6.8
CVE-2025-26465 - Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For β¦
4.3
CVE-2024-25066 -
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.
7.8
CVE-2025-0591 - Out-of-bounds Read vulnerability in CX-Programmer
Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.
4.8
CVE-2025-1365 - GNU elfutils eu-readelf readelf.c process_symtab buffer overflow
A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploiβ¦
4.8
CVE-2025-1364 - MicroWord eScan Antivirus USB Protection Service passPrompt stack-based overflow
A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this vulnerability is the function passPrompt of the component USB Protection Service. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on thβ¦
0.0
CVE-2025-26779 - WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Path Traversal.This issue affects Keep Backup Daily: from n/a through <= 2.1.0.
0.0
CVE-2025-26768 - WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15.
5.4
CVE-2025-26767 - WordPress Qubely plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.12.
0.0
CVE-2025-26766 - WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka leyka allows Stored XSS.This issue affects Leyka: from n/a through <= 3.31.8.
0.0
CVE-2025-26765 - WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.22.