CVE-2025-67594 - WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability
CVE ID : CVE-2025-67594
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67594
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67595 - WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67595
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67595
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67596 - WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67596
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67596
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67597 - WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability
CVE ID : CVE-2025-67597
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67597
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67598 - WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67598
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67598
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67599 - WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability
CVE ID : CVE-2025-67599
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67599
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6923 - Reflected XSS in TalentSoft's UNIS
CVE ID : CVE-2025-6923
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6923
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6924 - Reflected XSS in TalentSoft's e-BAP
CVE ID : CVE-2025-6924
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6924
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9368 - 432ES-IG3 Series A Denial-of-Service Vulnerability
CVE ID : CVE-2025-9368
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9368
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9638 - i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
CVE ID : CVE-2025-9638
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9638
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-23729 - WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability
CVE ID : CVE-2023-23729
Published : Dec. 9, 2025, 4:40 p.m. | 22 minutes ago
Description : Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-23729
Published : Dec. 9, 2025, 4:40 p.m. | 22 minutes ago
Description : Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-22675 - WordPress WP Fast Cache plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2023-22675
Published : Dec. 9, 2025, 4:41 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-22675
Published : Dec. 9, 2025, 4:41 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-47425 - WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 3.4.10 - Broken Access Control
CVE ID : CVE-2022-47425
Published : Dec. 9, 2025, 4:41 p.m. | 21 minutes ago
Description : Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-47425
Published : Dec. 9, 2025, 4:41 p.m. | 21 minutes ago
Description : Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-46845 - WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability
CVE ID : CVE-2022-46845
Published : Dec. 9, 2025, 4:42 p.m. | 20 minutes ago
Description : Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-46845
Published : Dec. 9, 2025, 4:42 p.m. | 20 minutes ago
Description : Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47705 - CNC_Ctrl DllUnregisterServer Access Violation
CVE ID : CVE-2021-47705
Published : Dec. 9, 2025, 8:37 p.m. | 26 minutes ago
Description : COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47705
Published : Dec. 9, 2025, 8:37 p.m. | 26 minutes ago
Description : COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47706 - COMMAX Biometric Access Control System Authentication Bypass
CVE ID : CVE-2021-47706
Published : Dec. 9, 2025, 8:37 p.m. | 25 minutes ago
Description : COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47706
Published : Dec. 9, 2025, 8:37 p.m. | 25 minutes ago
Description : COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47707 - COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
CVE ID : CVE-2021-47707
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47707
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47708 - COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
CVE ID : CVE-2021-47708
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47708
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64896 - Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
CVE ID : CVE-2025-64896
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64896
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47709 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
CVE ID : CVE-2021-47709
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47709
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13743 - Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
CVE ID : CVE-2025-13743
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13743
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...