CVE-2025-35027 - Unitree Multiple Robotic Products Command Injection
CVE ID : CVE-2025-35027
Published : Sept. 26, 2025, 6:53 a.m. | 30 minutes ago
Description : Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35027
Published : Sept. 26, 2025, 6:53 a.m. | 30 minutes ago
Description : Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60163 - WordPress bbp topic count Plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60163
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count allows DOM-Based XSS. This issue affects bbp topic count: from n/a through 3.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60163
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count allows DOM-Based XSS. This issue affects bbp topic count: from n/a through 3.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60164 - WordPress NewsmanApp Plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60164
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60164
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60165 - WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability
CVE ID : CVE-2025-60165
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60165
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60166 - WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
CVE ID : CVE-2025-60166
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60166
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60167 - WordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure Vulnerability
CVE ID : CVE-2025-60167
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60167
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60169 - WordPress W3SCloud Contact Form 7 to Zoho CRM Plugin <= 3.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60169
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60169
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60170 - WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60170
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60170
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60171 - WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60171
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60171
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60172 - WordPress Flytedesk Digital Plugin <= 20181101 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60172
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60172
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60173 - WordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-60173
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60173
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60177 - WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60177
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60177
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60179 - WordPress Click & Tweet Plugin <= 0.8.9 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60179
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through 0.8.9.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60179
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through 0.8.9.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60181 - WordPress Silencesoft RSS Reader Plugin <= 0.6 - Server Side Request Forgery (SSRF) Vulnerability
CVE ID : CVE-2025-60181
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery. This issue affects Silencesoft RSS Reader: from n/a through 0.6.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60181
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery. This issue affects Silencesoft RSS Reader: from n/a through 0.6.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60184 - WordPress SEO Search Permalink Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60184
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink allows Stored XSS. This issue affects SEO Search Permalink: from n/a through 1.0.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60184
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink allows Stored XSS. This issue affects SEO Search Permalink: from n/a through 1.0.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60185 - WordPress kontur Admin Style Plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60185
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur.us kontur Admin Style allows Stored XSS. This issue affects kontur Admin Style: from n/a through 1.0.4.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60185
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur.us kontur Admin Style allows Stored XSS. This issue affects kontur Admin Style: from n/a through 1.0.4.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60186 - WordPress Google+ Comments Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-60186
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60186
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60219 - WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-60219
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60219
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7691 - Privilege Defined With Unsafe Actions in GitLab
CVE ID : CVE-2025-7691
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7691
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9642 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE ID : CVE-2025-9642
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9642
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9958 - Insertion of Sensitive Information Into Sent Data in GitLab
CVE ID : CVE-2025-9958
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9958
Published : Sept. 26, 2025, 9:15 a.m. | 2 hours, 8 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...