Latest CVE Feed
-
7.1
HIGHCVE-2025-41746
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulner... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-34429
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can cra... Read more
Affected Products : 1panel- Published: Dec. 10, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-14254
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : vitals_enterprise_social_platform- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-67648
Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the... Read more
Affected Products : shopware- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-13072
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41747
An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulne... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41749
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability ... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41748
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-49341
Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-41695
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilit... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41745
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnera... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-49347
Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-40831
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to c... Read more
Affected Products : sinec_security_monitor- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-67534
Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-64203
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through < 4.1.14.... Read more
Affected Products : mailster- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41751
An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-66118
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-64191
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.... Read more
Affected Products : xstore- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2023-53944
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory travers... Read more
Affected Products : webserver- Published: Dec. 18, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-6324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through <= 2.0.9.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting