7.6
CVE-2024-12011 -
A CWE-126 βBuffer Over-readβ was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid aβ¦
8.8
CVE-2025-26511 - Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authentiβ¦
4.7
CVE-2025-25287 - Lakeus vulnerable to stored XSS via system messages
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rβ¦
8.5
CVE-2025-24904 - libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and mayβ¦
8.5
CVE-2025-24903 - libsignal-service-rs Doesn't Check Origin of Sync Messages
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user. Thβ¦
6.2
CVE-2025-0426 - k8s.io/kubernetes: kubelet: node denial of service via kubelet checkpoint API
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
0.0
CVE-2025-26539 - WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through <= 3.2.
0.0
CVE-2025-26538 - WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: from n/a through <= 2.1.
0.0
CVE-2025-26582 - WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through <= 1.0.0.
0.0
CVE-2025-26580 - WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from n/a through <= 2.1.