9.8
CVE-2025-36896 -
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
7.5
CVE-2025-36895 -
Information disclosure
7.5
CVE-2025-36894 -
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
5.5
CVE-2025-36893 -
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
7.5
CVE-2025-36892 -
Denial of service
8.8
CVE-2025-36891 -
Elevation of privilege
9.8
CVE-2025-36890 -
Elevation of Privilege
7.2
CVE-2025-9519 - Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and aboveβ¦
7.2
CVE-2025-9517 - atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with Administrator-leβ¦
4.9
CVE-2025-9516 - atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the originallβ¦