5
CVE-2025-5101 - Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambโฆ
6.9
CVE-2025-58050 - PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined wiโฆ
7.2
CVE-2025-58218 - WordPress Small Package Quotes โ USPS Edition Plugin <= 1.3.9 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes โ USPS Edition allows Object Injection. This issue affects Small Package Quotes โ USPS Edition: from n/a through 1.3.9.
7.1
CVE-2025-58217 - WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.
5.9
CVE-2025-58216 - WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6.
6.5
CVE-2025-58213 - WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14.
6.5
CVE-2025-58212 - WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1.
6.5
CVE-2025-58211 - WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.
6.5
CVE-2025-58209 - WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0.
6.5
CVE-2025-58208 - WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scrโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder allows Stored XSS. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 6.2.0.