5.4
CVE-2025-39456 - WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logger: from n/a through 2.2.
5.3
CVE-2025-39457 - WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8.
7.5
CVE-2025-39461 - WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache allows PHP Local File Inclusion. This issue affects Docket Cache: from n/a through 24.07.02.
7.5
CVE-2025-39462 - WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements allows PHP Local File Inclusion. This issue affects Smart Agreements: from n/a through 1.0.3.
7.1
CVE-2025-39464 - WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar allows Reflected XSS. This issue affects AdminQuickbar: from n/a through 1.9.1.
7.1
CVE-2025-25234 -
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.
9.3
CVE-2025-3651 - Command Injection in iManage Work Desktop for Mac's Agent Service
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.
8.7
CVE-2022-26323 - Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Brid…
Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. Thi…
4.8
CVE-2025-3760 -
A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10…
4.3
CVE-2025-26477 -
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.