In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 26-27, 2025.
During this period, The National Vulnerability Database published 209, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 33
Medium: 149
Low: 7
Severity Not Assigned: 15
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-60017
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
References: https://github.com/Bin4ry/UniPwn
https://news.ycombinator.com/item?id=45381590
https://spectrum.ieee.org/unitree-robot-exploit
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-10747
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail=
https://wordpress.org/plugins/wp-downloadmanager/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-35027
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.
References: https://github.com/Bin4ry/UniPwn
https://spectrum.ieee.org/unitree-robot-exploit
https://takeonme.org/cves/cve-2025-35027
https://www.cve.org/cverecord?id=CVE-2025-60017
https://www.cve.org/cverecord?id=CVE-2025-60250
https://x.com/committeeonccp/status/1971250635548033311
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-54831
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values.
In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option.
This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior.
Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4.
References: https://lists.apache.org/thread/vblmfqtydrp5zgn2q8tj3slk5podxspf
CWE-ID: CWE-213
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-10858
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/570034
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-11021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
References: https://access.redhat.com/security/cve/CVE-2025-11021
https://bugzilla.redhat.com/show_bug.cgi?id=2399627
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-48107
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode allows Reflected XSS. This issue affects Uncode: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/uncode/vulnerability/wordpress-uncode-theme-2-9-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-4957
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid allows Reflected XSS. This issue affects ProfileGrid : from n/a through 5.9.5.7.
References: https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-59002
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/bm-builder/vulnerability/wordpress-bm-content-builder-plugin-3-16-3-3-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-59010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite allows Retrieve Embedded Sensitive Data. This issue affects Permalink Manager Lite: from n/a through 2.5.1.3.
References: https://patchstack.com/database/wordpress/plugin/permalink-manager/vulnerability/wordpress-permalink-manager-lite-plugin-2-5-1-3-sensitive-data-exposure-vulnerability?_s_id=cve
CWE-ID: CWE-201
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-59011
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-arbitrary-content-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-59012
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-60107
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-bannerwithplaylist/vulnerability/wordpress-lambertgroup-allinone-banner-with-playlist-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-60108
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-thumbnailsbanner/vulnerability/wordpress-lambertgroup-allinone-banner-with-thumbnails-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-60109
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Content Slider: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-contentslider/vulnerability/wordpress-lambertgroup-allinone-content-slider-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-60110
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator allows SQL Injection. This issue affects AllInOne - Banner Rotator: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-bannerrotator/vulnerability/wordpress-allinone-banner-rotator-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-60111
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication Bypass. This issue affects Javo Core: from n/a through 3.0.0.266.
References: https://patchstack.com/database/wordpress/plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-60118
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core allows SQL Injection. This issue affects PGS Core: from n/a through 5.9.0.
References: https://patchstack.com/database/wordpress/plugin/pgs-core/vulnerability/wordpress-pgs-core-plugin-5-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-60126
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6.
References: https://patchstack.com/database/wordpress/plugin/testimonial-add/vulnerability/wordpress-testimonial-slider-plugin-3-5-8-6-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-60150
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Download allows PHP Local File Inclusion. This issue affects Subscribe to Download: from n/a through 2.0.9.
References: https://patchstack.com/database/wordpress/plugin/subscribe-to-download/vulnerability/wordpress-subscribe-to-download-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-60153
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock allows PHP Local File Inclusion. This issue affects Subscribe To Unlock: from n/a through 1.1.5.
References: https://patchstack.com/database/wordpress/plugin/subscribe-to-unlock/vulnerability/wordpress-subscribe-to-unlock-plugin-1-1-5-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-60156
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98.
References: https://patchstack.com/database/wordpress/plugin/ar-for-wordpress/vulnerability/wordpress-ar-for-wordpress-plugin-7-98-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-60164
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
References: https://patchstack.com/database/wordpress/plugin/newsmanapp/vulnerability/wordpress-newsmanapp-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-60169
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.
References: https://patchstack.com/database/wordpress/plugin/w3s-cf7-zoho/vulnerability/wordpress-w3scloud-contact-form-7-to-zoho-crm-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-60170
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0.
References: https://patchstack.com/database/wordpress/plugin/htaccess-ip-blocker/vulnerability/wordpress-htaccess-ip-blocker-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-60171
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
References: https://patchstack.com/database/wordpress/plugin/yourplugins-wc-conditional-cart-notices/vulnerability/wordpress-conditional-cart-messages-for-woocommerce-yourplugins-com-plugin-1-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-60172
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
References: https://patchstack.com/database/wordpress/plugin/flytedesk-digital/vulnerability/wordpress-flytedesk-digital-plugin-20181101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-60173
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0.
References: https://patchstack.com/database/wordpress/plugin/gst-for-woocommerce/vulnerability/wordpress-gst-for-woocommerce-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-60219
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.
References: https://patchstack.com/database/wordpress/plugin/wc-designer-pro/vulnerability/wordpress-woocommerce-designer-pro-plugin-1-9-24-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-9642
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/566505
https://hackerone.com/reports/3297413
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-36274
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
References: https://www.ibm.com/support/pages/node/7246284
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-55187
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.
References: https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/Aenderungen_Patch2.htm
https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm
https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
33. CVE-2025-58385
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
References: https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58385.htm
https://update.doxense.com/
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
34. CVE-2025-59362
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
References: https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md
https://github.com/squid-cache/squid/pull/2149
CWE-ID: CWE-172
Common Platform Enumerations (CPE): Not Found
35. CVE-2025-55847
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system
References: https://github.com/meigui637/iot_zone/blob/main/%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
36. CVE-2025-58384
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
References: https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58384.htm
https://update.doxense.com/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
37. CVE-2025-59845
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
References: https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv
CWE-ID: CWE-346 CWE-352
Common Platform Enumerations (CPE): Not Found
38. CVE-2025-59934
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
References: https://github.com/formbricks/formbricks/blob/843110b0d6c37b5c0da54291616f84c91c55c4fc/apps/web/lib/jwt.ts#L114-L117
https://github.com/formbricks/formbricks/commit/eb1349f205189d5b2d4a95ec42245ca98cf68c82
https://github.com/formbricks/formbricks/pull/6596
https://github.com/formbricks/formbricks/security/advisories/GHSA-7229-q9pv-j6p4
CWE-ID: CWE-287 CWE-345 CWE-347
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 26-27, 2025.
During this period, The National Vulnerability Database published 209, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 33
Medium: 149
Low: 7
Severity Not Assigned: 15
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-60017
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
References: https://github.com/Bin4ry/UniPwn
https://news.ycombinator.com/item?id=45381590
https://spectrum.ieee.org/unitree-robot-exploit
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-10747
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail=
https://wordpress.org/plugins/wp-downloadmanager/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-35027
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.
References: https://github.com/Bin4ry/UniPwn
https://spectrum.ieee.org/unitree-robot-exploit
https://takeonme.org/cves/cve-2025-35027
https://www.cve.org/cverecord?id=CVE-2025-60017
https://www.cve.org/cverecord?id=CVE-2025-60250
https://x.com/committeeonccp/status/1971250635548033311
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-54831
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values.
In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option.
This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior.
Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4.
References: https://lists.apache.org/thread/vblmfqtydrp5zgn2q8tj3slk5podxspf
CWE-ID: CWE-213
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-10858
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/570034
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-11021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
References: https://access.redhat.com/security/cve/CVE-2025-11021
https://bugzilla.redhat.com/show_bug.cgi?id=2399627
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-48107
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode allows Reflected XSS. This issue affects Uncode: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/uncode/vulnerability/wordpress-uncode-theme-2-9-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-4957
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid allows Reflected XSS. This issue affects ProfileGrid : from n/a through 5.9.5.7.
References: https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-59002
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/bm-builder/vulnerability/wordpress-bm-content-builder-plugin-3-16-3-3-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-59010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite allows Retrieve Embedded Sensitive Data. This issue affects Permalink Manager Lite: from n/a through 2.5.1.3.
References: https://patchstack.com/database/wordpress/plugin/permalink-manager/vulnerability/wordpress-permalink-manager-lite-plugin-2-5-1-3-sensitive-data-exposure-vulnerability?_s_id=cve
CWE-ID: CWE-201
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-59011
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-arbitrary-content-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-59012
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-60107
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-bannerwithplaylist/vulnerability/wordpress-lambertgroup-allinone-banner-with-playlist-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-60108
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-thumbnailsbanner/vulnerability/wordpress-lambertgroup-allinone-banner-with-thumbnails-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-60109
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Content Slider: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-contentslider/vulnerability/wordpress-lambertgroup-allinone-content-slider-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-60110
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator allows SQL Injection. This issue affects AllInOne - Banner Rotator: from n/a through 3.8.
