5.3
CVE-2025-11269 - Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
6.4
CVE-2025-11823 - ShopLentor β WooCommerce Builder for Elementor & Gutenberg +21 Modules β All in One Solution <= 3.2β¦
The ShopLentor β WooCommerce Builder for Elementor & Gutenberg +21 Modules β All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text' parameter in the 'wishsuite_button' shortcode in all versions up to, and including, 3.2.4 due to insufficienβ¦
5.3
CVE-2025-10579 - BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure
The BackWPup β WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriberβ¦
5.3
CVE-2025-11760 - eRoom β Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated β¦
The eRoom β Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view β¦
7
CVE-2025-34503 - Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update mechaniβ¦
7
CVE-2025-34502 - Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot.β¦
7
CVE-2025-34500 - Shuffle Master Deck Mate 2 Insecure Update Chain
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's Uβ¦
5.9
CVE-2025-12194 - bcprov-lts8on: bc-fips: Uncontrolled Resource Consumption vulnerability in Bouncy Castle
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated β¦
2.1
CVE-2025-62711 - Wasmtime vulnerable to segfault when using component resources
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a seβ¦
8.9
CVE-2025-4106 - WatchGuard Firebox leftover debug code vulnerability
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0 β¦