A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.

CVE Database V5

Detailed information about CVE-2025-10997: Heap-based Buffer Overflow in Open Babel affecting null Open Babel. Get real-time updates, technical details, and mit

CVE-2025-10997: Heap-based Buffer Overflow in Open Babel - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-10997: Heap-based Buffer Overflow in Open Babel

The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-8906 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Widgets for Tiktok Feed plugin for WordPress, affecting all versions up to and including 1.7.3. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), specifically due to insufficient sanitization and escaping of user-supplied attributes in the 'trustindex-feed' shortcode. This flaw allows authenticated users with contributor-level privileges or higher to inject arbitrary malicious scripts into pages. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability does not require user interaction once the malicious content is stored and served, and it affects the confidentiality and integrity of user data. The CVSS 3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, privileges required (low), no user interaction, and a scope change due to impact beyond the vulnerable component. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is particularly relevant for WordPress sites using this plugin to display TikTok feeds, which may be common among marketing, media, and influencer-related websites.

Detailed information about CVE-2025-8906: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in trustindex Widgets for 

CVE-2025-8906: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in trustindex Widgets for Tiktok Feed - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8906: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in trustindex Widgets for Tiktok Feed

The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-8200 is a medium-severity vulnerability classified as CWE-79, indicating an improper neutralization of input during web page generation, commonly known as Cross-Site Scripting (XSS). This vulnerability affects the Mega Elements – Addons for Elementor WordPress plugin developed by kraftplugins, specifically in its Countdown Timer widget. Versions up to and including 1.3.2 are vulnerable. The root cause is insufficient input sanitization and output escaping on user-supplied attributes within the widget. This flaw allows an authenticated attacker with contributor-level privileges or higher to inject arbitrary malicious scripts into pages generated by the plugin. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, requiring privileges (PR:L), no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in July 2025 and published in September 2025. Given the plugin’s integration with Elementor, a widely used WordPress page builder, the vulnerability could affect many websites that use this plugin, especially those allowing contributor-level users to edit content.

Detailed information about CVE-2025-8200: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kraftplugins Mega Eleme

CVE-2025-8200: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kraftplugins Mega Elements – Addons for Elementor - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8200: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kraftplugins Mega Elements – Addons for Elementor

A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used.

CVE-2025-10995 is a security vulnerability identified in Open Babel versions up to 3.1.1, specifically affecting the function zlib_stream::basic_unzip_streambuf::underflow within the source file /src/zipstreamimpl.h. The vulnerability results from improper handling of data during decompression operations, leading to memory corruption. This type of flaw can cause unpredictable behavior including application crashes, data corruption, or potentially arbitrary code execution if exploited. The vulnerability requires local access with at least low privileges (PR:L) and does not require user interaction (UI:N). The attack complexity is low (AC:L), indicating that an attacker with local access can reliably trigger the flaw without needing specialized conditions. The CVSS 4.0 base score is 4.8, categorized as medium severity, reflecting limited impact due to the local access requirement and the lack of known exploits in the wild at the time of publication. The vulnerability affects the decompression stream buffer mechanism in Open Babel, a widely used open-source chemical toolbox designed to speak the many languages of chemical data. Exploitation could allow an attacker with local access to cause memory corruption, potentially leading to denial of service or escalation of privileges if combined with other vulnerabilities. No patches or fixes are linked in the provided data, indicating that users should monitor for updates from the Open Babel project. The vulnerability was publicly disclosed shortly after being reserved, suggesting a rapid publication cycle but no immediate exploitation evidence.

Detailed information about CVE-2025-10995: Memory Corruption in Open Babel affecting null Open Babel. Get real-time updates, technical details, and mitigation s

CVE-2025-10995: Memory Corruption in Open Babel - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-10995: Memory Corruption in Open Babel

A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used.

Detailed information about CVE-2025-10996: Heap-based Buffer Overflow in Open Babel affecting null Open Babel. Get real-time updates, technical details, and mit

CVE-2025-10996: Heap-based Buffer Overflow in Open Babel

CVE-2025-10996: Heap-based Buffer Overflow in Open Babel

Description

Technical Details

Related Threats

CVE-2025-10997: Heap-based Buffer Overflow in Open Babel

CVE-2025-8906: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in trustindex Widgets for Tiktok Feed

CVE-2025-8200: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kraftplugins Mega Elements – Addons for Elementor

CVE-2025-10995: Memory Corruption in Open Babel

CVE-2025-10994: Use After Free in Open Babel

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility