Personal cve tracker

Personal cve tracker

Introduction

This blog post serves as a personal tracker for CVEs. The following list highlights specific vulnerabilities, including their type and affected versions.

DokPloy

  • CVE-2025-53376 - OS Command Injection

  • CVE-2025-53375 - Local File Inclusion

  • CVE-2025-53374 - Information Disclosure

Cisco

  • CVE-2025-20307 - Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability

PfSense

  • pfSense-SA-25_07.webgui - Stored XSS in Wake on LAN pages and Dashboard widget

  • pfSense-SA-25_06.webgui - Stored XSS in IPsec Phase 1

  • pfSense-SA-25_05.webgui - Stored XSS in Firewall Schedules

OpenZiti

  • CVE-2025-27500 - Unauthenticated Stored XSS on admin panel

  • CVE-2025-27501 - Unauthenticated SSRF on admin panel

WordPress plugins

  • CVE-2023-4691 - Bookly <= 22.3.1 - Authenticated (Administrator+) SQL Injection

  • CVE-2023-4620 - Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting

  • CVE-2023-4490 - WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection

  • CVE-2023-4502 - GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters

  • CVE-2023-1465 - WP EasyPay <= 4.0.4 - Reflected Cross-Site Scripting

  • CVE-2023-1546 - MyCryptoCheckout <= 2.123 - Reflected Cross-Site Scripting via URL

  • CVE-2023-1554 - Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting