Latest Security Vulnerabilities
Saturday December 13, 2025
Unclassified
CVE-2025-14542 OpenAI Manual Spec Manipulation Remote Code Execution RiskCVE-2025-14288 Gallery Blocks with Lightbox 3.3.0 Unauthorized Settings Modification via AJAX
CVE-2025-12512 GenerateBlocks 2.1.2 Info Exposure via missing REST auth checks
CVE-2025-11970 Emplibot WP Plugin <=1.0.9 SSRF via webhook functions
CVE-2025-13094 WP3D Model Import Viewer v1.0.7 Plugin AFU via handle_import_file()
CVE-2025-14475 Extensive VC Addons LFI via shortcode_name <=1.9.1
CVE-2025-7058 Kingcabs WP Theme 1.1.9: Stored XSS via progressbarLayout (Contributor+)
CVE-2025-14508 MediaCommander <2.3.1: Unauth Folder Deletion via Missing Cap on import-csv API
CVE-2025-11707 WP Plugin Login Lockdown & Protection IP Block Bypass v2.14
And others...
Code Projects
CVE-2025-14620 SQLi in code-projects Student File Management System 1.0 /admin/login_query.phpCVE-2025-14590 Prison Management System 2.0 SQLi via keyname in /admin/search1.php
CVE-2025-14619 SQLi in Student File Management System 1.0 via login_query.php (stu_no)
CVE-2025-14589 Prison Management System 2.0 Remote SQLi via /admin/search.php
Friday December 12, 2025
Apple iOS
CVE-2025-43532 Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3CVE-2025-46287 macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46276 macOS Info-Disclosure via Privacy Controls (Sonoma<14.8.3/Sequoia<15.7.3)
CVE-2025-43511 Use-After-Free Crash via Web Content in iOS+iPadOS (fixed in 18.7.2)
CVE-2025-43539 macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43530 Apple macOS Sonoma/Sequoia Sensitive Data Access CVE202543530
CVE-2025-46285 Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-43512 macOS PrivEsc: Logic Issue Fixed in 14.8.3/15.7.3
CVE-2025-43538 macOS Sonoma 14.x log data redaction flaw exposes sensitive data
And others...
Apple macOS
CVE-2025-43494 Apple Mail Header Parsing DoS in iOS/macOS/watchOS (26.1)CVE-2025-43482 Apple macOS DoS via Input Validation Bug in Sonoma 14.8.3/Sequoia 15.7.3
CVE-2025-43464 macOS Tahoe 26.1 DoS via WebKit Input Validation Flaw
CVE-2025-43404 macOS Tahoe 26.1 Sandbox Restriction Improper Access Vulnerability
CVE-2025-43516 macOS Voice Control session mgmt flaw (pre-14.8.3/15.7.3)
CVE-2025-43351 macOS Tahoe 26.1 Permissions Issue Allowing App Access to Protected Data
CVE-2025-43473 macOS Tahoe 26.1 State-Mgmt Flaw Allows Sensitive Data Access
CVE-2025-43497 macOS Sandbox Escape in Tahoe before 26.1 CVE-2025-43497
CVE-2025-43527 macOS Sequoia 15.7.3 root privilege escalation via permissions issue
And others...
Unclassified
CVE-2025-14542 OpenAI Manual Spec Manipulation Remote Code Execution RiskCVE-2025-14288 Gallery Blocks with Lightbox 3.3.0 Unauthorized Settings Modification via AJAX
CVE-2025-12512 GenerateBlocks 2.1.2 Info Exposure via missing REST auth checks
CVE-2025-11970 Emplibot WP Plugin <=1.0.9 SSRF via webhook functions
CVE-2025-13094 WP3D Model Import Viewer v1.0.7 Plugin AFU via handle_import_file()
CVE-2025-14475 Extensive VC Addons LFI via shortcode_name <=1.9.1
CVE-2025-7058 Kingcabs WP Theme 1.1.9: Stored XSS via progressbarLayout (Contributor+)
CVE-2025-14508 MediaCommander <2.3.1: Unauth Folder Deletion via Missing Cap on import-csv API
CVE-2025-11707 WP Plugin Login Lockdown & Protection IP Block Bypass v2.14
And others...
