6.4
CVE-2025-9499 - Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_libraryβ¦
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aβ¦
9.3
CVE-2025-54946 - SUNNET Corporate Training Management System - SQL Injection
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
10
CVE-2025-54945 - SUNNET Corporate Training Management System - External Control of File Name or Path
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
6.9
CVE-2025-54944 - SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
9.3
CVE-2025-54943 - SUNNET Corporate Training Management System - Missing Authorization
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
9.3
CVE-2025-54942 - SUNNET Corporate Training Management System - Missing Authentication for Critical Function
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
4.3
CVE-2025-4956 - WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
4.3
CVE-2025-9618 - Related Posts Lite <= 1.12 - Cross-Site Request Forgery
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settinβ¦
7.1
CVE-2025-38677 - f2fs: fix to avoid out-of-boundary access in dnode page
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:β¦
8.8
CVE-2025-34165 - NetSupport Manager < 14.12.0000 Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability in NetSupport ManagerΒ 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.