Latest CVE Feed
-
6.5
MEDIUMCVE-2025-63048
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-14758
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-15152
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the ... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-66202
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the ori... Read more
Affected Products : astro- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-14088
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-42904
Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on c... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-66508
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies (TrustedProxies = 0.0.0.0/0), allowing any client to spoof the X-Forwarded-Fo... Read more
Affected Products : 1panel- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-61727
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *... Read more
Affected Products : go- Published: Dec. 03, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-64995
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allo... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.... Read more
- Published: Dec. 16, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-64994
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-15392
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to ... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-63042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through <= 3.0.1.... Read more
Affected Products : tutor_lms_elementor_addons- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58113
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially le... Read more
Affected Products : pdf-xchange_editor- Published: Dec. 02, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-68498
Missing Authorization vulnerability in Crocoblock JetTabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through 2.2.12.... Read more
Affected Products : jettabs- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-14052
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The ... Read more
Affected Products : youlai-mall- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62094
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Voidthemes Void Elementor WHMCS Elements For Elementor Page Builder.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-65815
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-69018
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through <= 1.7.12.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68040
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.... Read more
Affected Products : wp_project_manager- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure