Flawless detection and protection against the industry’s most rigorous adversary emulation, proving Cybereason’s real-world effectiveness BlogRead More
Vulnerabilities
CVE-2025-8065 | TP-Link Tapo C200 V3 ONVIF XML Parser buffer overflow
A vulnerability described as critical has been identified in TP-Link Tapo C200 V3. Affected by this vulnerability is an unknown
CVE-2025-12820 | Pure WC Variation Swatches Plugin up to 1.1.7 on WordPress Setting authorization
A vulnerability classified as problematic has been found in Pure WC Variation Swatches Plugin up to 1.1.7 on WordPress. Affected
CVE-2025-7733 | WP JobHunt Plugin up to 7.7 on WordPress cs_update_application_status_callback resource injection (EUVD-2025-204641)
A vulnerability classified as problematic was found in WP JobHunt Plugin up to 7.7 on WordPress. This affects the function
CVE-2025-7782 | WP JobHunt Plugin up to 7.7 on WordPress cs_update_application_status_callback Status cross site scripting (EUVD-2025-204640)
A vulnerability, which was classified as problematic, has been found in WP JobHunt Plugin up to 7.7 on WordPress. This
CVE-2025-14989 | Campcodes Complete Online Beauty Parlor Management System 1.0 search-invoices.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue
CVE-2025-14990 | Campcodes Complete Online Beauty Parlor Management System 1.0 view-appointment.php viewid sql injection
A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. Impacted is
CVE-2025-14991 | Campcodes Complete Online Beauty Parlor Management System 1.0 bwdates-reports-details.php fromdate cross site scripting
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as problematic. The affected element
CVE-2025-14992 | Tenda AC18 15.03.05.05 HTTP Request GetParentControlInfo strcpy mac stack-based overflow
A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. The impacted element is the function
CVE-2025-14993 | Tenda AC18 15.03.05.05 HTTP Request /goform/SetDlnaCfg sprintf scanList stack-based overflow
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This affects the function sprintf of
CVE-2025-14994 | Tenda FH1201/FH1206 1.2.0.8(8155)/1.2.0.14(408) HTTP Request /goform/webtypelibrary strcat webSiteId stack-based overflow
A vulnerability was found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). It has been rated as critical. This impacts the function
CVE-2025-14995 | Tenda FH1201 1.2.0.14(408) /goform/SetIpBind sprintf page stack-based overflow
A vulnerability categorized as critical has been discovered in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file
CVE-2025-14071 | Live Composer Plugin up to 2.0.2 on WordPress Shortcode dslc_module_posts_output deserialization
A vulnerability identified as critical has been detected in Live Composer Plugin up to 2.0.2 on WordPress. Affected by this
CVE-2025-14080 | Frontend Post Submission Manager Lite Plugin up to 1.2.5 on WordPress fpsml_form_process post_id authorization
A vulnerability labeled as problematic has been found in Frontend Post Submission Manager Lite Plugin up to 1.2.5 on WordPress.
CVE-2025-14043 | Tainacan Plugin up to 1.0.1 on WordPress create_item_permissions_check authorization
A vulnerability marked as critical has been reported in Tainacan Plugin up to 1.0.1 on WordPress. This affects the function
CVE-2025-12654 | Migration, Backup, Staging Plugin up to 0.9.120 on WordPress Directory Creation check_filesystem_permissions privilege escalation
A vulnerability described as critical has been identified in Migration, Backup, Staging Plugin up to 0.9.120 on WordPress. This vulnerability
CVE-2025-12980 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites Plugin REST API Endpoint get_dynamic_content authorization
A vulnerability classified as problematic has been found in Post Grid Gutenberg Blocks for News, Magazines, Blog Websites Plugin up
CVE-2025-12398 | Product Table for WooCommerce Plugin up to 5.0.8 on WordPress search_key cross site scripting
A vulnerability classified as problematic was found in Product Table for WooCommerce Plugin up to 5.0.8 on WordPress. Impacted is
CVE-2025-14054 | WC Builder Plugin up to 1.2.0 on WordPress wpbforwpbakery_product_additional_information heading_color cross site scripting
A vulnerability, which was classified as problematic, has been found in WC Builder Plugin up to 1.2.0 on WordPress. The
CVE-2025-9343 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin cross site scripting
A vulnerability, which was classified as problematic, was found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up
CVE-2025-11496 | Five Star Restaurant Reservations Plugin up to 2.7.5 on WordPress Name cross site scripting
A vulnerability has been found in Five Star Restaurant Reservations Plugin up to 2.7.5 on WordPress and classified as problematic.
