6.8
CVE-2025-31130 - gitoxide does not detect SHA-1 collision attacks
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations fβ¦
9.8
CVE-2025-27520 - BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbiβ¦
5.3
CVE-2025-3249 - TOTOLINK A6000R mtkwifi.lua apcli_cancel_wps command injection
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploβ¦
6.5
CVE-2025-22285 - WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15.
6.5
CVE-2025-22281 - WordPress Simplish theme <= 2.6.4 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joshix Simplish simplish allows Stored XSS.This issue affects Simplish: from n/a through <= 2.6.4.
9.8
CVE-2024-51800 - WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
6.5
CVE-2025-31381 - WordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerability
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3.
9.8
CVE-2025-2798 - Woffice <= 5.4.21 - Authentication Bypass via Registration Role
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom lβ¦
7.1
CVE-2025-31384 - WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos videos allows Reflected XSS.This issue affects Videos: from n/a through <= 1.0.5.
7.1
CVE-2025-31389 - WordPress Sequel plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Introvoke Inc. dba Sequel.io Sequel sequel allows Reflected XSS.This issue affects Sequel: from n/a through <= 1.0.11.