6.4
CVE-2025-4594 - Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo…
0.0
CVE-2025-5100 - KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
0.0
CVE-2025-5098 - KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.
0.0
CVE-2025-5099 - KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
4.7
CVE-2025-2394 -
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
