Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through

Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through

Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through

Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through

When passing through PCI devices, the detach logic in libxl won’t remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit...

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three...

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three...

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. More information : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0017

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in...

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a...

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability...