In Autochat Automatic Conversation plugin versions up to and including 1.1.9 a medium severity vulnerability CVE-2025-12043 was detected. This vulnerability allows unauthenticated attackers to connect and disconnect client IDs due to a missing capability check on the wp_ajax_nopriv_auycht_saveCid AJAX endpoint. To address this issue, users should upgrade the plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12043.
Read more CMS
In MongoDB Server versions 7.0 prior to 7.0.26, 8.0 prior to 8.0.13, and 8.1 prior to 8.1.2 a high severity vulnerability CVE-2025-13644 was detected. The issue allows a batched delete operation to trigger an invariant failure and crash the server when MongoDB incorrectly assumes multiple documents are present in a batch solely because a document exceeds BSONObjMaxSize. To address this issue, users should update to MongoDB Server 7.0.26, 8.0.13, or 8.1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13644.
Read more Database
In MongoDB Server versions 7.0 prior to 7.0.26 and 8.0 prior to 8.0.14 a medium severity vulnerability CVE-2025-13643 was detected. This vulnerability allows a user with limited cluster privileges to terminate queries executed by other users, potentially causing denial of service by preventing some queries from completing successfully. To address this issue, users should upgrade MongoDB Server to versions 7.0.26, 8.0.14, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13643.
Read more Database
In MongoDB Server versions 7.0 prior to 7.0.26, 8.0 prior to 8.0.16, and 8.2 prior to 8.2.2 a medium severity vulnerability CVE-2025-12893 was detected. This vulnerability allows MongoDB servers running on Windows or Apple platforms to successfully complete TLS handshakes with client or server certificates that do not meet the documented Extended Key Usage (EKU) requirements. Specifically, certificates missing the clientAuth EKU may still authenticate as clients, and on Apple servers, certificates missing the serverAuth EKU may still authenticate as servers during egress TLS connections. To address this issue, users should upgrade MongoDB Server to versions 7.0.26, 8.0.16, or 8.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12893.
Read more Database
In WordPress eCommerce Plugin versions up to and including 2.9.0 a high severity vulnerability CVE-2024-14015 was detected. This vulnerability allows attackers to perform reflected cross-site scripting (XSS) by exploiting unsanitized and unescaped parameters output back on the page, which could be used against high privilege users such as administrators. To address this issue, users should upgrade the plugin to a version later than 2.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-14015.
Read more CMS
In Perfect Brands for WooCommerce plugin versions up to and including 3.6.2 a medium severity vulnerability CVE-2025-10144 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform time-based SQL injection via the brands attribute of the products shortcode, due to insufficient escaping and lack of proper SQL query preparation. Exploiting this flaw can enable extraction of sensitive database information. To address this issue, users should upgrade the plugin to version 3.6.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10144.
Read more CMS
In Wazuh versions 3.7.0 through 4.11.x a medium severity vulnerability CVE-2025-64169 was detected. This vulnerability allows a compromised agent to crash the `analysisd` process on the Wazuh manager due to a NULL pointer dereference in the `fim_alert()` function when `oldsum->md5` is not properly checked. To address this issue, users should upgrade Wazuh to versions 4.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64169.
Read more Security
In Terraform Enterprise versions prior to 1.1.1 and 1.0.3 a medium severity vulnerability CVE-2025-13432 was detected. This vulnerability allows users with specific but insufficient permissions to create Terraform state versions in a workspace, potentially enabling infrastructure alteration if a subsequent plan operation is approved or auto-applied. To address this issue, users should upgrade Terraform Enterprise to versions 1.1.1, 1.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13432.
Read more Developer Tools
In Wazuh versions 4.3.0 through 4.12.x a low severity vulnerability CVE-2025-54866 was detected. This vulnerability allows all authenticated users on a Windows machine to access the `authd.pass` file due to missing access control lists (ACLs) on `C:\Program Files (x86)\ossec-agent\authd.pass`, exposing sensitive passwords. To address this issue, users should upgrade Wazuh to version 4.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54866.
Read more Security