6.5
CVE-2025-22648 - WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor blog-posts-and-category-for-elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through β¦
6.5
CVE-2024-48944 - Apache Kylin: SSRF vulnerability in the diagnosis api
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin seβ¦
5.9
CVE-2025-22649 - WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through <= 2.6.22.
7.6
CVE-2025-22652 - WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through <= 4.0.1.
7.1
CVE-2025-22658 - WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
6.5
CVE-2025-22659 - WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.
8.1
CVE-2025-30358 - Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to aβ¦
4.3
CVE-2025-30221 - Pitchfork HTTP Request/Response Splitting vulnerability
Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.
0.0
CVE-2025-2873 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Β Further investigation showed that it was not a security issue.Β The issue relates to a session attribute used for login redirection. It poses no security risk and does not expose sensitive data. No vulnerability present.
5.5
CVE-2025-1998 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.