Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-11021 | 7.5 (v3.1) | Libsoup: out-of-bounds read in cookie date handling of… |
|
|
2025-09-26T08:36:19.399Z | 2025-11-18T14:38:51.466Z |
| cve-2025-64199 | N/A | WordPress wpresidence theme <= 5.3.2 - Broken Access C… |
WpEstate |
wpresidence |
2025-10-29T08:38:05.202Z | 2025-11-18T14:38:42.701Z |
| cve-2025-60197 | N/A | WordPress Simple Contact Forms plugin <= 1.6.4 - Local… |
owenr88 |
Simple Contact Forms |
2025-11-06T15:54:54.553Z | 2025-11-18T14:38:16.228Z |
| cve-2025-60199 | N/A | WordPress InHype - Blog & Magazine WordPress Theme the… |
dedalx |
InHype - Blog & Magazine WordPress Theme |
2025-11-06T15:54:56.700Z | 2025-11-18T14:36:27.416Z |
| cve-2025-60200 | N/A | WordPress LearnPress Export Import plugin <= 4.0.9 - L… |
ThimPress |
LearnPress Export Import |
2025-11-06T15:54:59.689Z | 2025-11-18T14:36:03.251Z |
| cve-2025-60201 | N/A | WordPress WP Customer Area plugin <= 8.2.7 - Local Fil… |
aguilatechnologies |
WP Customer Area |
2025-11-06T15:55:00.953Z | 2025-11-18T14:35:36.887Z |
| cve-2025-60202 | N/A | WordPress Favorites plugin <= 2.3.6 - Local File Inclu… |
Kyle Phillips |
Favorites |
2025-11-06T15:55:03.303Z | 2025-11-18T14:34:54.403Z |
| cve-2025-60203 | N/A | WordPress Store Exporter plugin <= 2.7.6 - Local File … |
Josh Kohlbach |
Store Exporter |
2025-11-06T15:55:04.065Z | 2025-11-18T14:33:49.141Z |
| cve-2025-60204 | N/A | WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - … |
Josh Kohlbach |
WooCommerce Store Toolkit |
2025-11-06T15:55:05.172Z | 2025-11-18T14:33:32.413Z |
| cve-2025-63666 | N/A | Tenda AC15 v15.03.05.18_multi) issues an authenti… |
n/a |
n/a |
2025-11-12T00:00:00.000Z | 2025-11-18T14:33:15.572Z |
| cve-2025-65002 | Fujitsu / Fsas Technologies iRMC S6 on M5 before … |
Fujitsu / Fsas Technologies |
iRMC |
2025-11-12T00:00:00.000Z | 2025-11-18T14:32:28.920Z | |
| cve-2025-12376 | Icon List Block – Add Icon-Based Lists with Custom Sty… |
bplugins |
Icon List Block – Add Icon-Based Lists with Custom Styles |
2025-11-18T13:54:50.042Z | 2025-11-18T14:30:38.295Z | |
| cve-2025-12545 | Pixel Manager for WooCommerce – Track Conversions and … |
alekv |
Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more |
2025-11-18T13:54:50.617Z | 2025-11-18T14:27:27.545Z | |
| cve-2025-8605 | Gutenify - Visual Site Builder Blocks & Site Templates… |
codeyatri |
Gutenify – Visual Site Builder Blocks & Site Templates. |
2025-11-18T08:27:33.788Z | 2025-11-18T14:27:21.105Z | |
| cve-2025-12937 | ACF Flexible Layouts Manager <= 1.1.6 - Missing Author… |
valentinpellegrin |
ACF Flexible Layouts Manager |
2025-11-18T08:27:34.186Z | 2025-11-18T14:26:17.607Z | |
| cve-2025-12173 | WP Admin Microblog <= 3.1.1 - Cross-Site Request Forge… |
winkm89 |
WP Admin Microblog |
2025-11-18T08:27:34.754Z | 2025-11-18T14:25:27.053Z | |
| cve-2025-55179 | 5.4 (v3.1) | Incomplete validation of rich response messages i… |
Facebook |
WhatsApp Business for iOS |
2025-11-18T13:56:31.598Z | 2025-11-18T14:25:08.232Z |
| cve-2025-8609 | RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) … |
