CVE-2025-12880 - Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
CVE ID : CVE-2025-12880
Published : Nov. 11, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12880
Published : Nov. 11, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11237 - Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update
CVE ID : CVE-2025-11237
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11237
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11307 - WP Google Maps < 9.0.48 - Unauthenticated Stored XSS
CVE ID : CVE-2025-11307
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11307
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11855 - Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation
CVE ID : CVE-2025-11855
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11855
Published : Nov. 11, 2025, 6:15 a.m. | 33 minutes ago
Description : The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4645 - Axis ACAP Code Execution Vulnerability
CVE ID : CVE-2025-4645
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4645
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5452 - Axis ACAP Privilege Escalation Vulnerability
CVE ID : CVE-2025-5452
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5452
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5454 - Axis ACAP Path Traversal Privilege Escalation
CVE ID : CVE-2025-5454
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5454
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5718 - Axis ACAP Symlink Privilege Escalation
CVE ID : CVE-2025-5718
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5718
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6298 - Axis ACAP Privilege Escalation Vulnerability
CVE ID : CVE-2025-6298
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6298
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6571 - Apache Component Password Exposure
CVE ID : CVE-2025-6571
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6571
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6779 - Axis ACAP Command Injection Vulnerability
CVE ID : CVE-2025-6779
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6779
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8108 - Axis ACAP Privilege Escalation Vulnerability
CVE ID : CVE-2025-8108
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8108
Published : Nov. 11, 2025, 7:15 a.m. | 3 hours, 34 minutes ago
Description : An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10714 - AXIS Optimizer Windows Unquoted Search Path Privilege Escalation
CVE ID : CVE-2025-10714
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10714
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5317 - Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac
CVE ID : CVE-2025-5317
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5317
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7429 - Stored XSS
CVE ID : CVE-2025-7429
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7429
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8998 - Apache HTTP Server File Upload Vulnerability
CVE ID : CVE-2025-8998
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8998
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9055 - VAPIX Edge Privilege Escalation Vulnerability
CVE ID : CVE-2025-9055
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9055
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9524 - VAPIX API Port.cgi Remote Code Execution
CVE ID : CVE-2025-9524
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9524
Published : Nov. 11, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2017-20210 - Photo Station
CVE ID : CVE-2017-20210
Published : Nov. 11, 2025, 10:15 a.m. | 34 minutes ago
Description : Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2017-20210
Published : Nov. 11, 2025, 10:15 a.m. | 34 minutes ago
Description : Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7430 - Stored XSS
CVE ID : CVE-2025-7430
Published : Nov. 11, 2025, 10:24 a.m. | 26 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7430
Published : Nov. 11, 2025, 10:24 a.m. | 26 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7632 - Stored XSS
CVE ID : CVE-2025-7632
Published : Nov. 11, 2025, 10:29 a.m. | 20 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7632
Published : Nov. 11, 2025, 10:29 a.m. | 20 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...