[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@CVEnew Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::821806287461740544.png) @CVEnew CVE

CVE posts on X about has been, vulnerability, $2395tw, command the most. They currently have XXXXXX followers and XXX posts still getting attention that total XXXXXX engagements in the last XX hours.

### Engagements: XXXXXX [#](/creator/twitter::821806287461740544/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:interactions.svg)

- X Week XXXXXXX -XXXX%
- X Month XXXXXXX -XX%
- X Months XXXXXXXXX +67%
- X Year XXXXXXXXX -XX%

### Mentions: XXX [#](/creator/twitter::821806287461740544/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:posts_active.svg)

- X Week XXX +15%
- X Month XXXXX -XX%
- X Months XXXXXX +86%
- X Year XXXXXX +13%

### Followers: XXXXXX [#](/creator/twitter::821806287461740544/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:followers.svg)

- X Week XXXXXX +0.21%
- X Month XXXXXX +0.28%
- X Months XXXXXX +2.40%
- X Year XXXXXX +4%

### CreatorRank: XXXXXXX [#](/creator/twitter::821806287461740544/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::821806287461740544/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[stocks](/list/stocks)  XXXX% [technology brands](/list/technology-brands)  XXXX% [finance](/list/finance)  XXXX% [social networks](/list/social-networks)  XXXX% [cryptocurrencies](/list/cryptocurrencies)  XXXX%

**Social topic influence**
[has been](/topic/has-been) #135, [vulnerability](/topic/vulnerability) #1, [$2395tw](/topic/$2395tw) 1.01%, [command](/topic/command) #427, [ibm](/topic/ibm) #118, [elements](/topic/elements) #624, [files](/topic/files) #436, [core](/topic/core) 0.56%, [linksys](/topic/linksys) #22, [verification](/topic/verification) #104

**Top accounts mentioned or mentioned by**
[@cveannounce](/creator/undefined) [@tiptapextensionlink](/creator/undefined) [@chaeynz_](/creator/undefined) [@kundu_vinit](/creator/undefined)

**Top assets mentioned**
[IBM (IBM)](/topic/ibm) [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Intercorp Financial Services Inc. (IFS)](/topic/$ifs) [QUALCOMM, Inc. (QCOM)](/topic/$qcom) [ELYSIA (EL)](/topic/elysia)
### Top Social Posts
Top posts by engagements in the last XX hours

"CVE-2025-0007 Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space potentially compromising c"  
[X Link](https://x.com/CVEnew/status/1993059933873713376)  2025-11-24T20:51Z 56K followers, XXX engagements


"CVE-2025-55182 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0 19.1.0 19.1.1 and 19.2.0 including the following package"  
[X Link](https://x.com/CVEnew/status/1996247470494626001)  2025-12-03T15:57Z 56K followers, 18.3K engagements


"CVE-2025-14201 A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability"  
[X Link](https://x.com/CVEnew/status/1997739721527800213)  2025-12-07T18:47Z 56K followers, XXX engagements


"CVE-2023-53772 MiniDVBLinux XXX contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers"  
[X Link](https://x.com/CVEnew/status/1998732784698012016)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-66626 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through"  
[X Link](https://x.com/CVEnew/status/1998732818625737117)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-61823 ColdFusion versions 2025.4 2023.16 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lea"  
[X Link](https://x.com/CVEnew/status/1998732771272057047)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2021-47718 OpenBMCS XXX contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing function"  
[X Link](https://x.com/CVEnew/status/1998732798509916384)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-67488 SiYuan is self-hosted open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is"  
[X Link](https://x.com/CVEnew/status/1998732813307404722)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-34414 Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x prior to 6.10.5 and prior to 6.11.1 contain an insecu"  
[X Link](https://x.com/CVEnew/status/1998732834773807544)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-62735 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitiv"  
[X Link](https://x.com/CVEnew/status/1998418904691974176)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-9571 A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitr"  
[X Link](https://x.com/CVEnew/status/1998732747700056287)  2025-12-10T12:33Z 56K followers, XX engagements


"CVE-2023-53771 MiniDVBLinux XXX contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send c"  
[X Link](https://x.com/CVEnew/status/1998732785759170991)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2023-53770 MiniDVBLinux XXX contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through"  
[X Link](https://x.com/CVEnew/status/1998732788158329205)  2025-12-10T12:33Z 56K followers, XXX engagements


