6.5
CVE-2025-26731 - WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Stored XSS.This issue affects ARPrice: from n/a through <= 4.1.3.
5.1
CVE-2025-2852 - SourceCodester Food Ordering Management System view_menu.php sql injection
A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of the argument ID leads to sql injection. The attack can be lauβ¦
6.5
CVE-2025-26732 - WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware StoreBiz storebiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through <= 1.0.32.
6.5
CVE-2025-26734 - WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester hester allows Stored XSS.This issue affects Hester: from n/a through <= 1.1.10.
6.5
CVE-2025-26736 - WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through <= 1.3.2.
6.5
CVE-2025-26737 - WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5.
6.5
CVE-2025-26738 - WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
5.3
CVE-2025-26619 - Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be sβ¦
4.8
CVE-2025-2849 - UPX p_lx_elf.cpp un_DT_INIT heap-based overflow
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disβ¦
10
CVE-2025-2857 - Incorrect handle could lead to sandbox escapes
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was β¦