Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2025-6079

School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload_CVE-2025-6079

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ...

dasinfomedia School Management System for Wordpress * CVE
HIGH 8.8 CVE-2025-6080

WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation_CVE-2025-6080

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and in...

dasinfomedia WPGYM - Wordpress Gym Management System * CVE
HIGH 7.5 CVE-2025-7664

Al Pack <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function_CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permissi...

loword AL Pack * CVE
HIGH 8.8 CVE-2025-49895

WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability_CVE-2025-49895

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by...

iThemes ServerBuddy by PluginBuddy.com n/a CVE
HIGH 7.1 CVE-2025-55284

Claude Code’s Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code_CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then...

anthropics claude-code < 1.0.4 CVE
HIGH 7.3 CVE-2025-55286

z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption_CVE-2025-55286

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanis...

vancluever z2d = 0.7.0 CVE
HIGH 8.8 MS:CVE-2025-8879

Chromium: CVE-2025-8879 Heap buffer overflow in libaom_MS:CVE-2025-8879

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
HIGH 8.8 MS:CVE-2025-8880

Chromium: CVE-2025-8880 Race in V8_MS:CVE-2025-8880

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
HIGH 8.8 MS:CVE-2025-8901

Chromium: CVE-2025-8901 Out of bounds write in ANGLE_MS:CVE-2025-8901

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
HIGH 8.8 MS:CVE-2025-8882

Chromium: CVE-2025-8882 Use after free in Aura_MS:CVE-2025-8882

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE