4.9
CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36.
5.1
CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other usersβ API keys and personal data
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execβ¦
6.9
CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT
Kieback&Peter Neutrino-GLT product is used for building management. It's web componentΒ "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
9.8
CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
7.1
CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
0.0
CVE-2025-46434 - WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7.
6.4
CVE-2025-46256 - WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
9.3
CVE-2025-32303 - WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
3.2
CVE-2026-25211 - llamastack/llama-stack: Sensitive Information Exposure Through Log Files in Llama Stack PGVector Inβ¦
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
7.1
CVE-2025-32300 - WordPress DZS Video Gallery plugin <= 12.25 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.