0.0
CVE-2025-66536 -
Not used
0.0
CVE-2025-66538 -
Not used
4.8
CVE-2025-12826 - Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+β¦
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui_process_post_type" function. This makes it possible for aβ¦
4.3
CVE-2025-12782 - Beaver Builder β WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contribuβ¦
The Beaver Builder β WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This makes it possible for authenticated attackers, β¦
6.1
CVE-2025-13513 - Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitraryβ¦
7.2
CVE-2025-11727 - Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3β¦
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration β Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This maβ¦
5.3
CVE-2025-11379 - WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attβ¦
5.5
CVE-2025-40245 - nios2: ensure that memblock.current_limit is set when setting pfn limits
In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.current_limit is set when setting pfn limits On nios2, with CONFIG_FLATMEM set, the kernel relies on memblock_get_current_limit() to determine the limits of mem_map, in particular for max_low_pfn. Unfoβ¦
9.8
CVE-2025-54304 -
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127β¦
5.5
CVE-2025-40223 - most: usb: Fix use-after-free in hdm_disconnect
In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the last reference, the β¦