4.1
CVE-2025-3951 - WP-Optimize < 4.2.0 - Admin+ SQLi
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
4.8
CVE-2025-1485 - Real Cookie Banner < 5.1.6 - Admin+ Stored XSS
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whenβ¦
5.3
CVE-2025-5431 - AssamLook CMS department-profile.php sql injection
A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the pubβ¦
5.3
CVE-2025-5430 - AssamLook CMS product.php sql injection
A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the publicβ¦
5.3
CVE-2025-5429 - juzaweb CMS Plugins Page install access control
A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disβ¦
7.8
CVE-2025-25179 - GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary writeβ¦
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
5.3
CVE-2025-5428 - juzaweb CMS Error Logs Page log-viewer access control
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been β¦
5.3
CVE-2025-5427 - juzaweb CMS Permalinks Page permalinks access control
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls. The attack may be launched remotely. The eβ¦
8.5
CVE-2024-11857 - Realtek Bluetooth HCI Adaptor - Privilege Escalation
Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file β¦
5.3
CVE-2025-5426 - juzaweb CMS Menu Page menus access control
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The expβ¦