7.1
CVE-2025-1103 - D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer derefereβ¦
8.7
CVE-2024-10383 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCoβ¦
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, wβ¦
8.6
CVE-2025-1108 - Insufficient data authenticity vulnerability in Janto
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into thβ¦
9.9
CVE-2025-1107 - Unverified password change vulnerability in Janto
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpointβ¦
6.5
CVE-2025-25069 - Apache Kvrocks: Cross-Protocol Scripting Vulnerability
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can beΒ dangerous when it is chainedβ¦
9.8
CVE-2025-25167 - WordPress BookPress β For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Black and White BookPress β For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress β For Book Authors: from n/a through <= 1.2.7.
6.1
CVE-2025-25168 - WordPress BookPress β For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress β For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress β For Book Authors: from n/a through <= 1.2.7.
6.1
CVE-2025-25166 - WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8.
9.8
CVE-2025-25163 - WordPress Plugin A/B Image Optimizer Plugin <= 3.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3.
0.0
CVE-2025-25155 - WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer music-sheet-viewer allows Path Traversal.This issue affects Music Sheet Viewer: from n/a through <= 4.1.