Latest CVE Feed
-
6.5
MEDIUMCVE-2025-42706
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 ... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-9868
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.... Read more
Affected Products : nexus_repository_manager- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Server-Side Request Forgery
-
4.8
MEDIUMCVE-2025-43829
Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote ... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-43830
Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-43771
Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web scri... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting