6.1
CVE-2025-2806 - tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the โdataโ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers โฆ
6.4
CVE-2025-3468 - NEX-Forms โ Ultimate Form Builder โ Contact forms and much more <= 8.9.1 - Authenticated (Custom) Sโฆ
The NEX-Forms โ Ultimate Form Builder โ Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it pโฆ
6.4
CVE-2025-3862 - Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parametโฆ
Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โidโ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboโฆ
6.3
CVE-2025-4208 - NEX-Forms โ Ultimate Form Builder โ Contact forms and much more <= 8.9.1 - Authenticated (Custom) Lโฆ
The NEX-Forms โ Ultimate Form Builder โ Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes โฆ
8.7
CVE-2025-3759 - Missing Authentication for Changing Device Configuration in WF2220
Endpointย /cgi-bin-igd/netcore_set.cgiย which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but diโฆ
8.7
CVE-2025-3758 - Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpointย /cgi-bin-igd/netcore_get.cgiย that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.
8.2
CVE-2025-41450 - Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
7.3
CVE-2025-1254 - Potential out-of-bounds read and write in Recording Service while using file rollover
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23.
6.9
CVE-2025-1253 - Potential stack buffer write overflow in license-managed Core Libraries when setting RTI_LICENSE_FIโฆ
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.
6.9
CVE-2025-1252 - Potential buffer write overflow in Connext applications while parsing malicious license file
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.