CVE Database
Comprehensive vulnerability intelligence with advanced analytics
CVE-2025-13627
MediumThe Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat_clubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages…
CVE-2025-12178
MediumThe SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to…
CVE-2026-22718
MediumThe VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.
CVE-2025-68970
MediumPermission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68969
MediumMulti-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68968
HighDouble free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.
CVE-2025-68967
MediumVulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68966
MediumPermission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68965
MediumPermission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68964
MediumData verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68963
MediumMan-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68962
MediumMulti-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68961
MediumMulti-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68960
HighMulti-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68959
MediumPermission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68958
HighMulti-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68957
HighMulti-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68956
HighMulti-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68955
HighMulti-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-12053
HighThe drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12052
HighThe drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12051
HighThe drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12050
HighThe drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2026-22686
CriticalEnclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error…