3.5
CVE-2025-49810 - Thread summarization allows persistent access to channel
Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts
6.8
CVE-2025-36530 - Import Path Traversal Enables Unauthorized Unsigned Plugin Installation
Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugiโฆ
9.1
CVE-2025-7390 - Bypass the client certificate trust check of an opc.https server while only secure communication isโฆ
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
6.4
CVE-2025-8607 - SlingBlocks โ Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contribโฆ
The SlingBlocks โ Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user suppliโฆ
4.3
CVE-2025-7221 - GiveWP โ Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Updaโฆ
The GiveWP โ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackerโฆ
8.1
CVE-2025-8592 - Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiro_install_plugin() function. This makes it possible for unauthenticated attackers to install plugins from the reโฆ
5.3
CVE-2025-53505 - From CVEorg collector
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.
4.8
CVE-2025-53504 -
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.
5.3
CVE-2025-48355 - WordPress ProveSource Social Proof plugin <= 3.1.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof provesource allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through <= 3.1.2.
10
CVE-2025-43300 - Outโofโbounds Write in Image Processing Leading to Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image โฆ