"CVE-2025-54353 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5"  
[X Link](https://x.com/CVEnew/status/1998781395632619602)  2025-12-10T15:46Z 56K followers, XXX engagements


"CVE-2025-57823 A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6 FortiAuthenticator XXX all versions FortiAuthenticator XXX all"  
[X Link](https://x.com/CVEnew/status/1998781401827606833)  2025-12-10T15:46Z 56K followers, XXX engagements


"CVE-2023-40288 An issue was discovered on Supermicro X11SSM-F X11SAE-F and X11SSE-F XXXX devices. An attacker could exploit an XSS issue"  
[X Link](https://x.com/CVEnew/status/1772830803866829247)  2024-03-27T03:39Z 56K followers, XXX engagements


"CVE-2023-40289 A command injection issue was discovered on Supermicro X11SSM-F X11SAE-F and X11SSE-F XXXX devices. An attacker can exploit this to elevate privileges from a user w"  
[X Link](https://x.com/CVEnew/status/1772830804814758208)  2024-03-27T03:39Z 56K followers, XXX engagements


"CVE-2025-66032 Claude Code is an agentic coding tool. Prior to 1.0.93 Due to errors in parsing shell commands related to $IFS and short CLI flags it was possible to bypass the Cla"  
[X Link](https://x.com/CVEnew/status/1996284703733633507)  2025-12-03T18:25Z 56K followers, XXX engagements


"CVE-2025-53963 An issue was discovered on Thermo Fisher Ion Torrent OneTouch X INS1005527 devices. They run an SSH server accessible over the default port XX. The root account has a"  
[X Link](https://x.com/CVEnew/status/1996600330126078337)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-54304 An issue was discovered on Thermo Fisher Ion Torrent OneTouch X INS1005527 devices. When they are powered on an X11 display server is started. The display server lis"  
[X Link](https://x.com/CVEnew/status/1996600331933766068)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-54305 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application LocalhostAuthMiddleware au"  
[X Link](https://x.com/CVEnew/status/1996600332835545513)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-54307 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bund"  
[X Link](https://x.com/CVEnew/status/1996600334672679361)  2025-12-04T15:19Z 56K followers, XXX engagements


"CVE-2025-13373 Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests which could allow an attacker to inject SQL commands"  
[X Link](https://x.com/CVEnew/status/1996720172002893942)  2025-12-04T23:16Z 56K followers, XXX engagements


"CVE-2025-34256 Advantech WISE-DeviceOn Server versions prior to 5.4contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIR"  
[X Link](https://x.com/CVEnew/status/1997000970446811282)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34265 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authentic"  
[X Link](https://x.com/CVEnew/status/1997000971432399137)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34263 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint"  
[X Link](https://x.com/CVEnew/status/1997000974351643106)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34266 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. Whe"  
[X Link](https://x.com/CVEnew/status/1997000976255918220)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34264 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenti"  
[X Link](https://x.com/CVEnew/status/1997000977249865757)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34262 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/agent_id endpoint. When a"  
[X Link](https://x.com/CVEnew/status/1997000978181099561)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34258 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authent"  
[X Link](https://x.com/CVEnew/status/1997000980026556524)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34259 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an aut"  
[X Link](https://x.com/CVEnew/status/1997000981007987049)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34261 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenti"  
[X Link](https://x.com/CVEnew/status/1997000982299812227)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34260 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authen"  
[X Link](https://x.com/CVEnew/status/1997000983226748979)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-34257 Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an authent"  
[X Link](https://x.com/CVEnew/status/1997000984099201504)  2025-12-05T17:51Z 56K followers, XXX engagements


"CVE-2025-14133 A vulnerability was found in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulne"  
[X Link](https://x.com/CVEnew/status/1997257376605311173)  2025-12-06T10:50Z 56K followers, XXX engagements


"CVE-2025-14134 A vulnerability was determined in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this"  
[X Link](https://x.com/CVEnew/status/1997266767836795391)  2025-12-06T11:27Z 56K followers, XXX engagements


"CVE-2025-14135 A vulnerability was identified in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the"  
[X Link](https://x.com/CVEnew/status/1997272458651693334)  2025-12-06T11:50Z 56K followers, XXX engagements


