8.5
CVE-2025-24904 - libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and mayβ¦
8.5
CVE-2025-24903 - libsignal-service-rs Doesn't Check Origin of Sync Messages
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user. Thβ¦
6.2
CVE-2025-0426 - k8s.io/kubernetes: kubelet: node denial of service via kubelet checkpoint API
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
0.0
CVE-2025-26539 - WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through <= 3.2.
0.0
CVE-2025-26538 - WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: from n/a through <= 2.1.
0.0
CVE-2025-26582 - WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through <= 1.0.0.
0.0
CVE-2025-26580 - WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from n/a through <= 2.1.
0.0
CVE-2025-26578 - WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.
0.0
CVE-2025-26577 - WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.
0.0
CVE-2025-26574 - WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google Drive WP Media: from n/a through <= 2.4.4.