8.8
CVE-2025-5395 - WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticatedโฆ
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to uploaโฆ
7.2
CVE-2025-4799 - WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, tโฆ
4.9
CVE-2025-4798 - WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrโฆ
6.4
CVE-2025-4666 - ZotPress <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname'
The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โnicknameโ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboveโฆ
9.5
CVE-2024-1244 - Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hโฆ
9.5
CVE-2024-1243 - Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for rโฆ
8.8
CVE-2025-5959 -
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2025-5958 -
Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
7.8
CVE-2025-4275 - SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
9.1
CVE-2025-49796 - Libxml: type confusion leads to denial of service (dos)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behaโฆ