NA - CVE-2025-25155 - Improper Limitation of a Pathname to a...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer:...
NA - CVE-2025-25159 - Improper Neutralization of Input During Web...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a...
NA - CVE-2025-25160 - Cross-Site Request Forgery (CSRF) vulnerability...
Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
NA - CVE-2025-25163 - Improper Limitation of a Pathname to a...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B...
NA - CVE-2025-25167 - Missing Authorization vulnerability in...
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For...
NA - CVE-2025-25168 - Cross-Site Request Forgery (CSRF) vulnerability...
Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a...
NA - CVE-2025-25069 - A Cross-Protocol Scripting vulnerability is...
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to...
NA - CVE-2025-1107 - Unverified password change vulnerability in...
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password....