Latest CVE Feed
-
7.5
HIGHCVE-2025-10862
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parame... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7634
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to incl... Read more
Affected Products : wp_travel_engine- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-7526
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and inc... Read more
Affected Products : wp_travel_engine- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-39961
In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-le... Read more
Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Race Condition
-
6.4
MEDIUMCVE-2025-9371
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_title’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possibl... Read more
Affected Products : betheme- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Scripting