8.2
CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
9.2
CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS
The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
4.9
CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36.
5.1
CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other usersβ API keys and personal data
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execβ¦
6.9
CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT
Kieback&Peter Neutrino-GLT product is used for building management. It's web componentΒ "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
9.8
CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery dzs-videogallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39.
7.1
CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro widgetkit-pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through <= 1.13.1.
0.0
CVE-2025-46434 - WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7.
6.4
CVE-2025-46256 - WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO advanced-database-cleaner-pro allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through <= 3.2.10.
9.3
CVE-2025-32303 - WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH church-management allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through <= 2.7.0.