5.4
CVE-2025-1997 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentiaβ¦
6.3
CVE-2024-56469 - IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay β¦
5.3
CVE-2025-2854 - code-projects Payroll Management System update_employee.php sql injection
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The expβ¦
9.5
CVE-2025-2516 - Use of a weak cryptographic key in the signature verification process in WPS Office
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-Theβ¦
0.0
CVE-2025-2872 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference CVE-2025-47577 instead of this candidate. All references and descriptions in this candidate have been removed to prevβ¦
6.5
CVE-2025-22660 - WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed include-mastodon-feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through <= 1.9.9.
4.3
CVE-2025-22665 - WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad unusedcss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through <= 2.4.4.
4.3
CVE-2025-22667 - WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2β¦
Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets wpsyncsheets-woocommerce.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through <= 1.8.2.
6.5
CVE-2025-22668 - WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through <= 2.7.2.
4.3
CVE-2025-22669 - WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through <= 2.7.5.