Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2025-54724

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-54724

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue a...

uxper Golo n/a CVE
HIGH 8.1 CVE-2025-54731

WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability_CVE-2025-54731

Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affe...

emarket-design YouTube Showcase n/a CVE
HIGH 8.8 CVE-2025-54742

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability_CVE-2025-54742

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through...

magepeopleteam WpEvently n/a CVE
HIGH 8.7 CVE-2025-46409

CVE-2025-46409_CVE-2025-46409

Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploite...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) CVE
HIGH 7.3 CVE-2025-53396

CVE-2025-53396_CVE-2025-53396

Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may ...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only) CVE
HIGH 7.1 CVE-2025-54819

CVE-2025-54819_CVE-2025-54819

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) CVE
HIGH 8.7 CVE-2025-58072

CVE-2025-58072_CVE-2025-58072

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only) CVE
HIGH 8.7 CVE-2025-58081

CVE-2025-58081_CVE-2025-58081

Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only) CVE
HIGH 8.8 CVE-2025-9478

CVE-2025-9478_CVE-2025-9478

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...

Google Chrome 139.0.7258.154 CVE
HIGH 8.8 CVE-2025-22412

CVE-2025-22412_CVE-2025-22412

In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/ad...

Google Android 15 CVE