8.7
CVE-2025-3758 - Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.
8.2
CVE-2025-41450 - Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
7.3
CVE-2025-1254 - Potential out-of-bounds read and write in Recording Service while using file rollover
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23.
6.9
CVE-2025-1253 - Potential stack buffer write overflow in license-managed Core Libraries when setting RTI_LICENSE_FI…
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.
6.9
CVE-2025-1252 - Potential buffer write overflow in Connext applications while parsing malicious license file
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.
7.1
CVE-2025-40846 - HaloITSM open redirect via the returnUrl
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to…
6.4
CVE-2025-4127 - WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting …
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contr…
0.0
CVE-2025-37817 - mcb: fix a double free bug in chameleon_parse_gdd()
In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes…
7.5
CVE-2025-3419 - Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitr…
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on…
7.3
CVE-2024-13793 - Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcod…
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortco…