6.6
CVE-2025-59432 - Timing Attack Vulnerability in SCRAM Authentication
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equalβ¦
5.3
CVE-2025-59433 - @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which allows extra parameteβ¦
6.9
CVE-2025-10811 - code-projects Hostel Management System index.php sql injection
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publβ¦
7.8
CVE-2025-8892 - PRT File Parsing Memory Corruption Vulnerability
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
8.2
CVE-2025-59430 - Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically indistingβ¦
6.9
CVE-2025-9960 - is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.
6.9
CVE-2025-10810 - Campcodes Online Learning Management System edit_user.php sql injection
A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit iβ¦
7.1
CVE-2025-58956 - WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.
4.3
CVE-2025-58957 - WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.2.20.
5.9
CVE-2025-58960 - WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through <= 2.4.3.