9.3
CVE-2025-14307 - Insecure Temporary File Creation in Robocode's AutoExtract Component
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. Thβ¦
10
CVE-2025-14306 - Directory Traversal in Robocode's CacheCleaner Component
A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submiβ¦
8.6
CVE-2025-13428 - RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containiβ¦
7.1
CVE-2025-13071 - Custom Admin Menu <= 1.0.0 - Reflected XSS
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.6
CVE-2025-13070 - CSV to SortTable <= 4.2 - Contributor+ LFI
The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks.
5.9
CVE-2025-13031 - WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
5.1
CVE-2025-14284 - tiptap/extension-link: tiptap/extension-link: Cross-site Scripting (XSS) via unsanitized user inputβ¦
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload inβ¦
7.2
CVE-2025-13604 - Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Siteβ¦
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers β¦
5.5
CVE-2025-67487 - Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping β¦
9.1
CVE-2025-67504 - WBCE CMS has Weak Random Number Generator in Password Generation Function
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilβ¦