DethemeKit For Elementor, Stored Cross-Site Scripting (XSS), CVE-2025-26772 (Critical)
How the CVE Works: CVE-2025-26772 is a critical Stored Cross-Site Scripting (XSS) vulnerability in DethemeKit For Elementor, a WordPress plugin. […]
How the CVE Works: CVE-2025-26772 is a critical Stored Cross-Site Scripting (XSS) vulnerability in DethemeKit For Elementor, a WordPress plugin. […]
How the CVE Works: CVE-2025-22806 is a DOM-based Cross-site Scripting (XSS) vulnerability in Modernaweb Studio’s Black Widgets For Elementor plugin.
The Jenkins AnchorChain Plugin 1.0 is vulnerable to a stored Cross-Site Scripting (XSS) attack due to its failure to restrict
How the CVE Works: Mattermost versions 9.11.x up to and including 9.11.8 contain a vulnerability in the authorization mechanism for
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion (LFI) in all
The Podlove Podcast Publisher plugin for WordPress, up to and including version 4.2.2, is vulnerable to Cross-Site Request Forgery (CSRF)
How the CVE Works: CVE-2025-24605 is a critical Path Traversal vulnerability in the WOLF platform, affecting versions up to 1.0.8.5.
The CVE-2025-0554 vulnerability affects the Podlove Podcast Publisher plugin for WordPress, specifically versions 4.1.25 and earlier. This flaw arises due
How the CVE Works: CVE-2025-30066 is a critical vulnerability in tj-actions/changed-files versions before 46. The issue arises due to malicious
How the Mentioned CVE Works: CVE-2025-24472 is an authentication bypass vulnerability in FortiOS (versions 7.0.0 through 7.0.16) and FortiProxy (versions
How the Mentioned CVE Works: CVE-2025-26775 is a critical vulnerability in RealMag777 BEAR, affecting versions from n/a through 1.1.4.4. It
How the CVE Works: CVE-2025-0859 is a critical Path Traversal vulnerability in the Post and Page Builder by BoldGrid plugin
The WikiManager REST API vulnerability (CVE-2025-XXXX) allows any user to create wikis, potentially escalating privileges to administrator level. This flaw
XWiki, a popular open-source platform for developing collaborative applications, is affected by a critical information disclosure vulnerability (CVE-2025-XXXX). This vulnerability
How the Mentioned CVE Works: The vulnerability in XWiki arises due to incorrect wiki reference handling in the AuthorizationManager. This
How the Mentioned CVE Works: The vulnerability arises when a CDN (Content Delivery Network) in front of a Nuxt.js application
How the CVE Works: CVE-2025-22759 is a critical stored Cross-site Scripting (XSS) vulnerability in BoldGrid Post and Page Builder, a
How the Mentioned CVE Works: CVE-2025-22760 is a critical vulnerability in CodeBard Help Desk, versions up to 1.1.2, caused by
How the Mentioned CVE Works: CVE-2017-5638 is a critical vulnerability in Apache Struts 2, a popular framework for building Java
How the CVE Works: This vulnerability arises when a server processes a multipart/form-data request that includes a maliciously crafted ZIP
How the CVE Works: The vulnerability in Sylius allows users to manipulate their shopping cart after completing the PayPal Checkout
How the CVE Works: CVE-2025-1944 affects Picklescan versions before 0.0.23, which is a tool used to scan PyTorch model archives
How the CVE Works: CVE-2025-1945 exploits a vulnerability in PickleScan (versions before 0.0.23) where it fails to detect malicious pickle
How the CVE Works: The vulnerability in `reviewdog/action-setup@v1` arises from a malicious commit (f0d342d) that was introduced into the codebase.
How the CVE Works: The vulnerability arises in vLLM when configured with Mooncake, where unsafe deserialization of data occurs over
How the CVE Works: The vulnerability (CVE-2025-XXXX) in Apache Airflow MySQL Provider arises from improper neutralization of special elements in
How the CVE Works: The vulnerability in the `fast-jwt` library arises from improper validation of the `iss` (issuer) claim in
How the CVE Works: CVE-2025-28868 is a Cross-Site Request Forgery (CSRF) vulnerability in ZipList Recipe, affecting versions up to 3.1.
