5.3
CVE-2025-62604 - MeterSphere logic flaw allows retrieval of arbitrary user information
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.
7.9
CVE-2025-62526 - OpenWrt ubusd vulnerable to heap buffer overflow
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The afโฆ
7.9
CVE-2025-62525 - OpenWrt vulnerable to local privilage escalation
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx20โฆ
6.3
CVE-2025-11965 - io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').
2.3
CVE-2025-11966 - io.vertx/vertx-web: Eclipse Vert.x cross site scripting
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served paโฆ
4.3
CVE-2025-62073 - WordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.
4.3
CVE-2025-62072 - WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.
4.3
CVE-2025-62071 - WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vuโฆ
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.
4.3
CVE-2025-62070 - WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.
6.5
CVE-2025-62069 - WordPress MDTF plugin <= 1.3.3.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through <= 1.3.3.8.