General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2025-12696 | The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resettin… | Medium (5.3) | 2025-12-14 | General-Purpose |
| CVE-2025-12537 | The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up t… | Medium (6.4) | 2025-12-14 | General-Purpose |
| CVE-2025-67897 | In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take adv… | Medium (5.3) | 2025-12-14 | General-Purpose |
| CVE-2025-13126 | The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` param… | High (7.5) | 2025-12-14 | General-Purpose |
| CVE-2025-67896 | Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow beca… | High (7.0) | 2025-12-14 | General-Purpose |