7.1
CVE-2025-11560 - Team Members Showcase < 3.5.0 - Reflected XSS
The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins.
4.3
CVE-2025-12901 - Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the subscription settings β¦
4.3
CVE-2025-12833 - GeoDirectory β WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing β¦
The GeoDirectory β WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'post_attachment_upload' function due to missing validation on a user controlled key. This mβ¦
4.3
CVE-2025-12087 - Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authentβ¦
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlm_remove_added_wishlist_page' AJAX action due to missing validation on a user controlled key. This makes it possible for aβ¦
5.2
CVE-2025-54983 - Health check port on ZCC allows tunnel bypass
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
4
CVE-2025-43205 - Out-of-Bounds Access Enabling ASLR Bypass
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.
7.0
CVE-2025-40206 - netfilter: nft_objref: validate objref and objrefmap expressions
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8cβ¦
5.5
CVE-2025-40198 - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treatβ¦
7.0
CVE-2025-40139 - smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dev_dst_rcuβ¦
7.0
CVE-2025-40110 - drm/vmwgfx: Fix a null-ptr access in the cursor snooper
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) β¦