"CVE-2025-14136 A security flaw has been discovered in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnera"  
[X Link](https://x.com/CVEnew/status/1997299357155274881)  2025-12-06T13:37Z 56K followers, XXX engagements


"CVE-2025-14204 A vulnerability has been found in TykoDev cherry-studio-TykoFork XXX. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authoriza"  
[X Link](https://x.com/CVEnew/status/1997811170632208736)  2025-12-07T23:31Z 56K followers, XXX engagements


"CVE-2025-14205 A vulnerability was found in code-projects Chamber of Commerce Membership Management System XXX. Impacted is an unknown function of the file /membership_profile.php o"  
[X Link](https://x.com/CVEnew/status/1997813798229454865)  2025-12-07T23:41Z 56K followers, XXX engagements


"CVE-2025-66461 FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM p"  
[X Link](https://x.com/CVEnew/status/1997974340537888776)  2025-12-08T10:19Z 56K followers, XXX engagements


"CVE-2025-14224 A vulnerability was found in Yottamaster DM2 DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Pe"  
[X Link](https://x.com/CVEnew/status/1997974350281191500)  2025-12-08T10:19Z 56K followers, XXX engagements


"CVE-2025-48622 In ProcessArea of dng_misc_opcodes.cpp there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no addit"  
[X Link](https://x.com/CVEnew/status/1998079570080084372)  2025-12-08T17:17Z 56K followers, XXX engagements


"CVE-2025-36140 IBM XXX through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources witho"  
[X Link](https://x.com/CVEnew/status/1998160042747371970)  2025-12-08T22:37Z 56K followers, XXX engagements


"CVE-2023-53854 In the Linux kernel the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fix use-after-free in driver remove path When devm runs function in the"  
[X Link](https://x.com/CVEnew/status/1998225362833297816)  2025-12-09T02:57Z 56K followers, XXX engagements


"CVE-2025-40941 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected devices exposes server information in its responses. This could allow an"  
[X Link](https://x.com/CVEnew/status/1998355313762955398)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40940 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected application exhibits inconsistent SNMP behavior such as unexpected servi"  
[X Link](https://x.com/CVEnew/status/1998355315130261616)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40939 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This"  
[X Link](https://x.com/CVEnew/status/1998355316245991716)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40938 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected device stores sensitive information in the firmware. This could allow an"  
[X Link](https://x.com/CVEnew/status/1998355317445599558)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40937 A vulnerability has been identified in SIMATIC CN 4100 (All versions V4.0.1). The affected application do not properly validate input parameters in its REST API re"  
[X Link](https://x.com/CVEnew/status/1998355318506708996)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40935 A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions V5.10.1) RUGGEDCOM RS416Pv2 V5.X (All versions V5.10.1) RUGGEDCOM RS416v2 V5.X (All"  
[X Link](https://x.com/CVEnew/status/1998355319697858996)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40831 A vulnerability has been identified in SINEC Security Monitor (All versions V4.10.0). The affected application lacks input validation of date parameter in report ge"  
[X Link](https://x.com/CVEnew/status/1998355321002377575)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40830 A vulnerability has been identified in SINEC Security Monitor (All versions V4.10.0). The affected application does not have proper authorization checks for the fil"  
[X Link](https://x.com/CVEnew/status/1998355322029908185)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40820 Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthentic"  
[X Link](https://x.com/CVEnew/status/1998355323002982780)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40819 A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.2 SP4). Affected applications do not properly validate license restrictions aga"  
[X Link](https://x.com/CVEnew/status/1998355324043251717)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40818 A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that a"  
[X Link](https://x.com/CVEnew/status/1998355325100195868)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40807 A vulnerability has been identified in Gridscale X Prepay (All versions V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens"  
[X Link](https://x.com/CVEnew/status/1998355326186443165)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40806 A vulnerability has been identified in Gridscale X Prepay (All versions V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable r"  
[X Link](https://x.com/CVEnew/status/1998355327272837568)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40801 A vulnerability has been identified in COMOS V10.6 (All versions) COMOS V10.6 (All versions) JT Bi-Directional Translator for STEP (All versions) NX V2412 (All ver"  
[X Link](https://x.com/CVEnew/status/1998355328296263875)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-40800 A vulnerability has been identified in COMOS V10.6 (All versions) COMOS V10.6 (All versions) NX V2412 (All versions V2412.8700) NX V2506 (All versions V2506.60"  
[X Link](https://x.com/CVEnew/status/1998355329340625237)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56840 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). Under certain conditions IPsec may allow code injection in the affected devi"  
[X Link](https://x.com/CVEnew/status/1998355330368176185)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56839 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual"  
[X Link](https://x.com/CVEnew/status/1998355331437715735)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56838 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). The SCEP client available in the affected device for secure certificate enrol"  
[X Link](https://x.com/CVEnew/status/1998355332524122531)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56837 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). Due to the insufficient validation during the installation and load of certai"  
[X Link](https://x.com/CVEnew/status/1998355333518073910)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56836 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). During the Dynamic DNS configuration of the affected product it is possible t"  
[X Link](https://x.com/CVEnew/status/1998355334537363808)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2024-56835 A vulnerability has been identified in RUGGEDCOM ROX II family (All versions V2.17.0). The DHCP Server configuration file of the affected products is subject to cod"  
[X Link](https://x.com/CVEnew/status/1998355335636201688)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-59029 An attacker can trigger an assertion failure by requesting crafted DNS records waiting for them to be inserted into the records cache then send a query with qtype s"  
[X Link](https://x.com/CVEnew/status/1998355336714129723)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-59030 An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP"  
[X Link](https://x.com/CVEnew/status/1998355337783681490)  2025-12-09T11:33Z 56K followers, XX engagements


