4.3
CVE-2025-12900 - FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authe…
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible for…
6.4
CVE-2025-13610 - RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_For…
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output escap…
4.3
CVE-2025-14003 - Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Auth…
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `add_images_to_gallery_callback()` function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attacker…
6.4
CVE-2025-13367 - User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile,…
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to insufficien…
6.4
CVE-2025-13608 - CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages…
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'child_pages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes (use_custom_link, use_custom_link_tar…
9.1
CVE-2025-13888 - Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged …
4.3
CVE-2025-66388 - Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI
A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this …
6.4
CVE-2025-11670 - NTLM Hash Exposure Vulnerability
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
0.0
CVE-2025-14715 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.8
CVE-2025-37731 - Elasticsearch Improper Authentication
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.