6.3
CVE-2023-29113 - A lack of access control in custom IPC mechanism
The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating syโฆ
4.8
CVE-2025-6818 - HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and mayโฆ
7.5
CVE-2025-1991 - IBM Informix Dynamic Server denial of service
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
4.8
CVE-2025-6817 - HDF5 H5Centry.c H5C__load_entry resource consumption
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public aโฆ
4.8
CVE-2025-6816 - HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed toโฆ
4.3
CVE-2025-5937 - MicroPayments โ Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Sโฆ
The MicroPayments โ Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possiโฆ
8.8
CVE-2025-6755 - Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNaโฆ
The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such โฆ
9.8
CVE-2025-5304 - PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation โฆ
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
6.4
CVE-2025-6252 - Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accโฆ
6.4
CVE-2025-6350 - WP VR โ 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contribโฆ
The WP VR โ 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โhotspot-hoverโ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible foโฆ