4.8
CVE-2025-22649 - WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through <= 2.6.22.
0.0
CVE-2025-22652 - WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through <= 4.0.1.
0.0
CVE-2025-22658 - WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
5.4
CVE-2025-22659 - WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.
8.1
CVE-2025-30358 - Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to aβ¦
4.3
CVE-2025-30221 - Pitchfork HTTP Request/Response Splitting vulnerability
Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.
0.0
CVE-2025-2873 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Β Further investigation showed that it was not a security issue.Β The issue relates to a session attribute used for login redirection. It poses no security risk and does not expose sensitive data. No vulnerability present.
5.5
CVE-2025-1998 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.
5.4
CVE-2025-1997 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentiaβ¦
6.3
CVE-2024-56469 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay β¦