
CVE-2025-39508 – WordPress Nasa Core Plugin <= 6.3.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-39508
12 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successf... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-49067 – WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-49067
03 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1. The Nasa Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whe... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-39506 – WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-39506
21 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-39507 – WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-39507
16 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution ... • https://github.com/blackgirlinfosec/cve-lfi-lab • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-46672
https://notcve.org/view.php?id=CVE-2025-46672
27 Apr 2025 — NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-252: Unchecked Return Value •

CVE-2025-46673
https://notcve.org/view.php?id=CVE-2025-46673
27 Apr 2025 — NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). • https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVE-2025-46674
https://notcve.org/view.php?id=CVE-2025-46674
27 Apr 2025 — NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-489: Active Debug Code •

CVE-2025-46675
https://notcve.org/view.php?id=CVE-2025-46675
27 Apr 2025 — In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVE-2025-30356 – Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity`
https://notcve.org/view.php?id=CVE-2025-30356
01 Apr 2025 — CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent uns... • https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •

CVE-2025-30216 – CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
https://notcve.org/view.php?id=CVE-2025-30216
25 Mar 2025 — CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overf... • https://github.com/oliviaisntcringe/CVE-2025-30216-PoC • CWE-122: Heap-based Buffer Overflow •