7.2
CVE-2024-13890 - Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access andβ¦
6.4
CVE-2024-12460 - Years Since β Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Years Since β Timeless Texts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'years-since' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦
6.5
CVE-2025-1481 - Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opβ¦
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, tβ¦
6.4
CVE-2025-1261 - HT Mega β Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Crβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
4.9
CVE-2023-52969 - mariadb: MariaDB Server Crash Due to Empty Backtrace Log
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
4.9
CVE-2023-52971 - mariadb: MariaDB Server Crash
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
4.9
CVE-2023-52970 - mariadb: MariaDB Server Crash via Item_direct_view_ref
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
4.9
CVE-2023-52968 - mariadb: Crash in MariaDB Due to Improper Handling of Derived Tables
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.
6.8
CVE-2025-27840 -
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
8.7
CVE-2025-2097 - TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiateβ¦