5.3
CVE-2025-10259 - Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) conditionβ¦
6.1
CVE-2025-12471 - Hubbub Lite <= 1.36.0 - Reflected Cross-Site Scripting
The Hubbub Lite β Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up to, and including, 1.36.0 due to insufficient input sanitization and output escaping. This makes it pβ¦
7.3
CVE-2025-9338 -
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Uβ¦
5.3
CVE-2025-12560 - Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Serverβ¦
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make weβ¦
5.3
CVE-2025-11271 - Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this value is attacker-suppliβ¦
4.3
CVE-2025-12563 - Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upβ¦
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acceβ¦
4.8
CVE-2025-61994 -
Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page.
4.3
CVE-2025-10691 - Easy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion
The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers to delete arbitrary β¦
4.9
CVE-2025-10683 - Easy Email Subscription <= 1.3 - Authenticated (Admin+) SQL Injection via uid
The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for autβ¦
8.7
CVE-2025-64171 - MARIN3R: Cross-Namespace Vulnerability in the Operator
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fiβ¦