5.9
CVE-2025-62330 - HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive moβ¦
5.3
CVE-2025-12809 - dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieveβ¦
4.3
CVE-2025-13794 - Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnailβ¦
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with β¦
8.5
CVE-2025-14252 -
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.
6
CVE-2025-14777 - Keycloak: keycloak idor in realm client creating/deleting
A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer (client) ID provided in theβ¦
6.9
CVE-2025-66357 -
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
5.1
CVE-2025-59479 -
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
8.7
CVE-2025-61976 -
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
5.3
CVE-2025-13956 - LearnPress β WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statisβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statisticβ¦
5.3
CVE-2025-14749 - Ningyuanda TC155 ONVIF PTZ Control device_service access control
A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly aβ¦