Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK’s data watchdog
Vulnerabilities
CVE-2025-14356 | Themefic Ultra Addons for Contact Form 7 Plugin up to 3.5.33 on WordPress uacf7_get_generated_pdf authorization
A vulnerability identified as problematic has been detected in Themefic Ultra Addons for Contact Form 7 Plugin up to 3.5.33
CVE-2025-13891 | Image Gallery Plugin up to 2.13.3 on WordPress AJAX Endpoint modula_list_folders authorization
A vulnerability labeled as problematic has been found in Image Gallery Plugin up to 2.13.3 on WordPress. This impacts the
CVE-2025-12960 | Simple CSV Table Plugin up to 1.0.1 on WordPress Shortcode csv href path traversal
A vulnerability marked as critical has been reported in Simple CSV Table Plugin up to 1.0.1 on WordPress. Affected is
CVE-2025-14074 | Contact Form PDF for Contact Form 7 & Drag and Drop Template Builder Plugin rednumber_duplicate authorization
A vulnerability described as problematic has been identified in Contact Form PDF for Contact Form 7 & Drag and Drop
CVE-2025-14442 | Ays Pro Secure Copy Content Protection and Content Locking Plugin CSV File Parser information disclosure
A vulnerability classified as problematic has been found in Ays Pro Secure Copy Content Protection and Content Locking Plugin up
CVE-2025-14065 | Simple Bike Rental Plugin up to 1.0.6 on WordPress Email Address simpbire_carica_prenotazioni authorization
A vulnerability classified as problematic was found in Simple Bike Rental Plugin up to 1.0.6 on WordPress. This affects the
CVE-2025-12408 | Events Manager Plugin up to 7.2.2.2 on WordPress get_location information disclosure
A vulnerability, which was classified as problematic, has been found in Events Manager Plugin up to 7.2.2.2 on WordPress. This
CVE-2025-12655 | Hippoo Mobile App for WooCommerce Plugin up to 1.7.1 on WordPress REST API Endpoint save_callback authorization
A vulnerability, which was classified as problematic, was found in Hippoo Mobile App for WooCommerce Plugin up to 1.7.1 on
CVE-2025-11876 | Mailgun Subscriptions Plugin up to 1.3.1 on WordPress Shortcode mailgun_subscription_form cross site scripting
A vulnerability has been found in Mailgun Subscriptions Plugin up to 1.3.1 on WordPress and classified as problematic. Impacted is
CVE-2025-4970 | Bannersky BSK PDF Manager Plugin up to 3.7.1 on WordPress SVG File Parser cross site scripting
A vulnerability was found in Bannersky BSK PDF Manager Plugin up to 3.7.1 on WordPress and classified as problematic. The
CVE-2025-14049 | VikRentItems Flexible Rental Management System Plugin cross site scripting
A vulnerability was found in VikRentItems Flexible Rental Management System Plugin up to 1.2.0 on WordPress. It has been classified
CVE-2025-10583 | WP Fastest Cache Plugin up to 1.7.4 on WordPress get_server_time_ajax_request authorization
A vulnerability was found in WP Fastest Cache Plugin up to 1.7.4 on WordPress. It has been declared as problematic.
CVE-2025-14030 | AI Feeds Plugin up to 1.0.22 on WordPress Shortcode aife_post_meta cross site scripting
A vulnerability was found in AI Feeds Plugin up to 1.0.22 on WordPress. It has been rated as problematic. This
CVE-2025-12407 | Events Manager Plugin up to 7.2.2.2 on WordPress location_delete cross-site request forgery
A vulnerability categorized as problematic has been discovered in Events Manager Plugin up to 7.2.2.2 on WordPress. Affected is the
CVE-2025-12965 | Magical Posts Display Plugin up to 1.2.54 on WordPress Magical Posts Accordion Widget mpac_title_tag cross site scripting
A vulnerability identified as problematic has been detected in Magical Posts Display Plugin up to 1.2.54 on WordPress. Affected by
CVE-2025-14159 | Ays Pro Secure Copy Content Protection and Content Locking Plugin ays_sccp_results_export_file cross-site request forgery
A vulnerability labeled as problematic has been found in Ays Pro Secure Copy Content Protection and Content Locking Plugin up
CVE-2025-13660 | rcatheme Guest Support Plugin up to 1.2.3 on WordPress AJAX Endpoint guest_support_handler Request information disclosure
A vulnerability marked as problematic has been reported in rcatheme Guest Support Plugin up to 1.2.3 on WordPress. This affects
CVE-2025-58130 | Apache Fineract up to 1.11.0 credentials storage
A vulnerability described as problematic has been identified in Apache Fineract up to 1.11.0. This vulnerability affects unknown code. Such
CVE-2025-23408 | Apache Fineract up to 1.10.0 weak password
A vulnerability classified as critical has been found in Apache Fineract up to 1.10.0. This issue affects some unknown processing.
