1.3
CVE-2025-67746 - Composer vulnerable to ANSI sequence injection
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potenβ¦
5.3
CVE-2025-66080 - WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Controβ¦
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
6.3
CVE-2025-64528 - Users are able to find users by name even when `enable_names` is off
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.
6.5
CVE-2025-63027 - WordPress WBC907 Core plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcreations907 WBC907 Core wbc907-core allows Stored XSS.This issue affects WBC907 Core: from n/a through <= 3.4.1.
9.3
CVE-2025-15255 - Tenda W6-S R7websSsecurityHandler httpd stack-based overflow
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bβ¦
6.5
CVE-2025-64190 - WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.6.
5.3
CVE-2025-15254 - Tenda W6-S ATE Service ate TendaAte os command injection
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
8.7
CVE-2025-15253 - Tenda M3 exeCommand stack-based overflow
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public aβ¦
8.7
CVE-2025-15252 - Tenda M3 setDhcpAP formSetRemoteDhcpForAp stack-based overflow
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The explβ¦
6.3
CVE-2025-15251 - beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity β¦