6.3
CVE-2025-8885 - Possible DOS in processing specially formed ASN.1 Object Identifiers
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associated with program files https://github.com/bcg…
5.6
CVE-2025-26398 - SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and …
7.8
CVE-2025-41686 - Improper File Permissions Allow Local Privilege Escalation
A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.
8.8
CVE-2025-8418 - B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorizati…
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscribe…
4.3
CVE-2025-8482 - Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migrati…
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to …
6.4
CVE-2025-8874 - Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Anima…
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping…
4.8
CVE-2025-8767 - AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untr…
5.3
CVE-2025-47444 - WordPress FiboSearch plugin <= 1.32.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through <= 1.32.1.
7.5
CVE-2025-6253 - UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename specified. This makes it p…
4.9
CVE-2025-8081 - Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access a…