References: https://patchstack.com/database/wordpress/plugin/all-in-one-bannerrotator/vulnerability/wordpress-allinone-banner-rotator-plugin-3-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-60111
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication Bypass. This issue affects Javo Core: from n/a through 3.0.0.266.
References: https://patchstack.com/database/wordpress/plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-60118
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core allows SQL Injection. This issue affects PGS Core: from n/a through 5.9.0.
References: https://patchstack.com/database/wordpress/plugin/pgs-core/vulnerability/wordpress-pgs-core-plugin-5-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-60126
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6.
References: https://patchstack.com/database/wordpress/plugin/testimonial-add/vulnerability/wordpress-testimonial-slider-plugin-3-5-8-6-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-60150
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Download allows PHP Local File Inclusion. This issue affects Subscribe to Download: from n/a through 2.0.9.
References: https://patchstack.com/database/wordpress/plugin/subscribe-to-download/vulnerability/wordpress-subscribe-to-download-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-60153
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock allows PHP Local File Inclusion. This issue affects Subscribe To Unlock: from n/a through 1.1.5.
References: https://patchstack.com/database/wordpress/plugin/subscribe-to-unlock/vulnerability/wordpress-subscribe-to-unlock-plugin-1-1-5-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-60156
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98.
References: https://patchstack.com/database/wordpress/plugin/ar-for-wordpress/vulnerability/wordpress-ar-for-wordpress-plugin-7-98-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-60164
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
References: https://patchstack.com/database/wordpress/plugin/newsmanapp/vulnerability/wordpress-newsmanapp-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-60169
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.
References: https://patchstack.com/database/wordpress/plugin/w3s-cf7-zoho/vulnerability/wordpress-w3scloud-contact-form-7-to-zoho-crm-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-60170
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0.
References: https://patchstack.com/database/wordpress/plugin/htaccess-ip-blocker/vulnerability/wordpress-htaccess-ip-blocker-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-60171
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
References: https://patchstack.com/database/wordpress/plugin/yourplugins-wc-conditional-cart-notices/vulnerability/wordpress-conditional-cart-messages-for-woocommerce-yourplugins-com-plugin-1-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-60172
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
References: https://patchstack.com/database/wordpress/plugin/flytedesk-digital/vulnerability/wordpress-flytedesk-digital-plugin-20181101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-60173
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0.
References: https://patchstack.com/database/wordpress/plugin/gst-for-woocommerce/vulnerability/wordpress-gst-for-woocommerce-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-60219
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.
References: https://patchstack.com/database/wordpress/plugin/wc-designer-pro/vulnerability/wordpress-woocommerce-designer-pro-plugin-1-9-24-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-9642
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/566505
https://hackerone.com/reports/3297413
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-36274
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
References: https://www.ibm.com/support/pages/node/7246284
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-55187
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.
References: https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/Aenderungen_Patch2.htm
https://drivelock.help/versions/2025_1/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm
https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-001-RemotePriviledge.htm
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
33. CVE-2025-58385
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
References: https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58385.htm
https://update.doxense.com/
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
34. CVE-2025-59362
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
References: https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md
https://github.com/squid-cache/squid/pull/2149
CWE-ID: CWE-172
Common Platform Enumerations (CPE): Not Found
35. CVE-2025-55847
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system
References: https://github.com/meigui637/iot_zone/blob/main/%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
36. CVE-2025-58384
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
References: https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58384.htm
https://update.doxense.com/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
37. CVE-2025-59845
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
References: https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv
CWE-ID: CWE-346 CWE-352
Common Platform Enumerations (CPE): Not Found
38. CVE-2025-59934
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
References: https://github.com/formbricks/formbricks/blob/843110b0d6c37b5c0da54291616f84c91c55c4fc/apps/web/lib/jwt.ts#L114-L117
https://github.com/formbricks/formbricks/commit/eb1349f205189d5b2d4a95ec42245ca98cf68c82
https://github.com/formbricks/formbricks/pull/6596
https://github.com/formbricks/formbricks/security/advisories/GHSA-7229-q9pv-j6p4
CWE-ID: CWE-287 CWE-345 CWE-347
Common Platform Enumerations (CPE): Not Found