8.6
CVE-2025-0320 - Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privi…
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
7.3
CVE-2025-4879 - Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain …
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
6.9
CVE-2025-4365 - NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
8.7
CVE-2025-5349 - NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
9.3
CVE-2025-5777 - NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
6.4
CVE-2025-5291 - Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider…
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes.…
4.3
CVE-2025-3880 - Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authentica…
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contribut…
6.4
CVE-2025-5700 - Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Par…
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access…
4.8
CVE-2025-6050 - Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin…
8.1
CVE-2025-3515 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File U…
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and up…