Medium - CVE-2025-6745 - The WoodMart plugin for WordPress is vulnerable...
The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions...
High - CVE-2025-7442 - The WPGYM - Wordpress Gym Management System...
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member,...
NA - CVE-2025-6438 - CWE-611: Improper Restriction of XML External...
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized...
Medium - CVE-2025-6838 - The Broken Link Notifier plugin for WordPress...
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for...
High - CVE-2025-6851 - The Broken Link Notifier plugin for WordPress...
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the...
NA - CVE-2025-3933 - A Regular Expression Denial of Service (ReDoS)...
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This...
NA - CVE-2025-50121 - CWE-78: Improper Neutralization of Special...
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a...
NA - CVE-2025-50122 - CWE-331: Insufficient Entropy vulnerability...
CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade...
NA - CVE-2025-50123 - CWE-94: Improper Control of Generation of Code...
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a...
NA - CVE-2025-50124 - CWE-269: Improper Privilege Management...
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a...