Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘events_list_grouped’ shortcode in all versions up to, and including, 7.2.2.1 due to insufficient...
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access`...
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled. More information : https://product.m-files.com/security-advisories/cve-2025-14318/
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue affects ShieldGroup: from n/a through
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. More information : https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d
Bio.Entrez in Biopython through 186 allows doctype XXE. More information : https://github.com/biopython/biopython/issues/5109
Memory corruption while loading an invalid firmware in boot loader. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html
Memory Corruption when processing IOCTLs for JPEG data without verification. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html
RG – AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an...
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html