CVE-2025-13645 - The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, wit... read CVE-2025-13645
Published: December 02, 2025; 10:15:59 PM -0500

CVE-2025-63362 - Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authent... read CVE-2025-63362
Published: December 04, 2025; 2:16:04 PM -0500

CVE-2025-63361 - Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext.
Published: December 04, 2025; 2:16:04 PM -0500

CVE-2025-13353 - In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0.... read CVE-2025-13353
Published: December 02, 2025; 6:15:47 AM -0500

V3.1: 5.5 MEDIUM

CVE-2018-4063 - An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to ... read CVE-2018-4063
Published: May 06, 2019; 3:29:00 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

CVE-2025-14174 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published: December 12, 2025; 3:15:39 PM -0500

CVE-2025-36072 - IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserializatio... read CVE-2025-36072
Published: November 20, 2025; 6:15:51 PM -0500

CVE-2025-64524 - cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter cause... read CVE-2025-64524
Published: November 20, 2025; 1:15:51 PM -0500

V3.1: 5.5 MEDIUM

CVE-2025-65094 - WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restri... read CVE-2025-65094
Published: November 19, 2025; 2:15:50 PM -0500

V3.1: 8.8 HIGH

CVE-2025-8693 - A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
Published: November 17, 2025; 9:15:45 PM -0500

CVE-2025-59693 - The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the ... read CVE-2025-59693
Published: December 02, 2025; 10:15:54 AM -0500

CVE-2025-59694 - The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot proc... read CVE-2025-59694
Published: December 02, 2025; 10:15:54 AM -0500

CVE-2025-59695 - Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
Published: December 02, 2025; 10:15:55 AM -0500

CVE-2023-36690 - Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
Published: July 11, 2023; 9:15:10 AM -0400

V3.1: 8.8 HIGH

CVE-2024-9416 - The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attrib... read CVE-2024-9416
Published: April 03, 2025; 9:15:42 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-12853 - The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attac... read CVE-2024-12853
Published: January 08, 2025; 5:15:06 AM -0500

V3.1: 8.8 HIGH

CVE-2024-56045 - Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.
Published: December 31, 2024; 9:15:24 AM -0500

CVE-2025-49925 - Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
Published: October 22, 2025; 11:15:38 AM -0400

CVE-2024-56047 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
Published: December 18, 2024; 2:15:12 PM -0500

V3.1: 8.8 HIGH

CVE-2024-56048 - Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.
Published: December 18, 2024; 2:15:12 PM -0500