CVE-2025-13838 | WishSuite Plugin up to 1.5.1 on WordPress Shortcode wishsuite_button button_text cross site scripting
A vulnerability was found in WishSuite Plugin up to 1.5.1 on WordPress and classified as problematic. This impacts the function
CVE-2025-13693 | Image Photo Gallery Final Tiles Grid Plugin up to 3.6.8 on WordPress Setting cross site scripting
A vulnerability was found in Image Photo Gallery Final Tiles Grid Plugin up to 3.6.8 on WordPress. It has been
CVE-2025-13220 | Ultimate Member Plugin up to 2.11.0 on WordPress Shortcode cross site scripting
A vulnerability was found in Ultimate Member Plugin up to 2.11.0 on WordPress. It has been declared as problematic. Affected
CVE-2025-13361 | Web to SugarCRM Lead Plugin up to 1.0.0 on WordPress cross-site request forgery
A vulnerability was found in Web to SugarCRM Lead Plugin up to 1.0.0 on WordPress. It has been rated as
CVE-2025-67818 | Weaviate up to 1.33.3 path traversal
A vulnerability has been found in Weaviate up to 1.33.3 and classified as critical. Affected by this issue is some
CVE-2025-64011 | Nextcloud Server 30.0.0 /core/preview fileId resource injection
A vulnerability was found in Nextcloud Server 30.0.0 and classified as problematic. This affects an unknown part of the file
CVE-2025-67342 | RuoYi up to 4.8.1 /system/menu/edit cross site scripting (Issue 308)
A vulnerability was found in RuoYi up to 4.8.1. It has been classified as problematic. This vulnerability affects unknown code
CVE-2025-65530 | CloudLinux ai-bolit up to 32.7.3 injection
A vulnerability was found in CloudLinux ai-bolit up to 32.7.3. It has been declared as problematic. This issue affects some
CVE-2023-29144 | Malwarebytes 1.0.14 on Linux Signature integer overflow
A vulnerability was found in Malwarebytes 1.0.14 on Linux. It has been rated as problematic. Impacted is an unknown function
CVE-2025-12843 | waveterm 0.12.2 on macOS Electron Fuse code injection
A vulnerability categorized as critical has been discovered in waveterm 0.12.2 on macOS. The affected element is an unknown function
CVE-2025-66430 | Plesk 18.0 access control
A vulnerability identified as critical has been detected in Plesk 18.0. The impacted element is an unknown function. The manipulation
CVE-2025-65854 | MineAdmin 3.x Scheduled Task permission
A vulnerability labeled as critical has been found in MineAdmin 3.x. This affects an unknown function of the component Scheduled
CVE-2025-67819 | Weaviate up to 1.33.3 GetFile fileName state issue
A vulnerability marked as problematic has been reported in Weaviate up to 1.33.3. This impacts the function GetFile. This manipulation
CVE-2025-67341 | jishenghua jshERP up to 3.5 PDF File unrestricted upload (Issue 139)
A vulnerability described as critical has been identified in jishenghua jshERP up to 3.5. Affected is an unknown function of
CVE-2025-8082 | Vuetify 2.x cross site scripting
A vulnerability classified as problematic has been found in Vuetify 2.x. Affected by this vulnerability is an unknown functionality. Performing
CVE-2025-13733 | Dr.Buho BuhoNTFS 1.3.2 XPC Service permission assignment
A vulnerability classified as critical was found in Dr.Buho BuhoNTFS 1.3.2. Affected by this issue is some unknown functionality of
CVE-2025-67344 | jshERP up to 3.5 /msg/add cross site scripting (Issue 140)
A vulnerability, which was classified as problematic, has been found in jshERP up to 3.5. This affects an unknown part
CVE-2025-14476 | Doubly Plugin up to 1.0.46 on WordPress ZIP File Import deserialization
A vulnerability, which was classified as problematic, was found in Doubly Plugin up to 1.0.46 on WordPress. This vulnerability affects
CVE-2025-13094 | WP3D Model Import Viewer Plugin up to 1.0.7 on WordPress handle_import_file unrestricted upload
A vulnerability has been found in WP3D Model Import Viewer Plugin up to 1.0.7 on WordPress and classified as critical.
