6.4

CVSS3.1

CVE-2025-7809 - StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foโ€ฆ

๐Ÿ“… Published: July 29, 2025, 3:41 a.m. ๐Ÿ”„ Last Modified: April 20, 2026, 8:15 p.m.

5.4

CVSS3.1

CVE-2025-7810 - StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for โ€ฆ

๐Ÿ“… Published: July 29, 2025, 3:41 a.m. ๐Ÿ”„ Last Modified: April 21, 2026, 7:45 p.m.

8.8

CVSS3.1

CVE-2024-42655 -

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 6, 2025, 5:46 p.m.

7.5

CVSS3.1

CVE-2024-42645 -

An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 6, 2025, 8:48 p.m.

6.5

CVSS3.1

CVE-2025-51045 -

Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 7, 2025, 5:52 p.m.

6.5

CVSS3.1

CVE-2025-28171 -

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 6, 2025, 8:48 p.m.

7.3

CVSS3.1

CVE-2025-52490 -

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 6, 2025, 4:25 p.m.

9.8

CVSS3.1

CVE-2025-46059 - langchain-core: Langchain indirect propmpt injection

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-โ€ฆ

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-52284 -

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Sept. 15, 2025, 3:15 p.m.

8.1

CVSS3.1

CVE-2025-45346 -

SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.

๐Ÿ“… Published: July 29, 2025, midnight ๐Ÿ”„ Last Modified: Aug. 6, 2025, 4:24 p.m.
Total resulsts: 349182
Page 4481 of 34,919
ยซ previous page ยป next page
Filters