7.5
CVE-2024-8261 - IDOR in Proliz Software's OBS
Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.
5.4
CVE-2024-54179 - IBM Business Automation Workflow cross-site scripting
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intβ¦
7.7
CVE-2024-47092 - Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1
7.1
CVE-2025-26994 - WordPress Zigaform β Price Calculator & Cost Estimation Form Builder Lite plugin <= 7.4.2 - Cross Sβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform β Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS.This issue affects Zigaform β Price Calculator &β¦
7.1
CVE-2025-26989 - WordPress Zigaform β Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= 7.4.2.
9.3
CVE-2025-26988 - WordPress SMS Alert Order Notifications β WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.
7.1
CVE-2025-26984 - WordPress SMS Alert Order Notifications β WooCommerce plugin <= 3.7.8 - Reflected Cross Site Scriptβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.
10
CVE-2025-26970 - WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through < 1.71.0.
8.8
CVE-2025-26967 - WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through <= 2.3.14.
7.1
CVE-2025-26918 - WordPress Small Package Quotes β Unishippers Edition plugin <= 2.4.9 - Reflected Cross Site Scriptiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes β Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes β Unishippers Edition: from n/a thβ¦