6.4
CVE-2025-2537 - Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Sβ¦
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackβ¦
4.9
CVE-2025-49595 - n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed fβ¦
5.4
CVE-2025-3702 - WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
6.5
CVE-2025-49032 - WordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows Stored XSS.This issue affects Gutenberg Blocks: from n/a through <= 3.3.1.
5.1
CVE-2025-40723 - Stored Cross-Site Scripting (XSS) vulnerability on Flatboard
Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through theΒ footer_text and announcement parameters in config.php.
5.1
CVE-2025-40722 - Stored Cross-Site Scripting (XSS) vulnerability on Flatboard
Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through theΒ replace parameter in /config.php/tags.
7.6
CVE-2025-27461 - CVE-2025-27461
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
7.6
CVE-2025-27460 - CVE-2025-27460
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can β¦
4.4
CVE-2025-27459 - CVE-2025-27459
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
6.5
CVE-2025-27458 - CVE-2025-27458
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses maβ¦