CVE-2025-54053 - Groundhogg Deserialization of Untrusted Data Object Injection
CVE ID : CVE-2025-54053
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54053
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54055 - Skygroup Druco Cross-site Scripting Vulnerability
CVE ID : CVE-2025-54055
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54055
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54056 - LambertGroup Responsive HTML5 Audio Player PRO With Playlist Cross-site Scripting
CVE ID : CVE-2025-54056
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54056
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54670 - Bobbingwide Oik Cross-site Scripting (XSS)
CVE ID : CVE-2025-54670
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54670
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54677 - vcita Online Booking & Scheduling Calendar for WordPress Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-54677
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54677
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54713 - Magepeopleteam Taxi Booking Manager for WooCommerce Authentication Bypass
CVE ID : CVE-2025-54713
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54713
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54726 - Miguel Useche JS Archive List SQL Injection
CVE ID : CVE-2025-54726
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54726
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54735 - CubeWP Framework Privilege Escalation
CVE ID : CVE-2025-54735
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54735
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54750 - FunnelKit Funnel Builder PHP Remote File Inclusion Vulnerability
CVE ID : CVE-2025-54750
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54750
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55715 - Themeisle Otter - Gutenberg Block Sensitive Data Information Disclosure
CVE ID : CVE-2025-55715
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55715
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9225 - MiR Robots and MiR Fleet Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9225
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9225
Published : Aug. 20, 2025, 8:15 a.m. | 3 hours, 59 minutes ago
Description : Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-39954 - Apache EventMesh SSRF
CVE ID : CVE-2024-39954
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-39954
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5260 - Pik Online Yazılım Çözümleri A.Ş. Pik Online SSRF Vulnerability
CVE ID : CVE-2025-5260
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5260
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5261 - Pik Online Authorization Bypass Through User-Controlled Key
CVE ID : CVE-2025-5261
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5261
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9228 - MiR Text Note Authorization Bypass
CVE ID : CVE-2025-9228
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9228
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9229 - MiR Error Handling Information Disclosure Vulnerability
CVE ID : CVE-2025-9229
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9229
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 59 minutes ago
Description : Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57727 - JetBrains IntelliJ IDEA Remote Reference Credentials Disclosure Vulnerability
CVE ID : CVE-2025-57727
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57727
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57728 - JetBrains IntelliJ IDEA Code With Me Guest File Disclosure
CVE ID : CVE-2025-57728
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57728
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57729 - JetBrains IntelliJ IDEA Plugin Startup Vulnerability
CVE ID : CVE-2025-57729
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57729
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57730 - JetBrains IntelliJ IDEA HTML Injection Vulnerability
CVE ID : CVE-2025-57730
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57730
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57731 - JetBrains YouTrack Stored XSS
CVE ID : CVE-2025-57731
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57731
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 59 minutes ago
Description : In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...