4.3
CVE-2025-62883 - WordPress Premmerce User Roles plugin <= 1.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
4.3
CVE-2025-62882 - WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
4.3
CVE-2025-62881 - WordPress WP-Lister Lite for eBay plugin <= 3.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3.
5.3
CVE-2025-12202 - ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been releasβ¦
5.1
CVE-2025-12201 - ajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted upload
A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. Itβ¦
4.8
CVE-2025-12200 - dnsmasq Config File option.c parse_dhcp_opt null pointer dereference
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intβ¦
4.8
CVE-2025-12199 - dnsmasq Config File network.c check_servers null pointer dereference
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intβ¦
8.5
CVE-2025-12198 - dnsmasq Config File util.c parse_hex heap-based overflow
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intβ¦
2.7
CVE-2025-6601 - Business Logic Errors in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.
7.5
CVE-2025-10497 - Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.