8.2
CVE-2025-34468 - libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially β¦
0.0
CVE-2025-66149 - WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3.
0.0
CVE-2025-66150 - WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1.
0.0
CVE-2025-66151 - WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.4.
0.0
CVE-2025-66152 - WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Criptopayer for Elementor criptopayer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through <= 1.0.1.
5.3
CVE-2025-15393 - Kohana KodiCMS Layout API Endpoint file.php save code injection
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be initiβ¦
0.0
CVE-2025-66153 - WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4.
5.3
CVE-2025-15392 - Kohana KodiCMS Search API Endpoint page.php like sql injection
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the β¦
5.3
CVE-2025-15391 - D-Link DIR-806A SSDP Request ssdpcgi_main command injection
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vβ¦
0.0
CVE-2025-49355 - WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press ilogic-accessibility allows Stored XSS.This issue affects Accessibility Press: from n/a through <= 1.0.2.