Latest CVE Feed
-
6.2
MEDIUMCVE-2025-13532
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
6.2
MEDIUMCVE-2025-66173
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected product... Read more
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
6.2
MEDIUMCVE-2025-66309
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-29864
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.... Read more
Affected Products : alzip- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
6.2
MEDIUMCVE-2024-29720
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Information Disclosure
-
6.2
MEDIUMCVE-2025-36154
IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.... Read more
Affected Products : concert- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
6.2
MEDIUMCVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that ca... Read more
Affected Products : aquarius- Published: Dec. 03, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
6.2
MEDIUMCVE-2025-65835
The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive im... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2024-58319
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative u... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-25814
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2023-53925
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts wh... Read more
Affected Products : ulicms- Published: Dec. 17, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and ... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13007
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externall... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65881
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.... Read more
Affected Products : zoo_management_system- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13819
Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-34402
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflect... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34397
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScri... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HT... Read more
Affected Products : lookyloo- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34403
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflect... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-63499
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.... Read more
Affected Products : sogo- Published: Dec. 04, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting