8.8
CVE-2025-0724 - ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Ob…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This makes it possible for authenticated attackers, with…
4.3
CVE-2025-1408 - ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenti…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This make…
6.1
CVE-2024-13739 - Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter
The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts …
6.5
CVE-2025-0723 - ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL In…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient prepar…
4.3
CVE-2024-13737 - Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subs…
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authe…
9
CVE-2025-30472 - corosync: Stack buffer overflow from 'orf_token_endian_convert'
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
8.2
CVE-2025-2609 - MagnusBilling Stored Cross-Site Scripting in Login Logs
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associ…
7.6
CVE-2025-2610 - MagnusBilling Stored Cross-Site Scripting in Alarm Module
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBillin…
4.6
CVE-2025-26500 - VxWorks 7 USB Failure
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.
7.5
CVE-2025-30204 - jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Aut…