5.3
CVE-2025-13472 - Missing authorization in BlazeMeter Jenkins Plugin
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.
6.2
CVE-2025-29864 -
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
5.5
CVE-2025-13946 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
5.5
CVE-2025-13945 - Improperly Controlled Sequential Memory Allocation in Wireshark
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
8.8
CVE-2025-12744 - Abrt: command-injection in abrt leading to local privilege escalation
A flaw was found in the ABRT daemonโs handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell meโฆ
9.8
CVE-2025-13486 - Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepaโฆ
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unaโฆ
2.7
CVE-2025-12954 - Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.
5.3
CVE-2025-10304 - Everest Backup โ WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Autโฆ
The Everest Backup โ WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticateโฆ
5.3
CVE-2025-12585 - MxChat โ AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure
The MxChat โ AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversโฆ
4.9
CVE-2025-13495 - FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'grouโฆ
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for aโฆ