6.8
CVE-2025-62346 - HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint.
5.1
CVE-2025-64984 -
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.β¦
6.4
CVE-2025-5092 - Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cβ¦
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atβ¦
6.8
CVE-2025-12502 - Attention Bar <= 0.7.2.1 - Admin+ SQLi
The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks
5.3
CVE-2025-12778 - Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Informationβ¦
The Ultimate Member Widgets for Elementor β WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackerβ¦
6.9
CVE-2025-13451 - SourceCodester Online Shop Project action.php sql injection
A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might bβ¦
5.1
CVE-2025-13450 - SourceCodester Online Shop Project register.php cross site scripting
A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed andβ¦
6.9
CVE-2025-13449 - code-projects Online Shop Project login.php sql injection
A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
8.7
CVE-2025-13446 - Tenda AC21 SetSysTimeCfg stack-based overflow
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosedβ¦
8.7
CVE-2025-13445 - Tenda AC21 SetIpMacBind stack-based overflow
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.