6.4...

CVE-2025-31614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hiroprot Terms Before Download terms-before-download allows Stored XSS.This issue affects Terms Before Download: from n/a through = 1.0.5...

CVE-2025-31762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andreyazimov Sheet2Site sheet2site allows Stored XSS.This issue affects Sheet2Site: from n/a through = 1.0.18...

CVE-2025-31883

Technical details for CVE-2025-31883 are not provided in the connected documents; the available info mentions a Stored XSS in WebinarPress/WP-WebinarSystem (WordPress plugin) but gives no specifics on affected versions, vectors, impact, or remediation.

CVE-2025-31871

CVE-2025-31871 corresponds to an Open Redirect vulnerability in the WordPress plugin WP Clone any post type (

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +194 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.63.7)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.62.9 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-9667338...

Drupal AI Vulnerable to OS Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Drupal AI Artificial Intelligence allows OS Command Injection. This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.5...

Drupal Core Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2025-31685

CVE-2025-31685 affects Drupal Open Social. A Missing Authorization vulnerability allows Forceful Browsing across Open Social versions affected: 0.0.0–12.3.10 and 12.4.0–12.4.9. Root cause is lack of proper access control, enabling unauthenticated access to otherwise restricted resources. Reported...