CVE-2025-14539 | Shortcode Ajax Plugin up to 1.0 on WordPress do_shortcode Remote Code Execution
A vulnerability was found in Shortcode Ajax Plugin up to 1.0 on WordPress and classified as critical. Impacted is the
CVE-2025-13077 | payamito sms woocommerce Plugin up to 1.3.5 on WordPress columns sql injection
A vulnerability was found in افزونه پیامک ووکامرس فوق حرفه ای payamito sms woocommerce Plugin up to 1.3.5 on WordPress.
CVE-2025-14395 | Popover Windows Plugin up to 1.2 on WordPress Setting pop_submit authorization
A vulnerability was found in Popover Windows Plugin up to 1.2 on WordPress. It has been declared as problematic. The
CVE-2025-14462 | Lucky Draw Contests Plugin up to 4.2 on WordPress Setting misc-settings.php cross-site request forgery
A vulnerability was found in Lucky Draw Contests Plugin up to 4.2 on WordPress. It has been rated as problematic.
CVE-2025-9218 | WordPress, BuddyPress and bbPress Plugin up to 4.7.3 on WordPress Private Post handle_rest_pre_dispatch authorization
A vulnerability categorized as problematic has been discovered in WordPress, BuddyPress and bbPress Plugin up to 4.7.3 on WordPress. This
CVE-2025-14508 | MediaCommander Plugin up to 2.3.1 on WordPress REST API Endpoint upload_files authorization
A vulnerability identified as problematic has been detected in MediaCommander Plugin up to 2.3.1 on WordPress. Affected is the function
CVE-2025-7058 | Kingcabs Plugin up to 1.1.9 on WordPress progressbarLayout cross site scripting
A vulnerability labeled as problematic has been found in Kingcabs Plugin up to 1.1.9 on WordPress. Affected by this vulnerability
CVE-2025-11707 | Login Lockdown & Protection Plugin up to 2.14 on WordPress unblock_key access control
A vulnerability marked as critical has been reported in Login Lockdown & Protection Plugin up to 2.14 on WordPress. Affected
CVE-2025-14366 | dugudlabs Eyewear Prescription Form Plugin up to 6.0.1 on WordPress Name/Price/Parent authorization
A vulnerability described as critical has been identified in dugudlabs Eyewear Prescription Form Plugin up to 6.0.1 on WordPress. This
CVE-2025-14475 | Extensive VC Addons for WPBakery Page Builder Plugin extensive_vc_get_module_template_part file inclusion
A vulnerability classified as critical has been found in Extensive VC Addons for WPBakery Page Builder Plugin up to 1.9.1
CVE-2025-14365 | dugudlabs Eyewear Prescription Form Plugin up to 6.0.1 on WordPress catIds authorization
A vulnerability classified as critical was found in dugudlabs Eyewear Prescription Form Plugin up to 6.0.1 on WordPress. This issue
CVE-2025-11164 | Mavix Education Theme Plugin up to 1.0 on WordPress Plugin Activation mavix_education_activate_plugin authorization
A vulnerability, which was classified as problematic, has been found in Mavix Education Theme Plugin up to 1.0 on WordPress.
CVE-2025-13089 | WP Directory Kit Plugin up to 1.4.7 on WordPress hide_fields/attr_search sql injection
A vulnerability, which was classified as critical, was found in WP Directory Kit Plugin up to 1.4.7 on WordPress. The
openSUSE: kubernetes-client Important Security Update 2025:4381-1
An update that can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: container-tool Important Security Patch 2025:4390-2
Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * openSUSE Leap 15.6LinuxSecurity – Security AdvisoriesRead More
SUSE: Container-SUSECONNECT Moderate Update Bypass 2025:4373-1
Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * SUSE Enterprise Storage 7.1LinuxSecurity – Security AdvisoriesRead More
SUSE: kubernetes-client Important Security Update 2025:4380-1
Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * openSUSE Leap 15.6LinuxSecurity – Security AdvisoriesRead More
openSUSE: kubernetes-client Important Patch for Security Issues 2025:4380-1
An update that can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian: Chromium Important DSA-6080-1 Code Exec DoS Issues
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information
Debian 11: tzdata Important Leap Second Update DLA-4403-1
This update includes the latest changes to the leap second list, including an update to its expiry date, which was
CVE-2025-36755 | CleverDisplay BlueOne up to 12.11.1/12.12.0 internal asset exposed to unsafe debug access level or state
A vulnerability classified as problematic was found in CleverDisplay BlueOne up to 12.11.1/12.12.0. The affected element is an unknown function.
