1.3
CVE-2025-13751 - OpenVPN: OpenVPN: Local denial of service vulnerability in interactive service agent
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
7.7
CVE-2025-7044 - Privilege Escalation in MAAS via Websocket Request Manipulation
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-β¦
10
CVE-2025-55182 - next: From CVEorg collector
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloβ¦
0.0
CVE-2025-13965 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference CVE-2025-12500 instead of this candidate. All references and descriptions in this candidate have been removed to prevβ¦
5.3
CVE-2025-13949 - ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload
A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and miβ¦
6.3
CVE-2025-13948 - opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Theβ¦
6.5
CVE-2025-13359 - Tag, Category, and Taxonomy Manager β AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contribuβ¦
The Tag, Category, and Taxonomy Manager β AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of suffiβ¦
4.3
CVE-2025-13756 - Fluent Booking β The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= β¦
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access and β¦
6.4
CVE-2025-13401 - Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create_img_preload_tag" function. β¦
10
CVE-2025-13390 - WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak tokeβ¦