CVE-2025-31674 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +2710 more potentially affected by CVE-2025-31125 via vite (>=0.14.4 <=4.5.1)

vite NPM version =0.14.4, =0.0.1, =1.0.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.3, =1.0.1, =1.0.12, =0.0.4, =1.0.1, =1.0.7 and more Source cves: CVE-2025-31125 Source advisory: OSV:GHSA-4R4M-QW57-CHR8...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25158 more potentially affected by CVE-2025-3000 via torch (>=1.0.0 <=2.5.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-3000 Source advisory: OSV:PYSEC-2025-194...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25158 more potentially affected by CVE-2025-2999 via torch (>=1.0.0 <=2.5.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-2999 Source advisory: OSV:PYSEC-2025-193...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25158 more potentially affected by CVE-2025-2998 via torch (>=1.0.0 <=2.5.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-2998 Source advisory: OSV:PYSEC-2025-192...

CVE-2025-31438

Cross-Site Request Forgery CSRF vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through = 3.1.6...

CVE-2025-31094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.8...

CVE-2025-31096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.1.25...

CVE-2025-30779

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Doneren met Mollie doneren-met-mollie allows Stored XSS.This issue affects Doneren met Mollie: from n/a through = 2.10.7...

CVE-2025-30783

Cross-Site Request Forgery CSRF vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL Injection.This issue affects WP Google Review Slider: from n/a through = 16.0...

CVE-2024-12619 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...

CVE-2025-30890

CVE-2025-30890 is a PHP Local File Inclusion flaw in the WordPress plugin “Login Widget for Ultimate Member,” caused by improper filename handling in include/require paths. Affected: Login Widget for Ultimate Member (versions up to 1.1.2). Impact (as per CVSS metrics): attacker can read/modify/ex...

CVE-2025-30823

CVE-2025-30823 describes a Cross-Site Request Forgery (CSRF) vulnerability in Anthologize, affecting versions from unspecified n/a up to 0.8.2. The description confirms a CSRF flaw but provides no root-cause details beyond the generic CSRF label and does not supply exploit conditions, affected en...

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

CVE-2025-30540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in avaibook AvaiBook avaibook allows Stored XSS.This issue affects AvaiBook: from n/a through = 1.2...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.0.0-alpha.4 through 11.5.0, which stems from the search parameter that can lead to unauthorized...

PT-2025-12984 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.4.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. When a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +132 more potentially affected by CVE-2025-2559 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.1.4)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-2559 Source advisory:...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Next.js 13.0.x < 13.5.9 Authorization Bypass

The version of Next.js installed on the remote host is 11.1.4 prior to 12.3.5, 13.0.x prior to 13.5.9, 14.x prior to 14.2.25 or 15.x prior to 15.2.3. It is, therefore, affected by Authorization Bypass if the authorization check occurs in middleware. Note that the scanner has not attempted to...