"CVE-2025-64696 Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited application-specific files may be accessed fr"  
[X Link](https://x.com/CVEnew/status/1998355339767591348)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41693 A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced"  
[X Link](https://x.com/CVEnew/status/1998355340925259965)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41696 An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to par"  
[X Link](https://x.com/CVEnew/status/1998355341952843864)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41694 A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data resulting i"  
[X Link](https://x.com/CVEnew/status/1998355342997217625)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41692 A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password gene"  
[X Link](https://x.com/CVEnew/status/1998355344029044860)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41697 An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692"  
[X Link](https://x.com/CVEnew/status/1998355345182536025)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41695 An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device"  
[X Link](https://x.com/CVEnew/status/1998355346226811062)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41745 An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the d"  
[X Link](https://x.com/CVEnew/status/1998355347304747115)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41746 An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the"  
[X Link](https://x.com/CVEnew/status/1998355348324036784)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41747 An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the"  
[X Link](https://x.com/CVEnew/status/1998355349305487492)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41748 An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacke"  
[X Link](https://x.com/CVEnew/status/1998355350303731941)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41749 An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker i"  
[X Link](https://x.com/CVEnew/status/1998355351356494328)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41750 An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker"  
[X Link](https://x.com/CVEnew/status/1998355352400830533)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41751 An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacke"  
[X Link](https://x.com/CVEnew/status/1998355353428443422)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-41752 An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker"  
[X Link](https://x.com/CVEnew/status/1998355354464473581)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14311 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JMRI.This issue affects JMRI: before 5.13.3"  
[X Link](https://x.com/CVEnew/status/1998355355852759066)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14310 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4"  
[X Link](https://x.com/CVEnew/status/1998355356851077529)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14309 NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2"  
[X Link](https://x.com/CVEnew/status/1998355357882777954)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14308 An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data"  
[X Link](https://x.com/CVEnew/status/1998355358964932673)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14307 An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create"  
[X Link](https://x.com/CVEnew/status/1998355359946490288)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13428 A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (R"  
[X Link](https://x.com/CVEnew/status/1998355362035220933)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13071 The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page leading to a Reflected Cross-Site"  
[X Link](https://x.com/CVEnew/status/1998355363062796390)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13070 The CSV to SortTable WordPress plugin through XXX does not validate some shortcode attributes before using them to generate paths passed to include function/s allowi"  
[X Link](https://x.com/CVEnew/status/1998355364082041261)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13031 The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings which could allow high privilege users such as contri"  
[X Link](https://x.com/CVEnew/status/1998355365067632881)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14284 Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling"  
[X Link](https://x.com/CVEnew/status/1998355366271406322)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-13604 The Login Security FireWall Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to a"  
[X Link](https://x.com/CVEnew/status/1998355367278022815)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40344 In the Linux kernel the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles th"  
[X Link](https://x.com/CVEnew/status/1998355368234348590)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40343 In the Linux kernel the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via t"  
[X Link](https://x.com/CVEnew/status/1998355369299771394)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40342 In the Linux kernel the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the rem"  
[X Link](https://x.com/CVEnew/status/1998355370348257761)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40341 In the Linux kernel the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_l"  
[X Link](https://x.com/CVEnew/status/1998355371384250815)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40340 In the Linux kernel the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault"  
[X Link](https://x.com/CVEnew/status/1998355372546134385)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40339 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv-prt_va the bo of thi"  
[X Link](https://x.com/CVEnew/status/1998355373540114497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40338 In the Linux kernel the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly t"  
[X Link](https://x.com/CVEnew/status/1998355374567801333)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40337 In the Linux kernel the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously"  
[X Link](https://x.com/CVEnew/status/1998355375612158402)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40336 In the Linux kernel the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially cover"  
[X Link](https://x.com/CVEnew/status/1998355376677515474)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40335 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args and rej"  
[X Link](https://x.com/CVEnew/status/1998355377629585823)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40334 In the Linux kernel the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object"  
[X Link](https://x.com/CVEnew/status/1998355378703331740)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40333 In the Linux kernel the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data and look u"  
[X Link](https://x.com/CVEnew/status/1998355379689046395)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40332 In the Linux kernel the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fau"  
[X Link](https://x.com/CVEnew/status/1998355380741746833)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40331 In the Linux kernel the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock sc"  
[X Link](https://x.com/CVEnew/status/1998355381714833859)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40330 In the Linux kernel the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops"  
[X Link](https://x.com/CVEnew/status/1998355382746693975)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40329 In the Linux kernel the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed"  
[X Link](https://x.com/CVEnew/status/1998355383732392429)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40328 In the Linux kernel the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab"  
[X Link](https://x.com/CVEnew/status/1998355384717938806)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-40327 In the Linux kernel the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool"  
[X Link](https://x.com/CVEnew/status/1998355385720455322)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-67487 Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which ca"  
[X Link](https://x.com/CVEnew/status/1998355386714525999)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-67504 WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptogr"  
[X Link](https://x.com/CVEnew/status/1998355387658260871)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-66631 CSLA .NET is a framework designed for the development of reusable object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProx"  
[X Link](https://x.com/CVEnew/status/1998355388656455977)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-66627 Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0 0.41.1 0.42.0 through 0.47.1 0.50.0 through 0.51.2 and 1.0.0 Wa"  
[X Link](https://x.com/CVEnew/status/1998355389637968166)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50662 In the Linux kernel the following vulnerability has been resolved: RDMA/hns: fix memory leak in hns_roce_alloc_mr() When hns_roce_mr_enable() failed in hns_roce_al"  
[X Link](https://x.com/CVEnew/status/1998355390648783179)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50661 In the Linux kernel the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do"  
[X Link](https://x.com/CVEnew/status/1998355391651172843)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50660 In the Linux kernel the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw_wdev_init() In the error path of ipw_wdev_init() exceptio"  
[X Link](https://x.com/CVEnew/status/1998355392624251257)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50659 In the Linux kernel the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device("  
[X Link](https://x.com/CVEnew/status/1998355393618354659)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2022-50658 In the Linux kernel the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect"  
[X Link](https://x.com/CVEnew/status/1998355394725556392)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-66507 1Panel is an open-source web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verifica"  
[X Link](https://x.com/CVEnew/status/1998355396701163727)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53820 In the Linux kernel the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info() lo-lo"  
[X Link](https://x.com/CVEnew/status/1998355397749747965)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-14285 A vulnerability was found in code-projects Employee Profile Management System XXX. Affected is an unknown function of the file edit_personnel.php. The manipulation of"  
[X Link](https://x.com/CVEnew/status/1998355398840209497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53811 In the Linux kernel the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + X The irdma driver can use a maximum number of msix v"  
[X Link](https://x.com/CVEnew/status/1998355399871991817)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53810 In the Linux kernel the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key"  
[X Link](https://x.com/CVEnew/status/1998355400937316497)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53809 In the Linux kernel the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() When a file descriptor of pppo"  
[X Link](https://x.com/CVEnew/status/1998355402015342908)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53808 In the Linux kernel the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Always free the zeroed page on return"  
[X Link](https://x.com/CVEnew/status/1998355403017789886)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53807 In the Linux kernel the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() Smatch detected this potential err"  
[X Link](https://x.com/CVEnew/status/1998355404036964802)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53806 In the Linux kernel the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe Why System restart observed whi"  
[X Link](https://x.com/CVEnew/status/1998355404989067509)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53805 In the Linux kernel the following vulnerability has been resolved: tty: n_gsm: fix UAF in gsm_cleanup_mux In gsm_cleanup_mux() the 'gsm-dlci' pointer was not clea"  
[X Link](https://x.com/CVEnew/status/1998355405999927383)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53804 In the Linux kernel the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of ni"  
[X Link](https://x.com/CVEnew/status/1998355406964560055)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53803 In the Linux kernel the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-o"  
[X Link](https://x.com/CVEnew/status/1998355407958606134)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53802 In the Linux kernel the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stat"  
[X Link](https://x.com/CVEnew/status/1998355408923357475)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53801 In the Linux kernel the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain the driver would"  
[X Link](https://x.com/CVEnew/status/1998355410001318011)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53800 In the Linux kernel the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported"  
[X Link](https://x.com/CVEnew/status/1998355411288961096)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53799 In the Linux kernel the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects t"  
[X Link](https://x.com/CVEnew/status/1998355412333326373)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53798 In the Linux kernel the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when se"  
[X Link](https://x.com/CVEnew/status/1998355413369287068)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53797 In the Linux kernel the following vulnerability has been resolved: HID: wacom: Use ktime_t rather than int when dealing with timestamps Code which interacts with t"  
[X Link](https://x.com/CVEnew/status/1998355414405329003)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2023-53796 In the Linux kernel the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to"  
[X Link](https://x.com/CVEnew/status/1998355415407755716)  2025-12-09T11:33Z 56K followers, XXX engagements


