6.5

CVSS3.1

CVE-2025-27016 - WordPress Drivr Lite – Google Drive Plugin plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vuln…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Google Drive Plugin: from n/a through 1.0.1.

πŸ“… Published: Feb. 18, 2025, 7:53 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 8:16 p.m.

0.0

CVE-2025-27013 - WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MediCenter - Health Medical Clinic: from n/a through < 14.7.

πŸ“… Published: Feb. 18, 2025, 7:53 p.m. πŸ”„ Last Modified: April 1, 2026, 5:19 p.m.

5.3

CVSS4.0

CVE-2025-26623 - Use After Free in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C+…

πŸ“… Published: Feb. 18, 2025, 7:24 p.m. πŸ”„ Last Modified: Sept. 2, 2025, 9:37 p.m.

8.3

CVSS3.1

CVE-2025-26604 - Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract sensi…

πŸ“… Published: Feb. 18, 2025, 7:11 p.m. πŸ”„ Last Modified: Feb. 19, 2025, 3:15 p.m.

4.2

CVSS3.1

CVE-2025-26603 - heap-use-after-free in function str_to_reg in vim/vim

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `…

πŸ“… Published: Feb. 18, 2025, 7:04 p.m. πŸ”„ Last Modified: Aug. 18, 2025, 6:23 p.m.

7

CVSS3.1

CVE-2025-25305 - SSL validation for outgoing requests in Home Assistant Core and used libs not correct

Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past, `aiohttp-session`/…

πŸ“… Published: Feb. 18, 2025, 6:53 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 7:23 p.m.

8.7

CVSS4.0

CVE-2025-25284 - Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, wh…

πŸ“… Published: Feb. 18, 2025, 6:42 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 7:29 p.m.

9.1

CVSS3.1

CVE-2025-24895 - SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the …

πŸ“… Published: Feb. 18, 2025, 6:39 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 7:39 p.m.

9.1

CVSS3.1

CVE-2025-24894 - SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Servi…

πŸ“… Published: Feb. 18, 2025, 6:39 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 7:46 p.m.

5.3

CVSS4.0

CVE-2025-21608 - Forged packets over MQTT can show up in direct messages in Meshtastic firmware

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are n…

πŸ“… Published: Feb. 18, 2025, 6:17 p.m. πŸ”„ Last Modified: Sept. 23, 2025, 7:20 p.m.
Total resulsts: 344690
Page 6247 of 34,469
Β« previous page Β» next page
Filters