How the CVE Works: CVE-2025-26703 is an Improper Privilege Management vulnerability in ZTE GoldenDB versions 6.1.03 through 6.1.03.04. This flaw
How the CVE Works: CVE-2025-26706 is an Improper Privilege Management vulnerability in ZTE GoldenDB, specifically affecting versions from 6.1.03 through
How the CVE Works: CVE-2025-28859 is a critical Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice versions up to
How the CVE Works: CVE-2025-26704 is an Improper Privilege Management vulnerability in ZTE GoldenDB versions 6.1.03 through 6.1.03.05. This flaw
How the CVE Works: CVE-2025-26705 is an Improper Privilege Management vulnerability in ZTE GoldenDB, affecting versions 6.1.03 through 6.1.03.05. This
How the Mentioned CVE Works: CVE-2025-28862 is a Cross-Site Request Forgery (CSRF) vulnerability in the “Comment Date and Gravatar Remover”
How the CVE Works: CVE-2025-28864 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the Planet Studio Builder for Contact
How the CVE Works: CVE-2025-28861 is a critical vulnerability in the WP jQuery Persian Datepicker plugin for WordPress, affecting versions
How the Mentioned CVE Works: CVE-2025-28866 is a Cross-Site Request Forgery (CSRF) vulnerability found in the Login Logger plugin. This
How the CVE Works: CVE-2025-28860 is a critical vulnerability in the Google News Editors Picks Feed Generator plugin for WordPress,
How the CVE Works: CVE-2025-26702 is a critical vulnerability in ZTE GoldenDB versions 6.1.03 through 6.1.03.04, caused by improper input
How the CVE Works: CVE-2025-28863 is a Cross-Site Request Forgery (CSRF) vulnerability in the “Delete Original Image” functionality of the
How the CVE Works: CVE-2025-28857 is a critical vulnerability in the Rankchecker.io Integration plugin, affecting versions up to 1.0.9. The
The CVE-2025-26473 vulnerability in the Mojave Inverter arises due to the use of the HTTP GET method for transmitting sensitive
The Clickstorm SEO extension for TYPO3 is vulnerable to a Cross-Site Scripting (XSS) attack due to improper encoding of user
How the CVE Works: CosmWasm, a smart contract module for blockchain ecosystems, prior to version 2.2.0, lacks proper runtime validation
How the CVE Works: CVE-2025-28867 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the Stesvis Frontpage category filter. This
How the CVE Works: The vulnerability CVE-2025-XXXX in Wire arises due to uncontrolled recursion when processing nested groups in the
How the CVE Works: The vulnerability in jsPDF arises due to insufficient validation of user-supplied input in the `addImage` method.
How the Mentioned CVE Works: The vulnerability (CVE-2025-XXXX) in Contao arises due to insufficient validation of SVG files uploaded by
How the CVE Works: CVE-2025-28870 is a critical DOM-based Cross-Site Scripting (XSS) vulnerability in amoCRM WebForm versions up to 1.1.
How the Mentioned CVE Works: CVE-2021-41773 is a critical vulnerability in Apache HTTP Server versions 2.4.49. It arises due to
How the CVE Works: CVE-2025-24813 is a critical vulnerability in Apache Tomcat that arises due to path equivalence issues involving
How the CVE Works: The vulnerability in Sylius arises due to a mismatch in payment validation during the PayPal Checkout
How the CVE Works: The vulnerability in containerd arises due to an integer overflow in the User ID (UID) and
How the CVE Works: The vulnerability in OpenShift Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM),
How the CVE Works: The vulnerability in the Expr expression parser arises when it processes an unbounded input string. The
How the CVE Works: CVE-2024-XXXX is a critical vulnerability in BuildKit, a toolkit for building container images. The issue arises
How the Mentioned CVE Works: The vulnerability in Mattermost Desktop App (versions <=5.10.0) arises due to unnecessary macOS enments explicitly
How the CVE Works: The vulnerability in the Bare Metal Operator (BMO) for Kubernetes allows an adversary with namespace-level permissions
How the CVE Works: CVE-2025-29031 is a critical buffer overflow vulnerability in Tenda AC6 routers, specifically in firmware version v15.03.05.16.
How the CVE Works: CVE-2025-29385 is a critical stack overflow vulnerability in Tenda AC9 routers, specifically version v1.0 V15.03.05.14_multi. The
How the CVE Works: CVE-2025-29387 is a critical stack overflow vulnerability in Tenda AC9 routers, specifically in version v1.0 V15.03.05.14_multi.
How the CVE Works: CVE-2025-29029 is a critical buffer overflow vulnerability found in Tenda AC6 routers running firmware version v15.03.05.16.
CVE-2025-26918 is a critical vulnerability in Enituretechnology’s Small Package Quotes – Unishippers Edition, affecting versions up to 2.4.9. The vulnerability
How the CVE Works: CVE-2025-28879 is a critical vulnerability in Bee Layer Slider, a web plugin used for creating dynamic
How the CVE Works: CVE-2025-26970 is a critical code injection vulnerability in Ark Theme Core, affecting versions up to 1.70.0.
