CVE Alert: CVE-2025-24850
Vulnerability Summary: CVE-2025-24850 An attacker can export other users' plant information. Affected Endpoints: No affected endpoints listed. Published Date: 4/15/2025,...
Vulnerabilities
CVE Alert: CVE-2025-26749
Vulnerability Summary: CVE-2025-26749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs...
CVE Alert: CVE-2025-26880
Vulnerability Summary: CVE-2025-26880 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows...
CVE Alert: CVE-2025-26857
Vulnerability Summary: CVE-2025-26857 Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Affected Endpoints: No affected endpoints...
CVE Alert: CVE-2025-26870
Vulnerability Summary: CVE-2025-26870 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS....
CVE Alert: CVE-2025-26748
Vulnerability Summary: CVE-2025-26748 Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe:...
CVE Alert: CVE-2025-26930
Vulnerability Summary: CVE-2025-26930 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based...
CVE Alert: CVE-2025-26934
Vulnerability Summary: CVE-2025-26934 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored...
CVE Alert: CVE-2025-26927
Vulnerability Summary: CVE-2025-26927 Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell...
CVE Alert: CVE-2025-26950
Vulnerability Summary: CVE-2025-26950 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows...
CVE Alert: CVE-2025-26951
Vulnerability Summary: CVE-2025-26951 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based...
CVE Alert: CVE-2025-27565
Vulnerability Summary: CVE-2025-27565 An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Affected Endpoints:...
CVE Alert: CVE-2025-26919
Vulnerability Summary: CVE-2025-26919 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá allows Stored XSS....
CVE Alert: CVE-2025-27561
Vulnerability Summary: CVE-2025-27561 Unauthenticated attackers can rename "rooms" of arbitrary users. Affected Endpoints: No affected endpoints listed. Published Date: 4/15/2025,...
CVE Alert: CVE-2025-26908
Vulnerability Summary: CVE-2025-26908 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör...
CVE Alert: CVE-2025-27011
Vulnerability Summary: CVE-2025-27011 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam...
CVE Alert: CVE-2025-27575
Vulnerability Summary: CVE-2025-27575 An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID....
CVE Alert: CVE-2025-26953
Vulnerability Summary: CVE-2025-26953 Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects...
CVE Alert: CVE-2025-26998
Vulnerability Summary: CVE-2025-26998 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg...
CVE Alert: CVE-2025-27008
Vulnerability Summary: CVE-2025-27008 Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue...
CVE Alert: CVE-2025-26996
Vulnerability Summary: CVE-2025-26996 Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection....
CVE Alert: CVE-2025-30982
Vulnerability Summary: CVE-2025-30982 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media...
CVE Alert: CVE-2025-27929
Vulnerability Summary: CVE-2025-27929 Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Affected Endpoints: No affected endpoints...
CVE Alert: CVE-2025-27719
Vulnerability Summary: CVE-2025-27719 Unauthenticated attackers can query an API endpoint and get device details. Affected Endpoints: No affected endpoints listed....
