6.5
CVE-2025-1481 - Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opβ¦
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, tβ¦
6.4
CVE-2025-1261 - HT Mega β Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Crβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
4.9
CVE-2023-52969 - mariadb: MariaDB Server Crash Due to Empty Backtrace Log
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
4.9
CVE-2023-52971 - mariadb: MariaDB Server Crash
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
4.9
CVE-2023-52970 - mariadb: MariaDB Server Crash via Item_direct_view_ref
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
4.9
CVE-2023-52968 - mariadb: Crash in MariaDB Due to Improper Handling of Derived Tables
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.
6.8
CVE-2025-27840 -
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
8.7
CVE-2025-2097 - TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiateβ¦
5.3
CVE-2025-2096 - TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiateβ¦
5.3
CVE-2025-2095 - TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has β¦