2.6
CVE-2025-32435 - Hydra no restricted eval after nix-eval-jobs migration
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectiveβ¦
5.3
CVE-2025-32782 - Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically followβ¦
6.9
CVE-2025-27929 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
6.9
CVE-2025-24315 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
7.5
CVE-2025-32784 - conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as β¦
6.9
CVE-2025-27561 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can rename "rooms" of arbitrary users.
0.0
CVE-2025-32923 - WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through < 5.4.1.
0.0
CVE-2025-30984 - WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through <= 4.0.7.
0.0
CVE-2025-30982 - WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Stored XSS.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8.
0.0
CVE-2025-30970 - WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through <= 0.1.2.