0.0
CVE-2025-4436 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0.0
CVE-2025-4132 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.9
CVE-2025-4207 - PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that failsβ¦
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 1β¦
8.7
CVE-2024-6648 - Path Traversal in AP Page Builder
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.
6.3
CVE-2025-3506 - Potentially senitive path exposed via unauthenticated http route
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.
6.1
CVE-2025-2806 - tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the βdataβ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers β¦
6.4
CVE-2025-3468 - NEX-Forms β Ultimate Form Builder β Contact forms and much more <= 8.9.1 - Authenticated (Custom) Sβ¦
The NEX-Forms β Ultimate Form Builder β Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it pβ¦
6.4
CVE-2025-3862 - Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parametβ¦
Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboβ¦
6.3
CVE-2025-4208 - NEX-Forms β Ultimate Form Builder β Contact forms and much more <= 8.9.1 - Authenticated (Custom) Lβ¦
The NEX-Forms β Ultimate Form Builder β Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes β¦
8.7
CVE-2025-3759 - Missing Authentication for Changing Device Configuration in WF2220
EndpointΒ /cgi-bin-igd/netcore_set.cgiΒ which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but diβ¦