4.8
CVE-2025-2913 - HDF5 H5FL.c H5FL__blk_gc_list use after free
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been discβ¦
4.8
CVE-2025-2912 - HDF5 H5Omessage.c H5O_msg_flush heap-based overflow
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The expβ¦
6.8
CVE-2025-2713 - Improper File Permission Handling in Google gVisor runsc
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
0.0
CVE-2025-31010 - WordPress SimplyRETS Real Estate IDX plugin <= 3.0.5 - CSRF to Multiple Admin Actions vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5.
0.0
CVE-2025-22767 - WordPress GlobalPayments WooCommerce Plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Reflected XSS.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.13.2.
0.0
CVE-2025-22575 - WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
0.0
CVE-2025-22566 - WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb ULTIMATE VIDEO GALLERY ultimate-gallery allows Reflected XSS.This issue affects ULTIMATE VIDEO GALLERY: from n/a through <= 1.4.
0.0
CVE-2025-22526 - WordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= 1.2.1.
0.0
CVE-2025-22523 - WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.
0.0
CVE-2025-22501 - WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City improve-my-city allows Reflected XSS.This issue affects Improve My City: from n/a through <= 1.6.