Latest CVE Feed
-
5.4
MEDIUMCVE-2025-15374
A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of the argument content results in cross site scripting. The a... Read more
Affected Products : eyoucms- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-64847
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more
Affected Products : experience_manager- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-13642
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient ... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-67561
Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through <= 2.0.3.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-42896
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in ... Read more
Affected Products : businessobjects_business_intelligence_platform- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Server-Side Request Forgery
-
5.4
MEDIUMCVE-2025-14298
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output esc... Read more
Affected Products : fibosearch- Published: Dec. 20, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-69349
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-21691
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTag:IsTypeC... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-62091
Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce... Read more
Affected Products : serial_codes_generator_and_validator_with_woocommerce_support- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2023-25445
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.... Read more
Affected Products :- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-62117
Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through 1.1.1704.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-68497
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through <= 1.2.16.... Read more
Affected Products : astra_widgets- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-66150
Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-14519
A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site ... Read more
Affected Products : hfly- Published: Dec. 11, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2023-32238
Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
-
5.4
MEDIUMCVE-2025-69354
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-62144
Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.27.... Read more
Affected Products : core_web_vitals_\&_pagespeed_booster- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-63947
A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.... Read more
Affected Products : phpmsadmin- Published: Dec. 18, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2021-47716
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute a... Read more
Affected Products : orangescrum- Published: Dec. 23, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting