Vulnerability Notes
- CVE-2025-36750 - Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
- CVE-2025-36747 - Hardcoded FTP Credentials within the firmware
- CVE-2025-14475 - Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter
- CVE-2025-14397 - Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users
- CVE-2025-13094 - WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload
- CVE-2025-11693 - Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File
- CVE-2025-10738 - URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection
- CVE-2025-13970 - OpenPLC_V3 Cross-Site Request Forgery
- CVE-2025-67750 - Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
- CVE-2024-58316 - Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter
- CVE-2025-8083 - Vuetify Prototype Pollution via Preset options
- CVE-2025-14373 - Google Chrome Android Domain Spoofing Vulnerability
- CVE-2024-58305 - WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation
- CVE-2024-58299 - PCMan FTP Server 2.0 Remote Buffer Overflow via 'pwd' Command