rometheme |
RTMKit |
2025-11-18T08:27:35.296Z | 2025-11-18T14:24:34.927Z | |
| cve-2025-11868 | everviz <= 1.1 - Authenticated (Contributor+) Stored C… |
everviz |
everviz – Charts, Maps and Tables – Interactive and responsive |
2025-11-18T08:27:38.282Z | 2025-11-18T14:23:23.353Z | |
| cve-2025-40547 | 9.1 (v3.1) | SolarWinds Serv-U Logic Abuse - Remote Code Execution … |
SolarWinds |
Serv-U |
2025-11-18T08:35:03.970Z | 2025-11-18T14:21:16.920Z |
| cve-2025-13349 | SourceCodester Student Grades Management System Add Ne… |
SourceCodester |
Student Grades Management System |
2025-11-18T14:02:06.819Z | 2025-11-18T14:20:14.687Z | |
| cve-2025-40548 | 9.1 (v3.1) | SolarWinds Serv-U Broken Access Control - Remote Code … |
SolarWinds |
Serv-U |
2025-11-18T08:38:19.354Z | 2025-11-18T14:19:43.567Z |
| cve-2025-40549 | 9.1 (v3.1) | SolarWinds Serv-U Path Restriction Bypass Vulnerability |
SolarWinds |
Serv-U |
2025-11-18T08:41:24.582Z | 2025-11-18T14:16:45.652Z |
| cve-2024-7881 | N/A | An unprivileged context can trigger a data memory… |
Arm |
Neoverse V2 |
2025-01-28T15:01:44.445Z | 2025-11-18T13:14:02.578Z |
| cve-2025-13347 | SourceCodester Train Station Ticketing System ajax.php… |
SourceCodester |
Train Station Ticketing System |
2025-11-18T13:02:05.198Z | 2025-11-18T13:02:05.198Z | |
| cve-2025-55108 | 9.5 (v4.0) 10 (v3.1) | BMC Control-M/Agent default configuration does not enf… |
BMC |
Control-M/Agent |
2025-11-05T09:07:29.915Z | 2025-11-18T12:33:27.896Z |
| cve-2025-55118 | 8.4 (v4.0) 8.9 (v3.1) | BMC Control-M/Agent memory corruption in SSL/TLS commu… |
BMC |
Control-M/Agent |
2025-09-16T12:23:39.683Z | 2025-11-18T12:32:45.651Z |
| cve-2025-13346 | SourceCodester Train Station Ticketing System ajax.php… |
SourceCodester |
Train Station Ticketing System |
2025-11-18T12:32:06.129Z | 2025-11-18T12:32:06.129Z | |
| cve-2025-8084 | AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Si… |
tigroumeow |
AI Engine |
2025-11-18T12:29:48.352Z | 2025-11-18T12:29:48.352Z | |
| cve-2025-13344 | SourceCodester Train Station Ticketing System ajax.php… |
SourceCodester |
Train Station Ticketing System |
2025-11-18T12:02:05.989Z | 2025-11-18T12:02:05.989Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-000120 | "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key | 2024-11-20T13:56+09:00 | 2024-11-20T13:56+09:00 |
| jvndb-2024-000119 | Multiple vulnerabilities in FitNesse | 2024-11-15T13:37+09:00 | 2024-11-20T11:18+09:00 |
| jvndb-2024-012941 | Multiple vulnerabilities in Rakuten Turbo 5G | 2024-11-19T10:41+09:00 | 2024-11-19T10:41+09:00 |
| jvndb-2024-000118 | WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting | 2024-11-13T13:50+09:00 | 2024-11-13T13:50+09:00 |
| jvndb-2024-009481 | Insecure initial password configuration issue in SEIKO EPSON Web Config | 2024-10-01T14:14+09:00 | 2024-11-12T10:25+09:00 |
| jvndb-2024-000109 | baserCMS plugin "BurgerEditor" vulnerable to directory listing | 2024-10-10T14:57+09:00 | 2024-11-06T14:45+09:00 |
| jvndb-2024-012017 | Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control | 2024-11-06T11:00+09:00 | 2024-11-06T11:00+09:00 |
