6.9
CVE-2025-62275 -
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers toβ¦
6.4
CVE-2025-11922 - Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ina_redirect_page_individual_user' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, witβ¦
8.8
CVE-2025-11920 - WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .β¦
5.3
CVE-2025-11174 - Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure
The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dll_load_posts which returns a JSON table of document data without performing nonce or capability cheβ¦
5.3
CVE-2025-11816 - Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 -β¦
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnect_account_request() function in all versions up to, and including, 3.5.1. This makesβ¦
4.6
CVE-2025-62276 -
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header,β¦
6.2
CVE-2025-12464 - Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This couβ¦
6.3
CVE-2025-60711 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
7.6
CVE-2025-10693 - Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.
6.3
CVE-2025-12547 - LogicalDOC Community Edition Admin Login login.jsp excessive authentication
A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely. Thβ¦