6.5
CVE-2025-26734 - WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10.
6.5
CVE-2025-26736 - WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2.
6.5
CVE-2025-26737 - WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5.
6.5
CVE-2025-26738 - WordPress Quick Interest Slider plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3.
5.3
CVE-2025-26619 - Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be sβ¦
0.0
CVE-2025-21870 - ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which β¦
0.0
CVE-2025-21869 - powerpc/code-patching: Disable KASAN report during patching via temporary mm
In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ==========================================================β¦
0.0
CVE-2025-21868 - net: allow small head cache usage with large MAX_SKB_FRAGS values
In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0 Modules linked in: CPU: 0β¦
7.8
CVE-2025-21867 - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb's data that didn't contain an Ethernet β¦
4.8
CVE-2025-2849 - UPX p_lx_elf.cpp un_DT_INIT heap-based overflow
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disβ¦