Latest CVE Feed
-
6.5
MEDIUMCVE-2025-68070
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a thro... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68079
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-13231
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_fil... Read more
Affected Products : fancy_product_designer- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-62090
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced Ne... Read more
Affected Products : gutenverse_news- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-67912
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gal Dubinski Stars Testimonials allows Stored XSS.This issue affects Stars Testimonials: from n/a through 3.3.4.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge paramet... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2025-14758
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-65814
A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal.... Read more
Affected Products : office_app-edit_word\,_pdf_file- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-67549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.... Read more
Affected Products : oik- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-67976
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.... Read more
Affected Products : watu_quiz- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-55893
TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName.... Read more
- Published: Dec. 15, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-64247
Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.4.1.... Read more
Affected Products : read_more_\&_accordion- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-65345
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.... Read more
Affected Products : laravel_file_manager- Published: Dec. 03, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-68076
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through <= 2.4.6.... Read more
Affected Products : stockholm_core- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-67735
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This lead... Read more
Affected Products : netty- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-14780
A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection. The attack c... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-14148
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.... Read more
- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-43464
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-67983
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): f... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-13643
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This is... Read more
Affected Products : mongodb- Published: Nov. 25, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Denial of Service