8.1
CVE-2025-2563 - User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
5.9
CVE-2024-9230 - PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
0.0
CVE-2025-3552 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
0.0
CVE-2025-3551 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
5.3
CVE-2025-3550 - wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System detail improper authorization
A vulnerability has been found in wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched rβ¦
4.8
CVE-2025-3549 - Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer oβ¦
4.8
CVE-2025-3548 - Open Asset Import Library Assimp File types.h Set heap-based overflow
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible β¦
5.3
CVE-2025-3547 - frdel Agent-Zero get_work_dir_files path traversal
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public anβ¦
7.5
CVE-2025-3572 - INTUMIT SmartRobot - Server-Side Request Forgery
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
8.6
CVE-2025-3546 - H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injectiβ¦
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POSTβ¦