CVE-2025-58770 | AMI AptioV 5.040 insufficient permissions or privileges
A vulnerability, which was classified as problematic, has been found in AMI AptioV 5.040. The impacted element is an unknown
CVE-2025-14050 | Design Import Export Plugin up to 2.2 on WordPress XML File Import sql injection
A vulnerability, which was classified as critical, was found in Design Import Export Plugin up to 2.2 on WordPress. This
CVE-2025-14278 | HT Plugins HT Slider for Elementor Plugin up to 1.7.4 on WordPress slide_title cross site scripting
A vulnerability has been found in HT Plugins HT Slider for Elementor Plugin up to 1.7.4 on WordPress and classified
CVE-2025-14477 | Solution Plugin up to 3.1.0 on WordPress filterText sql injection
A vulnerability was found in Solution Plugin up to 3.1.0 on WordPress and classified as critical. Affected is an unknown
CVE-2025-14454 | Ays Image Slider Plugin up to 2.7.0 on WordPress cross-site request forgery
A vulnerability was found in Ays Image Slider Plugin up to 2.7.0 on WordPress. It has been classified as problematic.
CVE-2025-13403 | Employee Spotlight Plugin up to 5.1.3 on WordPress employee_spotlight_check_optin authorization
A vulnerability was found in Employee Spotlight Plugin up to 5.1.3 on WordPress. It has been declared as problematic. Affected
CVE-2025-12512 | GenerateBlocks Plugin up to 2.1.2 on WordPress generateblocks/v1/meta/ get_user_meta_rest names/email/phone/address information disclosure
A vulnerability was found in GenerateBlocks Plugin up to 2.1.2 on WordPress. It has been rated as problematic. This affects
CVE-2025-14056 | Custom Post Type UI Plugin up to 1.18.1 on WordPress Import label cross site scripting
A vulnerability categorized as problematic has been discovered in Custom Post Type UI Plugin up to 1.18.1 on WordPress. This
CVE-2025-14581 | HAPPY Plugin up to 1.0.9 on WordPress Support Ticket submit_form_reply happy_topic_id authorization
A vulnerability identified as critical has been detected in HAPPY Plugin up to 1.0.9 on WordPress. This issue affects the
CVE-2025-54947 | Apache StreamPark up to 2.1.6 hard-coded key
A vulnerability labeled as problematic has been found in Apache StreamPark up to 2.1.6. Impacted is an unknown function. Executing
CVE-2025-54981 | Apache StreamPark up to 2.1.6 risky encryption
A vulnerability marked as problematic has been reported in Apache StreamPark up to 2.1.6. The affected element is an unknown
CVE-2025-36745 | SolarEdge SE3680H up to 4.21 Linux Kernel unmaintained third party components
A vulnerability described as critical has been identified in SolarEdge SE3680H up to 4.21. The impacted element is an unknown
CVE-2025-36744 | SolarEdge SE3680H up to 4.21 debug messages revealing unnecessary information
A vulnerability classified as problematic has been found in SolarEdge SE3680H up to 4.21. This affects an unknown function. This
CVE-2025-36743 | SolarEdge SE3680H up to 4.21 Debug Interface improper authentication
A vulnerability classified as critical was found in SolarEdge SE3680H up to 4.21. This impacts an unknown function of the
CVE-2025-36746 | SolarEdge Monitoring platform cross site scripting
A vulnerability, which was classified as problematic, has been found in SolarEdge Monitoring platform. Affected is an unknown function. Performing
CVE-2025-13506 | Nebim ERP up to 3.0.0 unnecessary privileges
A vulnerability classified as very critical was found in Nebim ERP up to 3.0.0. This vulnerability affects unknown code. Executing
CVE-2025-66002 | smb4k up to 4.0.4 Mount Helper access control
A vulnerability, which was classified as critical, has been found in smb4k up to 4.0.4. This issue affects some unknown
CVE-2025-66003 | smb4k up to 4.0.4 Mount Helper Local Privilege Escalation
A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Impacted is an unknown function of
CVE-2025-14578 | itsourcecode Student Management System 1.0 /update_account.php ID sql injection
A vulnerability has been found in itsourcecode Student Management System 1.0 and classified as critical. The affected element is an
CVE-2025-14580 | Qualitor up to 8.24.73 viewDocumento.php cdscript cross site scripting
A vulnerability was found in Qualitor up to 8.24.73 and classified as problematic. The impacted element is an unknown function
CVE-2025-14582 | campcodes Online Student Enrollment System 1.0 index.php?page=user-profile userphoto unrestricted upload
