9.1
CVE-2025-21628 - Chatwoot has a Blind SQL-injection in Conversation and Contacts filters
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addin…
7.1
CVE-2025-21600 - Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed …
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS)…
7.1
CVE-2025-21602 - Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (D…
8.7
CVE-2025-21599 - Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion le…
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes ke…
6.8
CVE-2025-21596 - Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash
An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (c…
7.1
CVE-2025-21593 - Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update …
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled,…
6.8
CVE-2025-21592 - Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through th…
0.0
CVE-2025-22295 - WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and q…
7.1
CVE-2025-22307 - WordPress Product Table for WooCommerce plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vuln…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam Product Table for WooCommerce woo-product-table allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through <= 4.0.3.
7.1
CVE-2025-22313 - WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.