In Mattermost versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11 a low severity vulnerability CVE-2025-2570 was detected. This vulnerability allows a System Manager to access `ExperimentalSettings` via the System Console even when the `RestrictSystemAdmin` setting is true, due to improper access control. To address this issue, users should upgrade Mattermost to versions above 10.5.3 or 9.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2570.
Read more CommunicationIn AffiliateImporterEb plugin for WordPress versions through 1.0.6 a high severity vulnerability CVE-2024-12733 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12733.
Read more CMSIn ClipArt plugin for WordPress versions through 0.2 a high severity vulnerability CVE-2024-12726 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12726.
Read more CMSIn LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.
Read more MonitoringIn Pgpool-II versions 4.0 and 4.1 series, 4.2.0 to 4.2.21, 4.3.0 to 4.3.14, 4.4.0 to 4.4.11, 4.5.0 to 4.5.6 and 4.6.0 a critical severity vulnerability CVE-2025-46801 was detected. This vulnerability allows attackers to bypass authentication and log in as arbitrary users, enabling them to read, modify, or disable data in the connected database. To address this issue, users should upgrade Pgpool-II to versions 4.6.1, 4.5.7, 4.4.12, 4.3.15, 4.2.22 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46801.
Read more DatabaseIn the Qi Blocks WordPress plugin versions prior to 1.4 a medium severity vulnerability CVE-2025-1626 was detected. This vulnerability allows authenticated users with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks due to insufficient validation and escaping of Countdown block options before rendering them in a page or post. To address this issue, users should upgrade the Qi Blocks WordPress plugin to version 1.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1626.
Read more CMSIn the Motors theme for WordPress versions up to and including 5.6.67 a critical severity vulnerability CVE-2025-4322 was detected. This vulnerability allows unauthenticated attackers to escalate privileges by taking over user accounts, including administrator accounts, through improper identity validation during password updates. To address this issue, users should upgrade the Motors theme to versions 5.6.68 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4322.
Read more CMSIn the Ninja Forms WordPress plugin versions prior to 3.10.1 a low severity vulnerability CVE-2025-2524 was detected. This vulnerability allows high privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (e.g., in a multisite setup), due to insufficient sanitization and escaping of plugin settings. To address this issue, users should upgrade the Ninja Forms WordPress plugin to version 3.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2524.
Read more CMSIn Wise Chat plugin for WordPress versions up to and including 3.3.3 a high severity vulnerability CVE-2024-13613 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, potentially exposing file attachments from chat messages. To address this issue, users should upgrade Wise Chat plugin to versions 3.3.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13613.
Read more CMS