Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-27485 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
network
low complexity
CWE-400
7.5
7.5
2025-04-08 CVE-2025-27486 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
network
low complexity
CWE-400
7.5
7.5
2025-04-08 CVE-2025-27489 Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-20
7.8
7.8
2025-04-08 CVE-2025-27490 Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-122
7.8
7.8
2025-04-08 CVE-2025-1095 IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE).
local
low complexity
CWE-119
8.8
8.8
2025-04-08 CVE-2025-2568 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1.
network
low complexity
CWE-862
5.3
5.3
2025-04-08 CVE-2025-2876 The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0.
network
low complexity
CWE-862
5.3
5.3
2025-04-08 CVE-2025-2807 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.
network
low complexity
CWE-862
8.8
8.8
2025-04-08 CVE-2025-2808 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-04-08 CVE-2025-2883 The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script.
network
low complexity
CWE-200
5.3
5.3