"CVE-2025-67467 Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through = 4.13.1"  
[X Link](https://x.com/CVEnew/status/1998418814736666749)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-66533 Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through ="  
[X Link](https://x.com/CVEnew/status/1998418815953072249)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-2296 EDK2 contains a vulnerability in BIOS where an attacker may cause Improper Input Validation by local access. Successful exploitation of this vulnerability could alte"  
[X Link](https://x.com/CVEnew/status/1998418817110732908)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-14345 A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under"  
[X Link](https://x.com/CVEnew/status/1998418818310254675)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63077 Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security"  
[X Link](https://x.com/CVEnew/status/1998418820633936016)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63076 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows"  
[X Link](https://x.com/CVEnew/status/1998418821816762663)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63075 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affe"  
[X Link](https://x.com/CVEnew/status/1998418822957555865)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63074 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local Fil"  
[X Link](https://x.com/CVEnew/status/1998418824068989024)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63073 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects"  
[X Link](https://x.com/CVEnew/status/1998418825222524933)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63072 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue aff"  
[X Link](https://x.com/CVEnew/status/1998418826401042639)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63071 Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensit"  
[X Link](https://x.com/CVEnew/status/1998418827537711114)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63070 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensit"  
[X Link](https://x.com/CVEnew/status/1998418828682723709)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63069 Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue"  
[X Link](https://x.com/CVEnew/status/1998418829827789059)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63068 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form X Dynamic Text Extension contact-form-7-dynamic"  
[X Link](https://x.com/CVEnew/status/1998418830922576042)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63067 Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Level"  
[X Link](https://x.com/CVEnew/status/1998418832013041839)  2025-12-09T15:45Z 56K followers, XX engagements


