5.3
CVE-2025-59949 - FreshRSS has Logout CSRF that Leads to DoS via <track src>
FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via <track src>. Version 1.27.1 patches the issue.
6.8
CVE-2025-14739 - Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND
Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allowsΒ local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the βrootβ user.This issue affects WR940N and WR941ND: β€ WR940N v5 3.20.1 Build 20031β¦
5.7
CVE-2025-14738 - Configuration Disclosure Vulnerability in TP-Link WA850RE
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: β€ WA850RE V2_160527, β€ WA850RE V3_160922.
7.1
CVE-2025-14737 - Command Injection Vulnerability in TP-Link WA850RE
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: β€ WA850RE V2_160527, β€ WA850RE V3_160922.
8.6
CVE-2025-14884 - D-Link DIR-605 Firmware Update Service command injection
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulneraβ¦
9.3
CVE-2025-14879 - Tenda WH450 HTTP Request onSSIDChange stack-based overflow
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploiβ¦
5.4
CVE-2025-62960 - WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7.
5.4
CVE-2025-62961 - WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9.
5
CVE-2025-62998 - WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.
5.3
CVE-2025-63002 - WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.