6.5
CVE-2025-27016 - WordPress Drivr Lite β Google Drive Plugin plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite β Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite β Google Drive Plugin: from n/a through 1.0.1.
0.0
CVE-2025-27013 - WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MediCenter - Health Medical Clinic: from n/a through < 14.7.
5.3
CVE-2025-26623 - Use After Free in Exiv2
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C+β¦
8.3
CVE-2025-26604 - Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel
Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract sensiβ¦
4.2
CVE-2025-26603 - heap-use-after-free in function str_to_reg in vim/vim
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `β¦
7
CVE-2025-25305 - SSL validation for outgoing requests in Home Assistant Core and used libs not correct
Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past, `aiohttp-session`/β¦
8.7
CVE-2025-25284 - Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, whβ¦
9.1
CVE-2025-24895 - SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication
CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the β¦
9.1
CVE-2025-24894 - SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication
SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Serviβ¦
5.3
CVE-2025-21608 - Forged packets over MQTT can show up in direct messages in Meshtastic firmware
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are nβ¦