"CVE-2025-63066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows"  
[X Link](https://x.com/CVEnew/status/1998418833145516448)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63065 Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media Library Assistant media-library-assistant allows Exploiting Incorrectly Configur"  
[X Link](https://x.com/CVEnew/status/1998418834273808487)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63064 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects Ev"  
[X Link](https://x.com/CVEnew/status/1998418835515273667)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63063 Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This is"  
[X Link](https://x.com/CVEnew/status/1998418836664553917)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63062 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows"  
[X Link](https://x.com/CVEnew/status/1998418837784367455)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63061 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This issue affects K"  
[X Link](https://x.com/CVEnew/status/1998418838879121915)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63060 Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through = 4.2"  
[X Link](https://x.com/CVEnew/status/1998418840015831406)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63059 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This"  
[X Link](https://x.com/CVEnew/status/1998418841097924676)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63058 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retri"  
[X Link](https://x.com/CVEnew/status/1998418842272329808)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63057 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XS"  
[X Link](https://x.com/CVEnew/status/1998418843379613735)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63056 Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Le"  
[X Link](https://x.com/CVEnew/status/1998418844491120680)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63055 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows St"  
[X Link](https://x.com/CVEnew/status/1998418845690741190)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63054 Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Le"  
[X Link](https://x.com/CVEnew/status/1998418846810517944)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63052 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored"  
[X Link](https://x.com/CVEnew/status/1998418847938793580)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63050 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This iss"  
[X Link](https://x.com/CVEnew/status/1998418849222263261)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63049 Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This iss"  
[X Link](https://x.com/CVEnew/status/1998418850337923178)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63048 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DO"  
[X Link](https://x.com/CVEnew/status/1998418851449463287)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63047 Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects L"  
[X Link](https://x.com/CVEnew/status/1998418852573573334)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63046 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.T"  
[X Link](https://x.com/CVEnew/status/1998418853806629342)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63045 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This"  
[X Link](https://x.com/CVEnew/status/1998418855182393440)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63044 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Base"  
[X Link](https://x.com/CVEnew/status/1998418856323232150)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63042 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons al"  
[X Link](https://x.com/CVEnew/status/1998418857455652995)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63037 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based X"  
[X Link](https://x.com/CVEnew/status/1998418858546274628)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63036 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core"  
[X Link](https://x.com/CVEnew/status/1998418859775127885)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63035 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue af"  
[X Link](https://x.com/CVEnew/status/1998418860974748129)  2025-12-09T15:45Z 56K followers, XXX engagements