How the CVE Works: CVE-2025-25667 is a critical stack overflow vulnerability found in Tenda AC8V4 routers running firmware version V16.03.34.06.
How the CVE Works: CVE-2025-25668 is a critical stack overflow vulnerability found in Tenda AC8V4 routers running firmware version V16.03.34.06.
How the CVE Works: The vulnerability in `parse-git-config` v3.0.0 arises due to improper handling of user-supplied input in the `expandKeys`
How the CVE Works: The vulnerability in tj-actions/changed-files through version 45.0.7 allows remote attackers to exploit GitHub Actions logs to
How the CVE Works: CVE-2025-XXXX is a critical vulnerability in Qiskit, a popular quantum computing framework, affecting versions prior to
How the Mentioned CVE Works: The vulnerability in JS Html Sanitizer (CVE-2025-XXXX) arises when the sanitizer is used in conjunction
The feldman_vss library is vulnerable to timing side-channel attacks due to its implementation of matrix operations in Python. The vulnerability
How the CVE Works: The vulnerability resides in the `secure_redundant_execution` function within feldman_vss.py, which is designed to mitigate fault injection
How the CVE Works: The vulnerability exists in the `/api/v1/document-store/loader/process` API endpoint of Flowise, which allows an attacker to write
How the CVE Works: This vulnerability in xml-crypto (versions <= 6.0.0) allows attackers to bypass signature verification in signed XML
How the Mentioned CVE Works: The vulnerability CVE-2025-1234 in Azle arises due to improper handling of the `setTimer` function in
How the CVE Works: CVE-2025-XXXX exploits the deprecated `gitRepo` volume feature in Kubernetes. When a pod is created with a
How the CVE Works: CVE-2023-XXXX is a critical vulnerability in the `xml-crypto` library, which is used for signing and verifying
How the CVE Works: The vulnerability arises in Flowise due to improper validation of user-supplied input in the `/api/v1/attachments` route,
How the Mentioned CVE Works: CVE-2025-21797 is a critical use-after-free vulnerability in the Linux kernel, specifically within the HID (Human
How the CVE Works: CVE-2025-21791 is a critical use-after-free (UAF) vulnerability in the Linux kernel, specifically within the `l3mdev_l3_out()` function.
How the Mentioned CVE Works: CVE-2025-XXXX is a command injection vulnerability affecting Kubernetes Windows nodes. The flaw exists in the
How the CVE Works: CVE-2025-24984 is a critical vulnerability in Windows NTFS (New Technology File System) that allows sensitive information
How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability in MODX (prior to version 3.1.0) allows authenticated users to exploit a
How the Mentioned CVE Works: CVE-2025-24983 is a critical vulnerability in the Windows Win32 Kernel Subsystem that involves a “use-after-free”
How the Mentioned CVE Works: The vulnerability in the Snowflake JDBC driver arises when the logging level is set to
How the CVE Works: CVE-2025-25616 is a critical vulnerability in UnifiedTransform 2.0, an educational platform, caused by Incorrect Access Control.
How the CVE Works: CVE-2025-2152 is a critical heap-based buffer overflow vulnerability in Open Asset Import Library (Assimp) version 5.4.3.
How the CVE Works: CVE-2025-2153 is a critical vulnerability found in HDF5 version 1.14.6, specifically in the `H5SM_delete` function within
How the CVE Works: CVE-2025-25615 is a critical vulnerability in UnifiedTransform 2.0, an educational management platform. The flaw arises due
The CVE-2025-26643 vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exploit a flaw in the browser’s user interface
How the CVE Works: The vulnerability in Ed25519-Java (up to version 0.3.0) arises due to a missing scalar range check
How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability in XPixelGroup BasicSR (up to version 1.4.2) allows for command injection in
How the Mentioned CVE Works: CVE-2025-001 targets the IBC-Go package within the Cosmos SDK ecosystem. The vulnerability arises from non-deterministic
How the CVE Works: CVE-2025-2088 is a critical SQL injection vulnerability in PHPGurukul Pre-School Enrollment System up to version 1.0.
How the Mentioned CVE Works: CVE-2021-41773 is a critical vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The flaw
How the Mentioned CVE Works: CVE-2025-0177 is a critical vulnerability in the Javo Core plugin for WordPress, affecting all versions
The WP-Recall plugin for WordPress, versions up to and including 16.26.10, is vulnerable to Information Exposure due to insufficient access
How the CVE Works: CVE-2025-0162 is a critical vulnerability in IBM Aspera Shares versions 1.9.9 through 1.10.0 PL7, involving XML
How the CVE Works: This vulnerability arises when an attacker-controlled subdomain (e.g., evil.host.com) sets cookies scoped to the parent domain