6.9
CVE-2025-15256 - Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is β¦
0.0
CVE-2025-62128 - WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in SiteLock SiteLock Security β WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security β WP Hardening, Login Security & Malware Scans: from n/a through <= β¦
0.0
CVE-2025-62112 - WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vuβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings easy-property-listings-xml-csv-import allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through <= 2.2.1.
0.0
CVE-2025-66094 - WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dmccan Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through <= 3.5.
5.3
CVE-2025-68618 - Magick's failure to limit the depth of SVG file reads caused a DoS attack.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
0.0
CVE-2025-62746 - WordPress Featured Video for WordPress β VideographyWP plugin <= 1.0.18 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress – VideographyWP videographywp allows Stored XSS.This issue affects Featured Video for WordPress – VideographyWP: from n/a through <= 1.0.18.
1.3
CVE-2025-67746 - Composer vulnerable to ANSI sequence injection
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potenβ¦
0.0
CVE-2025-66080 - WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Controβ¦
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
6.3
CVE-2025-64528 - Users are able to find users by name even when `enable_names` is off
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.
0.0
CVE-2025-63027 - WordPress WBC907 Core plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcreations907 WBC907 Core wbc907-core allows Stored XSS.This issue affects WBC907 Core: from n/a through <= 3.4.1.