Search

Search Results (312902 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9029 2025-10-04 4.3 Medium
The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkit_handle_review_submission function in versions less than, or equal to, 1.2.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to submit feedback data to external services.
CVE-2025-8726 2025-10-04 5.4 Medium
The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the photo album descriptions that execute in a victim's browser.
CVE-2025-61962 2025-10-04 5.9 Medium
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.
CVE-2025-61895 2025-10-04 N/A
Not used
CVE-2025-61894 2025-10-04 N/A
Not used
CVE-2025-61893 2025-10-04 N/A
Not used
CVE-2025-61892 2025-10-04 N/A
Not used
CVE-2025-61891 2025-10-04 N/A
Not used
CVE-2025-61890 2025-10-04 N/A
Not used
CVE-2025-61889 2025-10-04 N/A
Not used
CVE-2025-61888 2025-10-04 N/A
Not used
CVE-2025-61887 2025-10-04 N/A
Not used
CVE-2025-11228 2025-10-04 5.3 Medium
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
CVE-2025-11227 2025-10-04 6.5 Medium
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.
CVE-2025-10746 2025-10-04 6.5 Medium
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate the plugin, tamper with OAuth configuration, and trigger test connections that expose sensitive data via direct request to vulnerable endpoints granted they can craft malicious requests with specific parameters.
CVE-2025-10751 2025-10-04 N/A
MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.
CVE-2023-5870 2 Postgresql, Redhat 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more 2025-10-04 2.2 Low
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
CVE-2023-39417 3 Debian, Postgresql, Redhat 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more 2025-10-04 7.5 High
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-5868 2 Postgresql, Redhat 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more 2025-10-04 4.3 Medium
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVE-2023-5869 2 Postgresql, Redhat 27 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 24 more 2025-10-04 8.8 High
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.