9.8
CVE-2025-2266 - Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attacβ¦
7.3
CVE-2025-2803 - So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unaβ¦
5.3
CVE-2025-2840 - DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure
The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information cβ¦
6.3
CVE-2025-1217 - Header parser of http stream wrapper does not handle folded headers
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIMEβ¦
4.3
CVE-2024-51477 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
4.4
CVE-2024-7577 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
5.3
CVE-2024-43186 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
6.3
CVE-2025-2782 - WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directoβ¦
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: froβ¦
6.3
CVE-2025-2781 - WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Clienβ¦
6.9
CVE-2025-2927 - ESAFENET CDG getFileTypeList.jsp sql injection
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has beβ¦