0.0
CVE-2025-12068 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
0.0
CVE-2023-53701 - netfilter: nf_tables: deactivate anonymous set from preparation phase
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: deactivate anonymous set from preparation phase [ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ] Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform anβ¦
5.4
CVE-2025-11844 - XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizaβ¦
5.3
CVE-2025-11750 - User Enumeration via Distinct Error Messages in langgenius/dify-web
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system responβ¦
5.7
CVE-2025-11411 - Possible domain hijacking via promiscuous records in the authority section
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are useβ¦
8.1
CVE-2025-11086 - Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon
The Academy LMS β WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Thisβ¦
4.3
CVE-2025-6833 - All in One Time Clock Lite β Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct β¦
The All in One Time Clock Lite β Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing validation on a user controlled key. This makes β¦
6.9
CVE-2025-11915 - HTTP Desynchronisation in Vertex AI for certain third-party models
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.
6.4
CVE-2025-11825 - Playerzbr <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field
The Playerzbr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'urlmeta' post meta field in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access aβ¦
4.9
CVE-2025-10047 - Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection
The Email Tracker β Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and laβ¦