6.5
CVE-2025-3608 - Race condition in nsHttpTransaction could lead to memory corruption
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.
4.3
CVE-2025-32945 - PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different userβs channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, withβ¦
6.5
CVE-2025-32944 - PeerTube User Import Authenticated Persistent Denial of Service
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.Β Β If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If thβ¦
7.1
CVE-2025-31011 - WordPress SimplyRETS Real Estate IDX plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
9.8
CVE-2025-30985 - WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4.
4.3
CVE-2025-30965 - WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vβ¦
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard wpjobboard allows Cross Site Request Forgery.This issue affects WPJobBoard: from n/a through < 5.11.1.
5.4
CVE-2025-30964 - WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through < 7.7.6.
7.1
CVE-2025-30962 - WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through <= 6.5.8.
4.4
CVE-2025-26990 - WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerabilβ¦
Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
6.5
CVE-2025-26982 - WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric-Oliver MΓ€chler DSGVO Youtube dsgvo-youtube allows DOM-Based XSS.This issue affects DSGVO Youtube: from n/a through <= 1.5.1.