9.3

CVSS4.0

CVE-2025-41019 - SQL injection vulnerability in Sergestec's Exito

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.

πŸ“… Published: Oct. 16, 2025, 7:56 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-55091 - Potential out of bound read in _nx_ip_packet_receive()

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.

πŸ“… Published: Oct. 16, 2025, 7:56 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 5:09 p.m.

9.3

CVSS4.0

CVE-2025-41018 - SQL injection vulnerability in Sergestec's Exito

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.

πŸ“… Published: Oct. 16, 2025, 7:56 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:12 p.m.

7.5

CVSS3.1

CVE-2025-62585 -

Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.

πŸ“… Published: Oct. 16, 2025, 6:52 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:13 p.m.

7.5

CVSS3.1

CVE-2025-62584 -

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.

πŸ“… Published: Oct. 16, 2025, 6:52 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:24 p.m.

9.8

CVSS3.1

CVE-2025-62583 -

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.

πŸ“… Published: Oct. 16, 2025, 6:52 a.m. πŸ”„ Last Modified: Oct. 21, 2025, 1:26 p.m.

5.3

CVSS3.1

CVE-2025-10849 - Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Ac…

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate …

πŸ“… Published: Oct. 16, 2025, 6:47 a.m. πŸ”„ Last Modified: April 22, 2026, 12:45 a.m.

9.8

CVSS3.1

CVE-2025-10850 - Felan Framework <= 1.1.4 - Hardcoded Credentials

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' function. This makes it possible for unauthenticate…

πŸ“… Published: Oct. 16, 2025, 6:47 a.m. πŸ”„ Last Modified: April 21, 2026, 7 p.m.

9.8

CVSS3.1

CVE-2025-10742 - Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauth…

πŸ“… Published: Oct. 16, 2025, 6:47 a.m. πŸ”„ Last Modified: April 21, 2026, 2:30 a.m.

8.8

CVSS3.1

CVE-2025-10706 - Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin In…

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and…

πŸ“… Published: Oct. 16, 2025, 6:47 a.m. πŸ”„ Last Modified: April 22, 2026, 10:15 p.m.
Total resulsts: 349182
Page 3395 of 34,919
Β« previous page Β» next page
Filters