9.9
CVE-2025-30996 - Arbitrary File Upload Vulnerability in WordPress themes by Themify
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This β¦
8.4
CVE-2025-13744 - Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub β¦
An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. An attacker would requiβ¦
7.1
CVE-2025-30631 - Reflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress plugins
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows Reflected XSS.This issue affects Woocommerce Sales Funnel Buildβ¦
8.8
CVE-2025-29004 - Privilege Escalation Vulnerability in AA-Team WordPress plugins
Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a througβ¦
5.5
CVE-2026-21492 - iccDEV ToneMap Writer has NULL Pointer Member Call
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV libraβ¦
5.3
CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can β¦
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
6.1
CVE-2026-21491 - iccDEV has unicode buffer overflow in CIccTagTextDescription
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦
6.1
CVE-2026-21490 - iccDEV has heap buffer overflow in CIccTagLut16::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦
5.3
CVE-2026-0641 - TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been discβ¦
6.1
CVE-2026-21494 - iccDEV has heap buffer overflow in CIccTagLut8::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