In Target Video Easy Publish plugin for WordPress versions up to and including 3.8.5 a medium severity vulnerability CVE-2025-5237 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘width’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should update Target Video Easy Publish plugin to versions 3.8.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5237.
Read more CMS
In tarteaucitron.io plugin for WordPress versions before 1.9.5 a medium severity vulnerability CVE-2025-4955 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks by exploiting unsanitized query parameters from YouTube oEmbed URLs. To address this issue, users should upgrade tarteaucitron.io plugin to versions 1.9.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4955.
Read more CMS
In Ivory Search plugin for WordPress versions before 5.5.10 a low severity vulnerability CVE-2025-5209 was detected. This vulnerability allows high privilege users, such as administrators, to perform Cross-Site Scripting (XSS) attacks due to insufficient sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed. To address this issue, users should upgrade Ivory Search plugin to versions 5.5.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5209.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.97, Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35 and 7.2 fix pack 8 through fix pack 20 a high severity vulnerability CVE-2025-3602 was detected. This vulnerability allows attackers to perform denial-of-service (DoS) attacks by executing overly complex GraphQL queries due to the absence of query depth limitations. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.98, Liferay DXP to versions 2023.Q3.3 or 7.3 U36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3602.
Read more CMS
In Liferay Portal versions 7.0.0 through 7.4.3.4, Liferay DXP 7.4 GA, 7.3 GA through update 34 and older unsupported versions a high severity vulnerability CVE-2025-3594 was detected. This vulnerability allows remote attackers to add files to arbitrary locations on the server and download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.5-ga5 or Liferay DXP to versions 7.3 Update 35. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3594.
Read more CMS
In Liferay Portal versions 7.0.0 through 7.4.3.21, Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25 and older unsupported versions a high severity vulnerability CVE-2025-3526 was detected. This vulnerability allows remote attackers to consume system memory by saving crafted request parameters in the HTTP session, leading to denial-of-service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.22, Liferay DXP to versions 7.4 Update 10 or 7.3 Update 26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3526.
Read more CMS
In Simple Logo Carousel plugin for WordPress versions up to and including 1.9.3 a medium severity vulnerability CVE-2025-5700 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Simple Logo Carousel plugin to versions 1.9.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5700.
Read more CMS
In GitLab CE/EE versions from 8.7 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a medium severity vulnerability CVE-2025-1516 was detected. This vulnerability allows attackers to trigger a denial of service due to improper input validation in token names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1516.
Read more Developer Tools
In GitLab CE/EE versions from 8.13 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-1478 was detected. This vulnerability allows attackers to trigger a denial of service due to lack of input validation in board names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1478.
Read more Developer Tools