8.8
CVE-2025-24189 - webkitgtk: Processing maliciously crafted web content may lead to memory corruption
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption.
5.5
CVE-2025-24183 - macOS Local Privilege Escalation via Improper Filesystem Check
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local user may be able to modify protected parts of the file system.
3.3
CVE-2025-31185 - Hidden Photos Album Can Be Viewed Without Authentication
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
5.5
CVE-2025-31262 - File System Permission Escalation Allowing Modification of Protected Areas
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to modify protected parts of the file system.
5.3
CVE-2025-4939 - PHPGurukul Credit Card Application Management System new-ccapplication.php cross site scripting
A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has beโฆ
7.1
CVE-2025-22790 - WordPress moseter theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1.
7.1
CVE-2025-22789 - WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2.
7.1
CVE-2025-22687 - WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.
7.1
CVE-2025-22678 - WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8.
5.3
CVE-2024-33939 - WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.