7.5
CVE-2025-1029 - Hardcoded Credentials in Utarit Informatics' SoliClub
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.
6.1
CVE-2025-9787 - Stored XSS
Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.
2.3
CVE-2025-65000 - Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
7.2
CVE-2025-40898 - Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths,β¦
5.3
CVE-2025-40893 - HTML injection in Asset List in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the Aβ¦
7.1
CVE-2025-40892 - Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a maβ¦
2.3
CVE-2025-40891 - HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across twoβ¦
4.3
CVE-2025-13110 - HUSKY β Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecβ¦
The HUSKY β Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possible for authenticatβ¦
7.5
CVE-2025-14437 - Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials.
4.3
CVE-2025-14618 - Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gβ¦
The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackerβ¦