A vulnerability was found in campcodes Online Student Enrollment System 1.0. It has been classified as critical. This affects an
CVE-2025-14583 | campcodes Online Student Enrollment System 1.0 /admin/register.php photo unrestricted upload
A vulnerability was found in campcodes Online Student Enrollment System 1.0. It has been declared as critical. This impacts an
CVE-2025-14584 | itsourcecode COVID Tracking System 1.0 Admin Login /admin/login.php Username sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been rated as critical. Affected is an unknown
CVE-2025-14585 | itsourcecode COVID Tracking System 1.0 /admin/?page=zone sql injection
A vulnerability categorized as critical has been discovered in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an
CVE-2025-14586 | TOTOLINK X5000R 9.1.0cu.2089_B20211224 cstecgi.cgi?action=exportOvpn&type=user snprintf User os command injection
A vulnerability identified as critical has been detected in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf
CVE-2025-14587 | itsourcecode Online Pet Shop Management System 1.0 /pet1/available.php Name sql injection
A vulnerability labeled as critical has been found in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown
CVE-2025-14588 | itsourcecode Student Management System 1.0 /update_program.php ID sql injection
A vulnerability marked as critical has been reported in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of
CVE-2025-14589 | code-projects Prison Management System 2.0 /admin/search.php keyname sql injection
A vulnerability described as critical has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing
CVE-2025-14590 | code-projects Prison Management System 2.0 /admin/search1.php keyname sql injection
A vulnerability classified as critical has been found in code-projects Prison Management System 2.0. Impacted is an unknown function of
CVE-2025-14570 | projectworlds Advanced Library Management System 1.0 /view_admin.php admin_id sql injection
A vulnerability marked as critical has been reported in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is
CVE-2025-14571 | projectworlds Advanced Library Management System 1.0 /borrow_book.php roll_number sql injection
A vulnerability described as critical has been identified in projectworlds Advanced Library Management System 1.0. Affected by this issue is
CVE-2025-14572 | UTT 进取 512W up to 1.7.7-171114 formWebAuthGlobalConfig hidcontact memory corruption
A vulnerability classified as critical has been found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part
CVE-2025-12835 | WooMulti Plugin up to 1.7 on WordPress path traversal
A vulnerability, which was classified as critical, has been found in WooMulti Plugin up to 1.7 on WordPress. Affected by
CVE-2025-40829 | Siemens Simcenter Femap up to 2406 SLDPRT File Parser uninitialized resource (ssa-512988)
A vulnerability, which was classified as critical, was found in Siemens Simcenter Femap. This affects an unknown part of the
CVE-2025-12841 | Bookit Plugin up to 2.5.0 on WordPress REST Endpoint authorization
A vulnerability has been found in Bookit Plugin up to 2.5.0 on WordPress and classified as problematic. This vulnerability affects
CVE-2025-65995 | Apache Airflow up to 3.1.3 kwargs information disclosure
A vulnerability was found in Apache Airflow up to 3.1.3 and classified as problematic. This issue affects some unknown processing
CVE-2025-66388 | Apache Airflow up to 3.1.3 Template information disclosure
A vulnerability was found in Apache Airflow up to 3.1.3. It has been classified as problematic. Impacted is an unknown
CVE-2025-14565 | kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464 login1.php Username sql injection
A vulnerability was found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. It has been declared as critical. The affected element is
CVE-2025-14566 | kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464 reg.php USN sql injection
A vulnerability was found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. It has been rated as critical. The impacted element is
CVE-2025-14567 | haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0 /api/employees missing authentication
A vulnerability categorized as problematic has been discovered in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of