Common Vulnerabilities and Exposures (CVE)

CVE-2025-15256

Dec 30, 2025 16:32:06 UTC

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads ...

CVE-2025-65925

Dec 30, 2025 16:27:34 UTC

An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product ...

CVE-2025-62128

Dec 30, 2025 16:23:46 UTC

Missing Authorization vulnerability in SiteLock SiteLock Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through 5.0.1.

CVE-2025-62112

Dec 30, 2025 16:21:30 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through 2.2.1.

CVE-2025-62746

Dec 30, 2025 16:19:30 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP...

CVE-2025-66094

Dec 30, 2025 16:17:26 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.

CVE-2025-68618

Dec 30, 2025 16:15:10 UTC

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

CVE-2025-66516

Dec 30, 2025 16:12:37 UTC

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. ...

CVE-2025-61557

Dec 30, 2025 16:12:08 UTC

nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.

CVE-2025-66080

Dec 30, 2025 16:10:40 UTC

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy C...

CVE-2025-68120

Dec 30, 2025 16:05:04 UTC

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

CVE-2025-64528

Dec 30, 2025 16:04:10 UTC

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions...

CVE-2025-68978

Dec 30, 2025 16:03:47 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.

CVE-2025-63027

Dec 30, 2025 16:03:32 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webcreations907 WBC907 Core allows Stored XSS.This issue affects WBC907 Core: from n/a through 3.4.1.

CVE-2025-68977

Dec 30, 2025 16:03:04 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addo...