Latest CVE Feed
-
5.3
MEDIUMCVE-2025-59029
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.... Read more
Affected Products : recursor- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2022-46845
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63047
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.... Read more
Affected Products : listingpro- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62738
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through <= 2.0.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14958
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-9122
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-63068
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Exte... Read more
Affected Products : contact_form_7_-_dynamic_text_extension- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-64667
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
5.3
MEDIUMCVE-2025-14220
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and m... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-14874
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.... Read more
Affected Products : nodemailer- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-63023
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63028
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14962
A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has... Read more
Affected Products : simple_stock_system- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-67579
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.... Read more
Affected Products : user_extra_fields- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14442
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and inclu... Read more
Affected Products : secure_copy_content_protection_and_content_locking- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67578
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.... Read more
Affected Products : wp_email_capture- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66908
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java us... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-67576
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.... Read more
Affected Products : simple_link_directory- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13876
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be perf... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-62870
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.... Read more
Affected Products : eupago_gateway_woocommerce- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization