CVE-2025-9553 - Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
Published: October 10, 2025; 7:15:37 PM -0400

CVE-2025-9554 - Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
Published: October 10, 2025; 7:15:37 PM -0400

CVE-2025-22167 - This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Sco... read CVE-2025-22167
Published: October 21, 2025; 9:16:08 PM -0400

V3.1: 6.5 MEDIUM

CVE-2025-49923 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/... read CVE-2025-49923
Published: October 22, 2025; 11:15:38 AM -0400

CVE-2025-59048 - OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untruste... read CVE-2025-59048
Published: October 23, 2025; 12:16:43 PM -0400

CVE-2025-11564 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all ... read CVE-2025-11564
Published: October 25, 2025; 2:15:35 AM -0400

V3.1: 5.3 MEDIUM

CVE-2025-6680 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and ... read CVE-2025-6680
Published: October 25, 2025; 2:15:36 AM -0400

V3.1: 4.3 MEDIUM

CVE-2025-62882 - Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <=... read CVE-2025-62882
Published: October 26, 2025; 10:15:46 PM -0400

CVE-2025-11154 - The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.
Published: October 27, 2025; 2:15:37 AM -0400

CVE-2025-47658 - Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: fr... read CVE-2025-47658
Published: May 23, 2025; 9:15:42 AM -0400

V3.1: 8.8 HIGH

CVE-2025-5114 - A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Commi... read CVE-2025-5114
Published: May 23, 2025; 11:15:25 AM -0400

V3.1: 9.1 CRITICAL

CVE-2025-48057 - Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tr... read CVE-2025-48057
Published: May 27, 2025; 1:15:26 PM -0400

V3.1: 9.8 CRITICAL

CVE-2023-26226 - A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
Published: May 30, 2025; 2:15:32 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-20994 - Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
Published: June 04, 2025; 1:15:24 AM -0400

V3.1: 7.1 HIGH

CVE-2025-20995 - Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
Published: June 04, 2025; 1:15:24 AM -0400

V3.1: 7.1 HIGH

CVE-2025-10552 - A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Published: October 13, 2025; 4:15:38 AM -0400

V3.1: 6.1 MEDIUM

CVE-2025-10558 - A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Published: October 13, 2025; 4:15:39 AM -0400

V3.1: 6.1 MEDIUM

CVE-2025-64187 - OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generate... read CVE-2025-64187
Published: November 06, 2025; 11:15:47 PM -0500

V3.1: 4.4 MEDIUM

CVE-2025-11695 - When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
Published: October 13, 2025; 1:15:34 PM -0400

V3.1: 7.5 HIGH

CVE-2025-64326 - Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which ca... read CVE-2025-64326
Published: November 06, 2025; 4:15:43 PM -0500

V3.1: 3.5 LOW