Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.9 CVE-2025-49841

GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49841

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49840

GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 7.2 CVE-2025-2800

WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name'_CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script...

wpeventmanager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce * CVE
HIGH 8.2 CVE-2025-7359

Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block_CVE-2025-7359

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...

danielriera Counter live visitors for WooCommerce * CVE
HIGH 8.1 CVE-2025-6043

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2025-6043

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missi...

malcure Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal * CVE
HIGH 8.1 CVE-2025-52690

Command Injection Vulnerability in the OmniAccess Stellar over UDP Service_CVE-2025-52690

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of conf...

Alcatel-Lucent OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier CVE
HIGH 7.5 CVE-2025-6993

Ultimate WP Mail 1.0.17 – 1.3.6 – Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function_CVE-2025-6993

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJ...

rustaurius Ultimate WP Mail 1.0.17 CVE
HIGH 8.3 CVE-2025-40985

SQL Injection in SCATI Vision Web_CVE-2025-40985

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some dat...

SCATI SCATI Vision Web 4.8 CVE
HIGH 7.6 CVE-2025-54043

WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability_CVE-2025-54043

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL In...

YayCommerce SMTP for Amazon SES n/a CVE
HIGH 8.5 CVE-2025-54026

WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability_CVE-2025-54026

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL...

QuanticaLabs GymBase Theme Classes n/a CVE