CVE-2025-69350 - WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69350
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69350
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69351 - WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability
CVE ID : CVE-2025-69351
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69351
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69352 - WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability
CVE ID : CVE-2025-69352
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69352
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69353 - WordPress Proxy & VPN Blocker plugin <= 3.5.3 - Broken Access Control vulnerability
CVE ID : CVE-2025-69353
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69353
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69354 - WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability
CVE ID : CVE-2025-69354
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69354
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69355 - WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability
CVE ID : CVE-2025-69355
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69355
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69356 - WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability
CVE ID : CVE-2025-69356
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69356
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69357 - WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69357
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69357
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69359 - WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability
CVE ID : CVE-2025-69359
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69359
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69360 - WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69360
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69360
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69361 - WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability
CVE ID : CVE-2025-69361
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69361
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69362 - WordPress UiChemy plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69362
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69362
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69363 - WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability
CVE ID : CVE-2025-69363
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69363
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69364 - WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability
CVE ID : CVE-2025-69364
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69364
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14942 - Authentication Bypass
CVE ID : CVE-2025-14942
Published : Jan. 6, 2026, 5:26 p.m. | 42 minutes ago
Description : wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14942
Published : Jan. 6, 2026, 5:26 p.m. | 42 minutes ago
Description : wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32304 - WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability
CVE ID : CVE-2025-32304
Published : Jan. 6, 2026, 5:34 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32304
Published : Jan. 6, 2026, 5:34 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15382 - Client SCP Request Triggers Buffer Overread by 1 Byte
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0641 - TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21490 - iccDEV has heap buffer overflow in CIccTagLut16::Validate()
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21491 - iccDEV has unicode buffer overflow in CIccTagTextDescription
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...