8.8
CVE-2025-13641 - Photo Gallery, Sliders, Proofing and Themes β NextGEN Gallery <= 3.59.12 - Authenticated (Contributβ¦
The Photo Gallery, Sliders, Proofing and Themes β NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided. Tβ¦
6.3
CVE-2025-64997 - Insufficient permission validation when showing agent information
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
5.3
CVE-2025-14874 - Nodemailer: nodemailer: denial of service via crafted email address header
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
5.3
CVE-2025-14318 - Improper access validation in M-Files Server
Improper access checks in M-Files Server before 25.12 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
0.0
CVE-2025-67546 - WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
0.0
CVE-2025-66119 - WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
0.0
CVE-2025-66118 - WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
0.0
CVE-2025-66117 - WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
0.0
CVE-2025-66116 - WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerabiliβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
0.0
CVE-2025-66104 - WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulβ¦
Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.