CVE-2025-64275 - WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64275
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64275
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64276 - WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability
CVE ID : CVE-2025-64276
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64276
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64277 - WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability
CVE ID : CVE-2025-64277
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64277
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64292 - WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64292
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through <= 1.6.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64292
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through <= 1.6.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64369 - WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability
CVE ID : CVE-2025-64369
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64369
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64370 - WordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerability
CVE ID : CVE-2025-64370
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64370
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64379 - WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability
CVE ID : CVE-2025-64379
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64379
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64380 - WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64380
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64380
Published : Nov. 13, 2025, 10:15 a.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64381 - WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64381
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64381
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64382 - WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability
CVE ID : CVE-2025-64382
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64382
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64383 - WordPress Qi Blocks plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64383
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64383
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64384 - WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability
CVE ID : CVE-2025-64384
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64384
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7704 - Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
CVE ID : CVE-2025-7704
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7704
Published : Nov. 13, 2025, 10:15 a.m. | 46 minutes ago
Description : Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12377 - Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions
CVE ID : CVE-2025-12377
Published : Nov. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12377
Published : Nov. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12762 - Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
CVE ID : CVE-2025-12762
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12762
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12763 - Command injection vulnerability allowing arbitrary command execution on Windows
CVE ID : CVE-2025-12763
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12763
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12764 - pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.
CVE ID : CVE-2025-12764
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12764
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12765 - pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
CVE ID : CVE-2025-12765
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12765
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12817 - PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
CVE ID : CVE-2025-12817
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12817
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12818 - PostgreSQL libpq undersizes allocations, via integer wraparound
CVE ID : CVE-2025-12818
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12818
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40681 - Cross-Site Scripting (XSS) in xCally Omnichannel
CVE ID : CVE-2025-40681
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal sentitive user data, such as session cookies , or to perform actions on behalf of the user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40681
Published : Nov. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal sentitive user data, such as session cookies , or to perform actions on behalf of the user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...