7.3

CVSS3.1

CVE-2025-66834 -

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.

πŸ“… Published: Dec. 30, 2025, midnight πŸ”„ Last Modified: Jan. 7, 2026, 3:39 p.m.

7.3

CVSS3.1

CVE-2025-66824 -

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attacker…

πŸ“… Published: Dec. 30, 2025, midnight πŸ”„ Last Modified: Jan. 7, 2026, 3:41 p.m.

7.5

CVSS3.1

CVE-2025-65411 -

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.

πŸ“… Published: Dec. 30, 2025, midnight πŸ”„ Last Modified: Jan. 9, 2026, 7:47 p.m.

7.1

CVSS3.1

CVE-2025-23554 - WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through <= 3.0.3.

πŸ“… Published: Dec. 29, 2025, 11:51 p.m. πŸ”„ Last Modified: April 23, 2026, 3:24 p.m.

7.1

CVSS3.1

CVE-2025-23550 - WordPress Product Puller plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller product-puller allows Reflected XSS.This issue affects Product Puller: from n/a through <= 1.5.1.

πŸ“… Published: Dec. 29, 2025, 11:50 p.m. πŸ”„ Last Modified: April 23, 2026, 3:24 p.m.

7.1

CVSS3.1

CVE-2025-23469 - WordPress Sleekplan plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sleekplan Sleekplan sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through <= 0.2.0.

πŸ“… Published: Dec. 29, 2025, 11:48 p.m. πŸ”„ Last Modified: April 23, 2026, 3:23 p.m.

5.4

CVSS3.1

CVE-2025-68120 - Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

πŸ“… Published: Dec. 29, 2025, 11:46 p.m. πŸ”„ Last Modified: Jan. 6, 2026, 4:17 p.m.

7.1

CVSS3.1

CVE-2025-23458 - WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite wp-ad-management allows Reflected XSS.This issue affects Ads24 Lite: from n/a through <= 1.0.

πŸ“… Published: Dec. 29, 2025, 11:32 p.m. πŸ”„ Last Modified: April 23, 2026, 3:23 p.m.

5.3

CVSS4.0

CVE-2025-15210 - code-projects Refugee Food Management System editrefugee.php sql injection

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The…

πŸ“… Published: Dec. 29, 2025, 11:32 p.m. πŸ”„ Last Modified: Jan. 5, 2026, 10:23 a.m.

7.5

CVSS3.1

CVE-2025-68036 - WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.

πŸ“… Published: Dec. 29, 2025, 11:26 p.m. πŸ”„ Last Modified: April 23, 2026, 3:35 p.m.
Total resulsts: 349182
Page 2379 of 34,919
Β« previous page Β» next page
Filters