6.5
CVE-2025-39362 - WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDORβ¦
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.
8.8
CVE-2025-27025 - Improper File Access in Infinera G42
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as rooβ¦
6.5
CVE-2025-27024 - Improper File Access in Infinera G42
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials useβ¦
6.4
CVE-2025-2330 - All-in-One Addons for Elementor β WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Siβ¦
The All-in-One Addons for Elementor β WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it β¦
8.1
CVE-2025-4946 - Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activiβ¦
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access andβ¦
6.5
CVE-2025-27023 - Improper Input Validation in Infinera G42
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of β¦
7.5
CVE-2025-27022 - Path Traversal Vulnerability in Infinera G42
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the targetβ¦
7
CVE-2025-27021 - Operating System Misconfiguration in Infinera G42
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by β¦
0.0
CVE-2025-24335 - SOAP message input validation fault could in theory cause OAM service resource exhaustion
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, theβ¦
0.0
CVE-2025-24334 - The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management β¦
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.