CVE-2025-58137 | Apache Fineract up to 1.11.0 Self-service API resource injection
A vulnerability classified as critical was found in Apache Fineract up to 1.11.0. Impacted is an unknown function of the
CVE-2025-14404 | PDFsam Enhanced XLS File ui layer (ZDI-25-1092)
A vulnerability, which was classified as problematic, has been found in PDFsam Enhanced. The affected element is an unknown function
CVE-2025-14403 | PDFsam Enhanced Launch ui layer (ZDI-25-1091)
A vulnerability, which was classified as problematic, was found in PDFsam Enhanced. The impacted element is an unknown function of
CVE-2025-14402 | PDFsam Enhanced DOC File ui layer (ZDI-25-1090)
A vulnerability has been found in PDFsam Enhanced and classified as problematic. This affects an unknown function of the component
CVE-2025-14415 | Soda PDF Desktop Launch ui layer (ZDI-25-1088)
A vulnerability was found in Soda PDF Desktop and classified as problematic. This impacts an unknown function of the component
CVE-2025-14414 | Soda PDF Desktop Word File ui layer (ZDI-25-1087)
A vulnerability was found in Soda PDF Desktop. It has been classified as problematic. Affected is an unknown function of
CVE-2025-14413 | Soda PDF Desktop CBZ File Parser path traversal (ZDI-25-1086)
A vulnerability was found in Soda PDF Desktop. It has been declared as critical. Affected by this vulnerability is an
CVE-2025-14412 | Soda PDF Desktop XLS File ui layer (ZDI-25-1085)
A vulnerability was found in Soda PDF Desktop. It has been rated as problematic. Affected by this issue is some
CVE-2025-14409 | Soda PDF Desktop PDF File Parser out-of-bounds write (ZDI-25-1082)
A vulnerability categorized as critical has been discovered in Soda PDF Desktop. This affects an unknown part of the component
CVE-2025-14420 | pdfforge PDF Architect CBZ File Parser path traversal (ZDI-25-1077)
A vulnerability identified as critical has been detected in pdfforge PDF Architect. This vulnerability affects unknown code of the component
CVE-2025-14419 | pdfforge PDF Architect PDF File Parser memory corruption (ZDI-25-1076)
A vulnerability labeled as critical has been found in pdfforge PDF Architect. This issue affects some unknown processing of the
CVE-2025-14418 | pdfforge PDF Architect XLS File ui layer (ZDI-25-1075)
A vulnerability marked as problematic has been reported in pdfforge PDF Architect. Impacted is an unknown function of the component
CVE-2025-14417 | pdfforge PDF Architect Launch ui layer (ZDI-25-1074)
A vulnerability described as problematic has been identified in pdfforge PDF Architect. The affected element is an unknown function of
CVE-2025-14416 | pdfforge PDF Architect DOC File Remote Code Execution (ZDI-25-1073)
A vulnerability classified as critical has been found in pdfforge PDF Architect. The impacted element is an unknown function of
CVE-2025-14411 | Soda PDF Desktop PDF File Parser out-of-bounds (ZDI-25-1084)
A vulnerability classified as problematic was found in Soda PDF Desktop. This affects an unknown function of the component PDF
CVE-2025-14410 | Soda PDF Desktop PDF File Parser out-of-bounds (ZDI-25-1083)
A vulnerability, which was classified as problematic, has been found in Soda PDF Desktop. This impacts an unknown function of
CVE-2025-14408 | Soda PDF Desktop PDF File Parser out-of-bounds (ZDI-25-1081)
A vulnerability, which was classified as problematic, was found in Soda PDF Desktop. Affected is an unknown function of the
CVE-2025-14407 | Soda PDF Desktop PDF File Parser information disclosure (ZDI-25-1080)
A vulnerability has been found in Soda PDF Desktop and classified as problematic. Affected by this vulnerability is an unknown
CVE-2025-14421 | pdfforge PDF Architect PDF File Parser out-of-bounds (ZDI-25-1078)
A vulnerability was found in pdfforge PDF Architect and classified as problematic. Affected by this issue is some unknown functionality
CVE-2025-14401 | PDFsam Enhanced out-of-bounds (ZDI-25-1089)
A vulnerability was found in PDFsam Enhanced. It has been classified as problematic. This affects an unknown part. The manipulation
CVE-2025-14405 | PDFsam Enhanced uncontrolled search path (ZDI-25-1093)
A vulnerability was found in PDFsam Enhanced. It has been declared as problematic. This vulnerability affects unknown code. The manipulation
CVE-2025-14406 | Soda PDF Desktop uncontrolled search path (ZDI-25-1079)
A vulnerability was found in Soda PDF Desktop. It has been rated as problematic. This issue affects some unknown processing.
