CVE-2025-8281 - Talroo WordPress Reflected Cross-Site Scripting
CVE ID : CVE-2025-8281
Published : Aug. 22, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8281
Published : Aug. 22, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57699 - Western Digital Kitfox for Windows Unquoted Service Path Privilege Escalation Vulnerability
CVE ID : CVE-2025-57699
Published : Aug. 22, 2025, 7:15 a.m. | 1 hour, 2 minutes ago
Description : Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57699
Published : Aug. 22, 2025, 7:15 a.m. | 1 hour, 2 minutes ago
Description : Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8678 - WordPress WP Crontrol SSRF
CVE ID : CVE-2025-8678
Published : Aug. 22, 2025, 8:15 a.m. | 4 hours, 3 minutes ago
Description : The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8678
Published : Aug. 22, 2025, 8:15 a.m. | 4 hours, 3 minutes ago
Description : The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9341 - Bouncy Castle for Java FIPS: Uncontrolled Resource Consumption in AESNativeCBC Java API
CVE ID : CVE-2025-9341
Published : Aug. 22, 2025, 9:15 a.m. | 3 hours, 2 minutes ago
Description : Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: from BC-FJA 2.1.0 through 2.1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9341
Published : Aug. 22, 2025, 9:15 a.m. | 3 hours, 2 minutes ago
Description : Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: from BC-FJA 2.1.0 through 2.1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9340 - Bouncy Castle for Java BC-FIPS Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-9340
Published : Aug. 22, 2025, 10:15 a.m. | 2 hours, 2 minutes ago
Description : Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9340
Published : Aug. 22, 2025, 10:15 a.m. | 2 hours, 2 minutes ago
Description : Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57890 - Pierre Lannoy Sessions Cross-site Scripting
CVE ID : CVE-2025-57890
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Sessions allows Stored XSS. This issue affects Sessions: from n/a through 3.2.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57890
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Sessions allows Stored XSS. This issue affects Sessions: from n/a through 3.2.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57891 - Wpecommerce Stored Cross-site Scripting
CVE ID : CVE-2025-57891
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS. This issue affects Recurring PayPal Donations: from n/a through 1.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57891
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS. This issue affects Recurring PayPal Donations: from n/a through 1.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57892 - Jeff Starr Simple Statistics for Feeds CSRF Vulnerability
CVE ID : CVE-2025-57892
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57892
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57893 - Epsiloncool WP Fast Total Search CSRF Vulnerability
CVE ID : CVE-2025-57893
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57893
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57894 - WPPizza Missing Authorization Vulnerability
CVE ID : CVE-2025-57894
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Missing Authorization vulnerability in ollybach WPPizza allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPPizza: from n/a through 3.19.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57894
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Missing Authorization vulnerability in ollybach WPPizza allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPPizza: from n/a through 3.19.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57895 - JobWP CSRF Vulnerability
CVE ID : CVE-2025-57895
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57895
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57896 - Church Admin Missing Authorization Vulnerability
CVE ID : CVE-2025-57896
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57896
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9254 - Uniong WebITR Authentication Bypass
CVE ID : CVE-2025-9254
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9254
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9255 - Uniong WebITR SQL Injection
CVE ID : CVE-2025-9255
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9255
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9256 - Uniong WebITR Arbitrary File Reading Vulnerability
CVE ID : CVE-2025-9256
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9256
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9257 - Uniong WebITR Arbitrary File Reading Vulnerability
CVE ID : CVE-2025-9257
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9257
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9258 - Uniong WebITR Arbitrary File Reading Vulnerability
CVE ID : CVE-2025-9258
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9258
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9259 - Uniong WebITR Arbitrary File Reading Vulnerability
CVE ID : CVE-2025-9259
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9259
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9331 - Spacious WordPress Cross-Site Request Forgery (CSRF) and Authentication Bypass
CVE ID : CVE-2025-9331
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9331
Published : Aug. 22, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2009-10006 - "UFO: Alien Invasion IRC Client Buffer Overflow"
CVE ID : CVE-2009-10006
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 3 minutes ago
Description : UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2009-10006
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 3 minutes ago
Description : UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56179 - MindManager File Attachment Directory Traversal Vulnerability
CVE ID : CVE-2024-56179
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56179
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...