4.8
CVE-2025-10999 - Open Babel cacaoformat.cpp SetHilderbrandt null pointer dereference
A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public and β¦
4.8
CVE-2025-10998 - Open Babel chemkinformat.cpp ReadReactionQualifierLines null pointer dereference
A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The expβ¦
4.8
CVE-2025-10997 - Open Babel chemkinformat.cpp CheckSpecies heap-based overflow
A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.
4.8
CVE-2025-10996 - Open Babel smilesformat.cpp ParseSmiles heap-based overflow
A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may β¦
4.8
CVE-2025-10995 - Open Babel zipstreamimpl.h underflow memory corruption
A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploiβ¦
4.8
CVE-2025-10994 - Open Babel gamessformat.cpp ReadMolecule use after free
A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and coβ¦
4.3
CVE-2025-10752 - OAuth Single Sign On β SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery
The OAuth Single Sign On β SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow. This makes it possibleβ¦
6.4
CVE-2025-8200 - Mega Elements β Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scriβ¦
The Mega Elements β Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibβ¦
6.4
CVE-2025-10178 - CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forβ¦
6.4
CVE-2025-8906 - Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aβ¦