Latest CVE Feed
-
5.3
MEDIUMCVE-2025-14155
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11... Read more
Affected Products : premium_addons_for_elementor- Published: Dec. 23, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2023-38913
SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more
Affected Products : news-buzz- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2019-25228
An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains t... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14434
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthentic... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-0571
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulati... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-21874
NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never r... Read more
Affected Products : nicegui- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
5.2
MEDIUMCVE-2026-20974
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2026-20976
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.... Read more
Affected Products : galaxy_store- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-8306
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of gran... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2026-0824
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the publi... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-41003
Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘/projects/hospital/admin/edit_patient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is store... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-0588
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attac... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-65885
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia ... Read more
Affected Products : delight_custom_firmware 808_pureview c7 n8 e7 701 c6-01 500 700 603 +3 more products- Published: Dec. 26, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2021-47722
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or mod... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2025-67603
A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2022-50801
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affect... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-11009
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext c... Read more
Affected Products : gt_designer3- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-64700
Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.... Read more
Affected Products : growi- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2023-53737
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting