In the WordPress Password Protected plugin versions prior to and including 2.7.11 a medium severity vulnerability CVE-2025-11244 was detected. This vulnerability allows attackers to bypass authorization via IP address spoofing by manipulating client-controlled HTTP headers when the “Use transients” feature is enabled. To fix this vulnerability, users should upgrade to version 2.7.12 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11244.
Read more CMS
In the WordPress Watu Quiz plugin versions prior to and including 3.4.4 a medium severity vulnerability CVE-2025-11238 was detected. This vulnerability allows unauthenticated attackers to perform stored cross-site scripting (XSS) via the HTTP Referer header when the “Save source URL” option is enabled. To fix this vulnerability, users should upgrade to version 3.4.5 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11238.
Read more CMS
In Redis versions 8.2.0 through 8.2.2 a high severity vulnerability CVE-2025-62507 was detected. This vulnerability allows remote attackers to trigger a stack buffer overflow during execution of the XACKDEL command, which may potentially lead to remote code execution. To fix this vulnerability, users should upgrade to Redis version 8.2.3 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62507.
Read more Database
In the WordPress GenerateBlocks plugin versions prior to and including 2.1.1 a medium severity vulnerability CVE-2025-11879 was detected. This vulnerability allows authenticated attackers with contributor level access and above to read arbitrary WordPress options, including sensitive data such as SMTP credentials and API keys, due to a missing capability check on the get_option_rest function. To fix this vulnerability, users should upgrade to version 2.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11879.
Read more CMS
In GitLab EE versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 a high severity vulnerability CVE-2025-11702 was detected. This vulnerability allows an authenticated attacker with specific permissions to hijack project runners from other projects. To fix this vulnerability, users should upgrade to GitLab versions 18.5.1, 18.4.3, or 18.3.5. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-11702.
Read more Developer Tools
In Apache Airflow versions from 3.0.0 up to but not including 3.0.5 a medium severity vulnerability CVE-2025-54941 was detected. This vulnerability allows a UI user to redirect the example DAG via the example_dag_decorator parameter to a malicious server and execute code on a worker, when example DAGs are enabled in production or similar DAG code is copied. To fix this vulnerability, users should upgrade to Airflow version 3.0.5 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-54941.
Read more Data Analytics
In Apache Airflow versions 3.0.0 through 3.1.0 inclusive a medium severity vulnerability CVE-2025-62402 was detected. This vulnerability allows API users via the /api/v2/dagReports endpoint to execute DAG Python code in the context of the API server if the API-server is deployed in an environment where DAG files are accessible. To fix this vulnerability, users should upgrade to Apache Airflow version 3.1.1 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62402.
Read more Data Analytics
In Apache Airflow versions 3.0.0 up to and including 3.1.0 a medium severity vulnerability CVE-2025-62503 was detected. This vulnerability allows a user with only CREATE privileges (and no UPDATE privileges) for Pools, Connections, or Variables to update existing records via the bulk create API when the overwrite action is used. To fix this vulnerability, users should upgrade to version 3.1.1 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62503.
Read more Data Analytics
In WooCommerce versions prior to and including 10.0.2 a medium severity vulnerability CVE-2025-49042 was detected. This vulnerability allows remote attackers to perform stored cross-site scripting (XSS) due to improper neutralization of input during web page generation. To fix this vulnerability, users should upgrade to a version later than 10.0.2. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-49042.
Read more E-commerce