6.6
CVE-2025-27039 - Detection of Error Condition Without Action in Computer Vision
Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.
6.9
CVE-2025-11529 - ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit haβ¦
8.7
CVE-2025-11528 - Tenda AC7 saveAutoQos stack-based overflow
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
8.7
CVE-2025-11527 - Tenda AC7 fast_setting_pppoe_set stack-based overflow
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publiclβ¦
8.7
CVE-2025-11526 - Tenda AC7 WifiMacFilterSet stack-based overflow
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public andβ¦
7.2
CVE-2025-10496 - Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
9.8
CVE-2025-10586 - Community Events <= 1.5.1 - Unauthenticated SQL Injection
The Community Events plugin for WordPress is vulnerable to SQL Injection via the βevent_venueβ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for β¦
5.4
CVE-2025-11166 - WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Updaβ¦
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having destrβ¦
8.7
CVE-2025-11525 - Tenda AC7 SetUpnpCfg stack-based overflow
A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
8.7
CVE-2025-11524 - Tenda AC7 SetDDNSCfg stack-based overflow
A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.