Latest CVE Feed
-
6.4
MEDIUMCVE-2025-59303
HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions o... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Misconfiguration
-
4.5
MEDIUMCVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be per... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-43829
Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote ... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-43821
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attack... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10649
The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. T... Read more
Affected Products : welcart_e-commerce- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection