In Kubernetes C# client versions prior to 17.0.14 a medium severity vulnerability CVE-2025-9708 was detected. This vulnerability allows the client to accept certificates from any Certificate Authority (CA) without properly validating the trust chain in custom CA mode, which may allow a malicious actor to present a forged certificate and perform man-in-the-middle attacks or API impersonation. To fix this vulnerability, users should upgrade to version 17.0.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9708.
Read more Developer Tools
In Kafka-UI versions 0.6.0 through 0.7.2 a medium severity vulnerability CVE-2025-60537 was detected. This vulnerability in the /kafka/ui/serdes/CustomSerdeLoader.java component allows attackers to execute arbitrary code by supplying crafted data. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60537.
Read more Data Analytics
In Kafka-UI versions 0.6.0 through 0.7.2 a high severity vulnerability CVE-2025-60536 was detected. This vulnerability in the Configure New Cluster interface allows attackers to cause a denial of service (DoS) by uploading a crafted configuration file. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60536.
Read more Data Analytics
In Genesis Framework theme for WordPress versions up to and including 3.6.0 a medium severity vulnerability CVE-2025-10737 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the theme’s shortcodes due to insufficient input sanitization and output escaping. To fix this vulnerability, users should upgrade to version 3.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10737.
Read more CMS
In WordPress User Feedback plugin versions up to and including 1.8.0 a medium severity vulnerability CVE-2025-10694 was detected. This vulnerability allows unauthenticated attackers to access the plugin’s onboarding wizard page due to a missing capability check, exposing configuration details including the administrator’s email address. To fix this vulnerability, users should upgrade to version 1.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10694.
Read more CMS
In the WordPress BackWPup plugin versions prior to and including 5.5.0 a medium severity vulnerability CVE-2025-10579 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to retrieve a backup’s filename via the backwpup_working AJAX action due to a missing capability check. While the filename alone has limited value, it could aid targeted brute-force attempts to obtain backup contents in certain environments. To fix this vulnerability, users should upgrade to version 5.5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10579.
Read more CMS
In the WordPress eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions prior to and including 1.5.6 a high severity vulnerability CVE-2025-11760 was detected. This vulnerability exposes the Zoom SDK secret key in client-side JavaScript, making it possible for unauthenticated attackers to extract the key and generate valid JWT signatures. This could allow unauthorized access to private meetings or other Zoom resources. To fix this vulnerability, users should upgrade to version 1.5.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11760.
Read more CMS
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to and including 1.6.5. This vulnerability allows unauthenticated attackers to embed untrusted input into exported CSV files, potentially leading to code execution when these files are opened on vulnerable systems. To fix this vulnerability, users should upgrade to version 1.6.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11576.
Read more CMS
In the WordPress wpForo Forum plugin versions prior to and including 2.4.8 a high severity vulnerability CVE-2025-4203 was detected. This vulnerability allows unauthenticated attackers to perform error-based or time-based blind SQL injection via the get_members() function due to missing integer validation on the offset and row_count parameters. Attackers can exploit this to extract sensitive information from the database. To fix this vulnerability, users should upgrade to version 2.4.9 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4203.
Read more CMS