5.3
CVE-2025-4820 - Incorrect congestion window growth by optimistic ACK
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating โฆ
5.4
CVE-2024-54183 - IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially โฆ
5
CVE-2025-6240 - Profisee Path Traversal Vulnerability
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
7.2
CVE-2025-6220 - Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Uploadโฆ
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and aโฆ
2.7
CVE-2025-1088 - Very long unicode dashboard title or panel name can hang the frontend
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
4.3
CVE-2025-23999 - WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.
6.4
CVE-2025-5237 - Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wโฆ
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โwidthโ parameter in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leveโฆ
7.2
CVE-2025-6086 - CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload
The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload โฆ
5.7
CVE-2025-5981 - Arbitrary File write in OSV-SCALIBR
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()ย function for container images. Particularly, when using the CLI flag --remote-imageย on untrusted container images.
9.8
CVE-2025-1562 - Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKiโฆ
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in alโฆ