CVE-2025-62648 - TimsDotCom Drive Thru Audio Volume Tampering Vulnerability
CVE ID : CVE-2025-62648
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62648
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62649 - RBI Restaurant Brands International Client-Side Authentication Bypass
CVE ID : CVE-2025-62649
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62649
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62650 - RBI Restaurant Brands International Client-Side Authentication Bypass
CVE ID : CVE-2025-62650
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62650
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62651 - RBI Assistant Platform Bathroom Rating Interface Unauthenticated Access Vulnerability
CVE ID : CVE-2025-62651
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62651
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62652 - Stored XSS in WebAuthn key name
CVE ID : CVE-2025-62652
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62652
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62653 - Stored XSS through system messages in PollNY
CVE ID : CVE-2025-62653
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62653
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62654 - Stored XSS through system messages in QuizGame
CVE ID : CVE-2025-62654
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62654
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62655 - SQL injection in Cargo via Special:CargoExport
CVE ID : CVE-2025-62655
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62655
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62632 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62632
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62632
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62633 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62633
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62633
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62634 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62634
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62634
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62635 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62635
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62635
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62636 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62636
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62636
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62637 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-62637
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62637
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62638 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62638
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62638
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62639 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62639
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62639
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62640 - SQL Injection in Oracle Database
CVE ID : CVE-2025-62640
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62640
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11378 - ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export
CVE ID : CVE-2025-11378
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11378
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-36853 - 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change
CVE ID : CVE-2020-36853
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-36853
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2017-20206 - Appointments <= 2.2.1 - Unauthenticated PHP Object Injection
CVE ID : CVE-2017-20206
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2017-20206
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-36854 - Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE ID : CVE-2020-36854
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-36854
Published : Oct. 18, 2025, 3:33 a.m. | 52 minutes ago
Description : The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...