| jvndb-2024-011833 | Incorrect authorization vulnerability in OMRON Sysmac Studio | 2024-11-05T15:29+09:00 | 2024-11-05T15:29+09:00 |
| jvndb-2024-011747 | Command injection vulnerability in Trend Micro Cloud Edge | 2024-11-01T14:28+09:00 | 2024-11-01T14:28+09:00 |
| jvndb-2024-011744 | REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers | 2024-11-01T13:49+09:00 | 2024-11-01T13:49+09:00 |
| jvndb-2024-000116 | Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials | 2024-10-30T15:07+09:00 | 2024-10-30T15:07+09:00 |
| jvndb-2024-011256 | Multiple vulnerabilities in Sharp and Toshiba Tec MFPs | 2024-10-28T17:33+09:00 | 2024-10-28T17:33+09:00 |
| jvndb-2024-000115 | Chatwork Desktop Application (Windows) uses a potentially dangerous function | 2024-10-28T14:29+09:00 | 2024-10-28T14:29+09:00 |
| jvndb-2024-000112 | MUSASI version 3 performing authentication on client-side | 2024-10-18T14:40+09:00 | 2024-10-25T16:55+09:00 |
| jvndb-2024-000113 | N-LINE vulnerable to HTML injection | 2024-10-18T14:48+09:00 | 2024-10-25T16:48+09:00 |
| jvndb-2024-004623 | Multiple products from Check Point Software Technologies vulnerable to information disclosure | 2024-07-29T10:23+09:00 | 2024-10-24T16:37+09:00 |
| jvndb-2024-000111 | SHIRASAGI vulnerable to path traversal | 2024-10-16T14:12+09:00 | 2024-10-23T17:35+09:00 |
| jvndb-2024-010802 | Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector | 2024-10-22T13:02+09:00 | 2024-10-22T13:02+09:00 |
| jvndb-2024-000102 | Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions | 2024-09-24T16:00+09:00 | 2024-10-18T11:02+09:00 |
| jvndb-2024-000110 | Multiple vulnerabilities in Exment | 2024-10-11T14:13+09:00 | 2024-10-11T14:13+09:00 |
| jvndb-2024-000104 | MF Teacher Performance Management System vulnerable to cross-site scripting | 2024-09-27T15:00+09:00 | 2024-10-10T11:14+09:00 |
| jvndb-2024-009667 | Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software | 2024-10-03T13:42+09:00 | 2024-10-03T13:42+09:00 |
| jvndb-2024-000108 | Apache Tomcat improper handling of TLS handshake process data | 2024-10-01T17:51+09:00 | 2024-10-01T17:51+09:00 |
| jvndb-2024-009498 | Vulnerability in Cosminexus | 2024-10-01T16:01+09:00 | 2024-10-01T16:01+09:00 |
| jvndb-2024-000107 | RevoWorks Cloud vulnerable to unintended process execution | 2024-09-30T15:17+09:00 | 2024-09-30T15:17+09:00 |
| jvndb-2024-003932 | File Permissions Vulnerability in Hitachi Ops Center Common Services | 2024-09-30T14:15+09:00 | 2024-09-30T14:15+09:00 |
| jvndb-2024-000105 | Multiple vulnerabilities in Smart-tab | 2024-09-30T14:14+09:00 | 2024-09-30T14:14+09:00 |
| jvndb-2024-009396 | SNMP service is enabled by default in Sharp NEC Display Solutions projectors | 2024-09-30T12:46+09:00 | 2024-09-30T12:46+09:00 |
| jvndb-2024-003049 | Multiple vulnerabilities in KEYENCE KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 | 2024-04-01T12:31+09:00 | 2024-09-25T13:51+09:00 |
| jvndb-2024-000089 | WindLDR and WindO/I-NV4 store sensitive information in cleartext | 2024-08-29T15:08+09:00 | 2024-09-24T17:14+09:00 |