CVE CyberSecurity Database News (Page 22)

Apr 28, 2025 XSS WordPress Exploit

CVE-2024-9771 - How a Stored XSS in WP-Recall Plugin Let Admins Attack WordPress Sites Even Without “Unfiltered HTML”

A significant security bug, tracked as CVE-2024-9771, was discovered in the popular WP-Recall WordPress plugin. This vulnerability affects all versions before 16.26.12. What

Apr 28, 2025 WordPress

CVE-2024-13688 - How A Hardcoded Password in Admin and Site Enhancements (ASE) Plugin Let Attackers Sneak Past WordPress Protection

WordPress is an incredible platform, but its popularity makes it a favorite target for hackers. Security plugins are designed to keep your site safe, but

Apr 27, 2025 Windows Microsoft API Exploit

CVE-2025-46579 - DDE Injection Vulnerability in GoldenDB – How Hackers Can Sneak in Commands

GoldenDB is a well-known database product that’s widely used in financial and commercial sectors. Recently, security researchers have identified a serious vulnerability—CVE-2025-46579—that

Apr 26, 2025

CVE-2025-46653 - How a Weak Random Token in Formidable Puts Your Uploads at Risk

Formidable (aka node-formidable) is a popular Node.js module for parsing form data, including file uploads. It's used by thousands of projects worldwide.

Apr 26, 2025 Exploit

CVE-2025-46646 - Ghostscript's Incomplete Patch Creates Overlong UTF-8 Decoding Risk

Artifex Ghostscript is a popular open source tool for processing PDFs, PostScript files, and other document formats. On June 2024, a new vulnerability (CVE-2025-46646) was