8.1
CVE-2025-1532 - Code Injection Vulnerability in Phoneservice
Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.
8.1
CVE-2025-2188 - Whitelist bypass Vulnerability in GameCenter
There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.
4.3
CVE-2025-2197 - Type Confusion Vulnerability in Browser
Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.
6.4
CVE-2025-3615 - Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accโฆ
8.5
CVE-2025-2903 - Privilege Chaining in Delphix
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious sโฆ
9
CVE-2025-3113 - Improper Access Control in Delphix Masking Engine
A valid, authenticated user with sufficient privileges and who is aware of Continuous Complianceโs internal database configurations can leverage the applicationโs built-in Connector functionality to access Continuous Complianceโs internal database. This allows the user to explore the internal databโฆ
3.5
CVE-2025-1525 - Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-1524 - Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-1523 - Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
0.0
CVE-2024-13925 - Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging
The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentiaโฆ