Latest CVE's CVE-2025-12520 - WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site ScriptingCVE-2025-64343 - (conda) Constructor: Excessive permissions during and after installationCVE-2025-12527 - Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/DeletionCVE-2025-64339 - ClipBucket v5: Stored XSS Vulnerability in Manage PlaylistsCVE-2025-64346 - archives: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') High and Critical CVE's CVE-2025-4519 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password FunctionCVE-2025-12352 - Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'CVE-2025-64328 - FreePBX Administration GUI is Vulnerable to Authenticated Command InjectionCVE-2025-5483 - LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege EscalationCVE-2025-64180 - Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