CVE-2025-14372 | Google Chrome up to 143.0.7499.41 Password Manager use after free
A vulnerability categorized as critical has been discovered in Google Chrome. Impacted is an unknown function of the component Password
CVE-2025-14373 | Google Chrome up to 143.0.7499.41 Toolbar Remote Code Execution
A vulnerability identified as critical has been detected in Google Chrome. The affected element is an unknown function of the
Slackware: mozilla-thunderbird Important Security Fix SSA:2025-345-01
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Significant Vulnerabilities in OpenStack Keystone on Ubuntu 22.04 LTS
Several security issues were fixed in OpenStack Keystone.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04: USN-7889-6 Linux Kernel Important Security Patch
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS: Linux Kernel Critical Security Issues USN-7928-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04: 7928-2 Linux Kernel FIPS Security Updates
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS: USN-7928-1 Linux Kernel Critical Security Issues
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.10: Linux Kernel Critical Flaws Security Patch USN-7906-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-56118 | Ruijie X60 PRO 1.00/2.00 POST nbr_cwmp.lua module_set os command injection
A vulnerability identified as critical has been detected in Ruijie X60 PRO 1.00/2.00. This impacts the function module_set of the
CVE-2025-56120 | Ruijie X60 PRO 1.00/2.00 POST config_retain.lua module_set os command injection
A vulnerability labeled as critical has been found in Ruijie X60 PRO 1.00/2.00. Affected is the function module_set of the
CVE-2025-56083 | Ruijie X30-PRO POST nbr_networkId_merge.lua module_set os command injection
A vulnerability marked as critical has been reported in Ruijie X30-PRO. Affected by this vulnerability is the function module_set of
CVE-2025-56084 | Ruijie RG-EW1800GX PRO POST nbr_cwmp.lua module_set os command injection
A vulnerability described as critical has been identified in Ruijie RG-EW1800GX PRO. Affected by this issue is the function module_set
CVE-2025-56085 | Ruijie RG-EW1200 1.00/3.0 POST config_retain.lua module_set os command injection
A vulnerability classified as critical has been found in Ruijie RG-EW1200 1.00/3.0. This affects the function module_set of the file
CVE-2025-56086 | Ruijie RG-EW1200 1.00/3.0 POST networkConnect.lua module_get os command injection
A vulnerability classified as critical was found in Ruijie RG-EW1200 1.00/3.0. This vulnerability affects the function module_get of the file
CVE-2025-56089 | Ruijie M18 3.0 POST nbr_cwmp.lua module_set os command injection
A vulnerability, which was classified as critical, has been found in Ruijie M18 3.0. This issue affects the function module_set
CVE-2025-56090 | Ruijie RG-EW1200G PRO 1.00/2.00/3.00/4.00 POST config_retain.lua module_set os command injection
A vulnerability, which was classified as critical, was found in Ruijie RG-EW1200G PRO 1.00/2.00/3.00/4.00. Impacted is the function module_set of
CVE-2025-56091 | Ruijie RG-EW1800GX POST config_retain.lua module_set os command injection
A vulnerability has been found in Ruijie RG-EW1800GX and classified as critical. The affected element is the function module_set of
CVE-2025-36916 | Google Android gxp_main_actor.cc gxp_main_actor race condition
A vulnerability was found in Google Android and classified as problematic. The impacted element is the function gxp_main_actor of the
CVE-2025-36918 | Google Android aoc_ipc_core.c aoc_service_read_message out-of-bounds
A vulnerability was found in Google Android. It has been classified as problematic. This affects the function aoc_service_read_message of the
CVE-2025-36925 | Google Android libaoc_waves.c WAVES_send_data_to_dsp out-of-bounds write
A vulnerability was found in Google Android. It has been declared as critical. This impacts the function WAVES_send_data_to_dsp of the
CVE-2025-36919 | Google Android aoc_channel_dev.c aocc_read double free
A vulnerability was found in Google Android. It has been rated as problematic. Affected is the function aocc_read of the
CVE-2024-58308 | opensolution Quick.CMS 6.7 sql injection (Exploit 51910 / EDB-51910)
A vulnerability categorized as critical has been discovered in opensolution Quick.CMS 6.7. Affected by this vulnerability is an unknown functionality.
