8.3
CVE-2025-41361 - Uncontrolled resource consumption vulnerability in IDF and ZLF
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit thisβ¦
4.8
CVE-2025-41367 - Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and execβ¦
5.1
CVE-2025-41366 - CORS vulnerability in IDF and ZLF
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permissβ¦
5.1
CVE-2025-41365 - Code injection vulnerability in IDF and ZLF
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that caβ¦
5.1
CVE-2025-41364 - Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and execβ¦
7.1
CVE-2025-48329 - WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
5.3
CVE-2025-41363 - CORS vulnerability in IDF and ZLF
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
0.0
CVE-2025-39358 - WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
5.3
CVE-2025-41362 - Code injection vulnerability in IDF and ZLF
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that caβ¦
8.5
CVE-2025-47584 - WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.