8.6
CVE-2025-14884 - D-Link DIR-605 Firmware Update Service command injection
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulneraβ¦
9.3
CVE-2025-14879 - Tenda WH450 HTTP Request onSSIDChange stack-based overflow
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploiβ¦
5.4
CVE-2025-62960 - WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through <= 1.6.7.
5.4
CVE-2025-62961 - WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
5
CVE-2025-62998 - WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
5.3
CVE-2025-63002 - WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through <= 2.30.0.
5.3
CVE-2025-63043 - WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDORβ¦
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
6.5
CVE-2025-64235 - WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6.
9.8
CVE-2025-64236 - WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
8.7
CVE-2025-14896 -
due to insufficient sanitazation in Vegaβs `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensβ¦