CVE-2025-26698
CVE-2025-22881
CVE-2025-22869
CVE-2025-22868
CVE-2025-1517
CVE-2025-0889
CVE-2025-0731
CVE-2025-0236
CVE-2025-0235
CVE-2025-0234
CVE-2024-39441
CVE-2024-13803
CVE-2024-13678
CVE-2024-13669
CVE-2024-13634
CVE-2024-13633
CVE-2024-13632
CVE-2024-13631
CVE-2024-13630
CVE-2024-13629
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
Maximum CVSS Score : 2.7
Exploit Availability: Not available
CVE-2025-22881
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Maximum CVSS Score : 8.4
Exploit Availability: Not available
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-22868
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-1517
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Maximum CVSS Score : 6.4
Exploit Availability: Not available
CVE-2025-0889
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
Maximum CVSS Score : 7.2
Exploit Availability: Not available
CVE-2025-0731
An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.
Maximum CVSS Score : 6.5
Exploit Availability: Not available
CVE-2025-0236
Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.
Maximum CVSS Score : 5.3
Exploit Availability: Not available
CVE-2025-0235
Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.
Maximum CVSS Score : 5.3
Exploit Availability: Not available
CVE-2025-0234
Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.
Maximum CVSS Score : 5.3
Exploit Availability: Not available
CVE-2024-39441
In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.
Maximum CVSS Score : 7.1
Exploit Availability: Not available
CVE-2024-13803
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Maximum CVSS Score : 6.4
Exploit Availability: Not available
CVE-2024-13678
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13669
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13634
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13633
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13632
The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13631
The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13630
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2024-13629
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
