5.5
CVE-2025-2810 - Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
7.8
CVE-2025-41698 - Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization
A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
4.8
CVE-2025-8552 - atjiu pybbs list cross site scripting
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the p…
5.1
CVE-2025-8551 - atjiu pybbs list cross site scripting
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has…
6.4
CVE-2025-8294 - Download Counter <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Paramet…
The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and…
6.4
CVE-2025-8295 - Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess…
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve…
7.5
CVE-2025-5061 - WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and abov…
7.5
CVE-2025-6207 - WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,…
4.8
CVE-2025-8550 - atjiu pybbs list cross site scripting
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The expl…
6.4
CVE-2025-8313 - Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_m…
The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level …