"CVE-2025-63034 Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issu"  
[X Link](https://x.com/CVEnew/status/1998418862069457284)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor m"  
[X Link](https://x.com/CVEnew/status/1998418863264780560)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63030 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve:"  
[X Link](https://x.com/CVEnew/status/1998418864342737005)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63025 Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio"  
[X Link](https://x.com/CVEnew/status/1998418866662252901)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63024 Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured"  
[X Link](https://x.com/CVEnew/status/1998418867773718834)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63023 Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Contr"  
[X Link](https://x.com/CVEnew/status/1998418868893540515)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63013 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensi"  
[X Link](https://x.com/CVEnew/status/1998418871141724504)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63012 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking:"  
[X Link](https://x.com/CVEnew/status/1998418872316174672)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63011 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS"  
[X Link](https://x.com/CVEnew/status/1998418873473728598)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63010 Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : fr"  
[X Link](https://x.com/CVEnew/status/1998418874652299504)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63009 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrie"  
[X Link](https://x.com/CVEnew/status/1998418875818381638)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63008 Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a t"  
[X Link](https://x.com/CVEnew/status/1998418876942442973)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63007 Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.T"  
[X Link](https://x.com/CVEnew/status/1998418878129377765)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63006 Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Leve"  
[X Link](https://x.com/CVEnew/status/1998418879287115864)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-63003 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required Plugin north-plug"  
[X Link](https://x.com/CVEnew/status/1998418880440517069)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62999 Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects L"  
[X Link](https://x.com/CVEnew/status/1998418881581371833)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62997 Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue aff"  
[X Link](https://x.com/CVEnew/status/1998418882671865995)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62996 Missing Authorization vulnerability in Code Amp Custom Layouts Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control"  
[X Link](https://x.com/CVEnew/status/1998418883800117276)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62995 Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configur"  
[X Link](https://x.com/CVEnew/status/1998418884945170653)  2025-12-09T15:46Z 56K followers, XXX engagements


"CVE-2025-62994 Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affe"  
[X Link](https://x.com/CVEnew/status/1998418886056665152)  2025-12-09T15:46Z 56K followers, XXX engagements