Latest CVE Feed
-
5.3
MEDIUMCVE-2025-67564
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67563
Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information... Read more
Affected Products : anythingllm- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-63068
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Exte... Read more
Affected Products : contact_form_7_-_dynamic_text_extension- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-14591
In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause ... Read more
Affected Products :- Published: Dec. 20, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-63071
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a throu... Read more
Affected Products : shortcodes_and_extra_features_for_phlox_theme- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-40941
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of ta... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67789
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API.... Read more
Affected Products : drivelock- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-15086
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper acces... Read more
Affected Products : youlai-mall- Published: Dec. 25, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and includin... Read more
Affected Products : frontend_post_submission_manager- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.... Read more
Affected Products : sitewide_notice_wp- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13314
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67897
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.... Read more
Affected Products : sequoia-openpgp- Published: Dec. 14, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-14692
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be u... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-9207
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This m... Read more
Affected Products : ti_woocommerce_wishlist- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-12721
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-66120
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14447
The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu_reset_options() function in all versions up to, and including, 4.7.0. This makes it possible for authenticate... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2019-25234
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting mali... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-64632
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21.... Read more
Affected Products : google_xml_sitemaps- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization