CVE-2025-59776 - AutomationDirect Productivity Suite Relative Path Traversal
CVE ID : CVE-2025-59776
Published : Oct. 23, 2025, 10:17 p.m. | 58 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59776
Published : Oct. 23, 2025, 10:17 p.m. | 58 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60023 - AutomationDirect Productivity Suite Relative Path Traversal
CVE ID : CVE-2025-60023
Published : Oct. 23, 2025, 10:21 p.m. | 55 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60023
Published : Oct. 23, 2025, 10:21 p.m. | 55 minutes ago
Description : A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7730 - Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter
CVE ID : CVE-2025-7730
Published : Oct. 23, 2025, 10:25 p.m. | 50 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7730
Published : Oct. 23, 2025, 10:25 p.m. | 50 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62827 - Microsoft Exchange Server Unvalidated User Input
CVE ID : CVE-2025-62827
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62827
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62828 - SAP SQL Injection
CVE ID : CVE-2025-62828
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62828
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62829 - Apache HTTP Server SQL Injection
CVE ID : CVE-2025-62829
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62829
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62830 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-62830
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62830
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62831 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62831
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62831
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62832 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62832
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62832
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62833 - Apache HTTP Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-62833
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62833
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62834 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62834
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62834
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62835 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62835
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62835
Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10723 - PixelYourSite < 11.1.2 - Admin+ LFI
CVE ID : CVE-2025-10723
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10723
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10874 - Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery
CVE ID : CVE-2025-10874
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10874
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58070 - Pleasanter Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-58070
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58070
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61931 - Pleasanter Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-61931
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61931
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9158 - Stored XSS in Request Tracker
CVE ID : CVE-2025-9158
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying the ticket in the context of the logged-in user. This vulnerability affects versions from 5.0.4 through 5.0.8 and from 6.0.0 through 6.0.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9158
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying the ticket in the context of the logged-in user. This vulnerability affects versions from 5.0.4 through 5.0.8 and from 6.0.0 through 6.0.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9978 - Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS
CVE ID : CVE-2025-9978
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9978
Published : Oct. 24, 2025, 6:15 a.m. | 1 hour, 2 minutes ago
Description : The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10701 - Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting
CVE ID : CVE-2025-10701
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with Time Clock user credentials to inject arbitrary web scripts in pages that will execute whenever a user accesses an affected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10701
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with Time Clock user credentials to inject arbitrary web scripts in pages that will execute whenever a user accesses an affected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10740 - URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation
CVE ID : CVE-2025-10740
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify links.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10740
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify links.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10748 - RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection
CVE ID : CVE-2025-10748
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10748
Published : Oct. 24, 2025, 9:15 a.m. | 2 hours, 2 minutes ago
Description : The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...