Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2025-8482

Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration_CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capabil...

10up Simple Local Avatars * CVE
MEDIUM 4.9 CVE-2025-8081

Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import_CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import(...

elemntor Elementor Website Builder – More Than Just a Page Builder * CVE
MEDIUM 6.7 CVE-2025-3892

CVE-2025-3892_CVE-2025-3892

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited i...

Axis Communications AB AXIS OS 12.0.0 CVE
MEDIUM 6.4 CVE-2025-8314

Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter_CVE-2025-8314

The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to,...

emarket-design Project Management, Bug and Issue Tracking Plugin – Software Issue Manager * CVE
MEDIUM 5.1 CVE-2025-7622

CVE-2025-7622_CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access interna...

Axis Communications AB AXIS Camera Station Pro 6 CVE
MEDIUM 6.7 CVE-2025-30027

CVE-2025-30027_CVE-2025-30027

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be explo...

Axis Communications AB AXIS OS 12.0.0 CVE
MEDIUM 4.3 CVE-2025-7965

CBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRF_CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers...

Unknown CBX Restaurant Booking CVE
MEDIUM 4.3 CVE-2025-42934

CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)_CVE-2025-42934

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted ...

SAP_SE SAP S/4HANA (Supplier invoice) S4CORE 102 CVE
MEDIUM 4.1 CVE-2025-42935

Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)_CVE-2025-42935

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and...

SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64NUC 7.22 CVE
MEDIUM 5.4 CVE-2025-42936

Missing Authorization check in SAP NetWeaver Application Server for ABAP_CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, thi...

SAP_SE SAP NetWeaver Application Server for ABAP SAP_BASIS 700 CVE