2.3

CVSS4.0

CVE-2025-12603 - /etc/timezone can be Arbitrarily Written

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Nov. 1, 2025, 6:56 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 6:40 p.m.

2.3

CVSS4.0

CVE-2025-12602 - /etc/avahi/services/z9.service can be Arbitrarily Written

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Nov. 1, 2025, 6:54 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 6:41 p.m.

10

CVSS4.0

CVE-2025-12601 - Denial of Service Due to SlowLoris

Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Nov. 1, 2025, 6:49 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3:09 p.m.

10

CVSS4.0

CVE-2025-12600 - Web UI Malfunction

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Nov. 1, 2025, 6:48 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 2:47 p.m.

10

CVSS4.0

CVE-2025-12599 - Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Nov. 1, 2025, 6:39 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 2:47 p.m.

8.8

CVSS3.1

CVE-2025-36367 - IBM i is affected by a privilege escalation in IBM i SQL services

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

πŸ“… Published: Nov. 1, 2025, 12:01 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

6.4

CVSS3.1

CVE-2025-6988 - Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers…

πŸ“… Published: Nov. 1, 2025, 7:30 a.m. πŸ”„ Last Modified: April 21, 2026, 2 a.m.

8.8

CVSS3.1

CVE-2025-6990 - Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution

The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated at…

πŸ“… Published: Nov. 1, 2025, 7:30 a.m. πŸ”„ Last Modified: April 21, 2026, 2 a.m.

4.9

CVSS3.1

CVE-2025-12137 - Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Ar…

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the 'attach_fi…

πŸ“… Published: Nov. 1, 2025, 6:40 a.m. πŸ”„ Last Modified: April 21, 2026, 6:45 p.m.

8.8

CVSS3.1

CVE-2025-12171 - RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary fil…

πŸ“… Published: Nov. 1, 2025, 6:40 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 346541
Page 2920 of 34,655
Β« previous page Β» next page
Filters