5.1
CVE-2025-11939 - ChurchCRM Backup Restore RestoreJob.php path traversal
A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing a manipulation of the argument restoreFile can lead to path traversal. The attack may be launched rβ¦
6.3
CVE-2025-11938 - ChurchCRM setup.php deserialization
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as β¦
5.3
CVE-2025-62672 -
rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data with no authentication.
8.8
CVE-2025-47410 - Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can β¦
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This β¦
4.4
CVE-2025-11926 - Related Posts Lite <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissionsβ¦
8.8
CVE-2025-9890 - Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution
The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated attackers to achieve remote code execution vβ¦
8.5
CVE-2025-5555 - Nixdorf Wincor PORT IO Driver IOCTL wnport.sys sub_11100 stack-based overflow
A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has beenβ¦
5.3
CVE-2025-10750 - PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure
The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the mo_epbr_admin_observer() function hookβ¦
5.3
CVE-2025-11256 - Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Convβ¦
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.
7.5
CVE-2025-11691 - PPOM β Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection
The PPOM β Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation oβ¦