CVE-2024-58302 | Flarum Friendsof Pretty Mail 1.1.2 filename control (Exploit 51947 / EDB-51947)
A vulnerability identified as problematic has been detected in Flarum Friendsof Pretty Mail 1.1.2. Affected by this issue is some
CVE-2025-36928 | Google Android gxp_buffer.h gxp_buffer out-of-bounds write
A vulnerability labeled as critical has been found in Google Android. This affects the function gxp_buffer of the file gxp_buffer.h.
CVE-2024-58307 | CSZCMS 1.3.0 view sql injection (Exploit 51916 / EDB-51916)
A vulnerability marked as critical has been reported in CSZCMS 1.3.0. This vulnerability affects unknown code. The manipulation of the
CVE-2025-66918 | edoc-doctor-appointment-system 1.0.1 admin/add-session.php Title cross site scripting
A vulnerability described as problematic has been identified in edoc-doctor-appointment-system 1.0.1. This issue affects some unknown processing of the file
CVE-2024-58289 | Microweber 2.0.15 cross site scripting (Exploit 52058 / EDB-52058)
A vulnerability classified as problematic has been found in Microweber 2.0.15. Impacted is an unknown function. This manipulation causes cross
CVE-2025-55816 | HotelDruid up to 3.0.7 /modifica_app.php cross site scripting
A vulnerability classified as problematic was found in HotelDruid up to 3.0.7. The affected element is an unknown function of
CVE-2025-66588 | AzeoTech DAQFactory up to 20.7 uninitialized pointer (icsa-25-345-03)
A vulnerability, which was classified as problematic, has been found in AzeoTech DAQFactory up to 20.7. The impacted element is
CVE-2025-36927 | Google Android tachyon_server_common.h tachyon_server_common out-of-bounds write
A vulnerability, which was classified as critical, was found in Google Android. This affects the function tachyon_server_common of the file
CVE-2025-34499 | AnyDesk 7.0.15/9.0.1 unquoted search path (Exploit 52258 / EDB-51968)
A vulnerability has been found in AnyDesk 7.0.15/9.0.1 and classified as problematic. This impacts an unknown function. The manipulation leads
CVE-2024-58291 | Flatboard 3.2 Session Cookie cross site scripting (Exploit 52054 / EDB-52054)
A vulnerability was found in Flatboard 3.2 and classified as problematic. Affected is an unknown function of the component Session
CVE-2024-58304 | SPA-Cart SPA-CART CMS [1.9.0.3] Product Description descr cross site scripting (Exploit 51919 / EDB-51919)
A vulnerability was found in SPA-Cart SPA-CART CMS [1.9.0.3]. It has been classified as problematic. Affected by this vulnerability is
CVE-2024-58296 | PhoenixCart CE Phoenix 1.0.8.20 Administration Panel Title cross site scripting (Exploit 52015 / EDB-52015)
A vulnerability was found in PhoenixCart CE Phoenix 1.0.8.20. It has been declared as problematic. Affected by this issue is
CVE-2025-13664 | Altera Quartus Prime Standard up to 23.1.1 uncontrolled search path
A vulnerability was found in Altera Quartus Prime Standard up to 23.1.1. It has been rated as problematic. This affects
CVE-2025-67741 | JetBrains TeamCity up to 2025.10 cross site scripting
A vulnerability categorized as problematic has been discovered in JetBrains TeamCity up to 2025.10. This vulnerability affects unknown code. Executing
CVE-2024-8273 | HYPR up to 10.0 authentication spoofing
A vulnerability identified as critical has been detected in HYPR up to 10.0. This issue affects some unknown processing. The
CVE-2025-67739 | JetBrains TeamCity up to 2025.11.1 URL Validation improper authorization in handler for custom url scheme
A vulnerability labeled as problematic has been found in JetBrains TeamCity up to 2025.11.1. Impacted is an unknown function of
CVE-2025-67742 | JetBrains TeamCity up to 2025.10 path traversal
A vulnerability marked as critical has been reported in JetBrains TeamCity up to 2025.10. The affected element is an unknown
CVE-2025-13668 | Altera Quartus Prime Pro up to 24.3.1 uncontrolled search path
A vulnerability described as problematic has been identified in Altera Quartus Prime Pro up to 24.3.1. The impacted element is
CVE-2025-64669 | Microsoft Windows Admin Center prior 2.6.2.6 access control
A vulnerability classified as critical has been found in Microsoft Windows Admin Center. This affects an unknown function. Performing manipulation
CVE-2024-58292 | xmbforum2 XMB Forum 1.9.12.06 Setting cross site scripting (Exploit 52044 / EDB-52044)
A vulnerability classified as problematic was found in xmbforum2 XMB Forum 1.9.12.06. This impacts an unknown function of the component
CVE-2024-58297 | PyroCMS 3.0.1 Configuration Redirect From cross site scripting (Exploit 52016 / EDB-52016)
A vulnerability, which was classified as problematic, has been found in PyroCMS 3.0.1. Affected is an unknown function of the
CVE-2025-67740 | JetBrains TeamCity up to 2025.10 authorization
A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2025.10. Affected by this vulnerability is
CVE-2024-42197 | HCL Workload Scheduler prior 10.2.3 credentials storage (KB0127448)
A vulnerability has been found in HCL Workload Scheduler prior 10.2.3 and classified as problematic. Affected by this issue is
CVE-2024-58286 | vexorian dizqueTV 1.5.3 os command injection (Exploit 52079 / EDB-52079)
A vulnerability was found in vexorian dizqueTV 1.5.3 and classified as critical. This affects an unknown part. Such manipulation leads
CVE-2025-66419 | 1Panel-dev MaxKB up to 2.3.x Tool race condition (GHSA-f9qm-2pxq-fx6c)
A vulnerability was found in 1Panel-dev MaxKB up to 2.3.x. It has been classified as critical. This vulnerability affects unknown
CVE-2025-36937 | Google Android audio_decoder.cc HandleProduceRequest out-of-bounds write
A vulnerability was found in Google Android. It has been declared as critical. This issue affects the function AudioDecoder::HandleProduceRequest of
CVE-2025-36930 | Google Android gxp_buffer.h gxp_buffer out-of-bounds write
A vulnerability was found in Google Android. It has been rated as critical. Impacted is the function gxp_buffer of the
CVE-2025-36932 | Google Android tracepoint_ipc.c tracepoint_msg_handler memory corruption
A vulnerability categorized as critical has been discovered in Google Android. The affected element is the function tracepoint_msg_handler in the
CVE-2025-67780 | SpaceX Starlink Dish up to 21.08.23 Header Referer missing authentication
A vulnerability identified as critical has been detected in SpaceX Starlink Dish up to 21.08.23. The impacted element is an
CVE-2025-36936 | Google Android tachyon_server_common.h tachyon_server_common out-of-bounds write
A vulnerability labeled as critical has been found in Google Android. This affects the function tachyon_server_common of the file tachyon_server_common.h.
CVE-2025-36935 | Google Android shared-mem-smcall.c trusty_ffa_mem_reclaim memory corruption
A vulnerability marked as critical has been reported in Google Android. This impacts the function trusty_ffa_mem_reclaim of the file shared-mem-smcall.c.
CVE-2025-36938 | Google Android U-Boot append_uint32_le injection
A vulnerability described as problematic has been identified in Google Android. Affected is the function append_uint32_le of the component U-Boot.
CVE-2024-58287 | reNgine 2.2.0 Configuration nmap_cmd os command injection (Exploit 52081 / EDB-52081)
A vulnerability classified as critical has been found in reNgine 2.2.0. Affected by this vulnerability is an unknown functionality of
CVE-2025-36931 | Google Android gxp_buffer.h gxp_buffer out-of-bounds write
A vulnerability classified as critical was found in Google Android. Affected by this issue is the function gxp_buffer of the
CVE-2025-36934 | Google Android bigo.c bigo_worker_thread use after free
A vulnerability, which was classified as critical, has been found in Google Android. This affects the function bigo_worker_thread of the
CVE-2024-58288 | Genexus Protection Server 9.7.2.10 Windows Service unquoted search path (Exploit 52065 / EDB-52065)
A vulnerability, which was classified as problematic, was found in Genexus Protection Server 9.7.2.10. This vulnerability affects unknown code of